Inactive Website Blocked

[holdum323]

Hi @Broni . I'm in no hurry and I'm 99.9% sure I'm not infected, but I'm wondering why MBAM is blocking outbound IP addresses. I have had 20+ in a short time. This seems to have greatly increased lately. I use to get one or two. Now I get them all the time. I tried to use VirusTotal, but I don't think I knew what I was doing. When you get a spare minute, I would appreciate your thoughts.
Thanks in advance!
PS I'm using Windows Defender and MBAM in real time.

 

[holdum323]

Hi Here's a log if that helps.

 

[Broni]

Are you using "uploads.im" to upload anything?

 

[holdum323]

Hi @Broni ! I'm not aware if I am. I'll do a search with Everything. Here's screen shot. There are other Websites being blocked.
Everything is pretty good and it found nothing. I'll get more addresses and post them. Thanks for your time. You do a great service here on TS. May I ask if you think some IP is trying to connect to my IP and get information?

 

[holdum323]

Hi @Broni Here's two more. Thanks for your time.

 

[Broni]

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[holdum323]

Here's a update @Broni ! I just Googled uploads.im and MBAM blocked it as a malicious Website.
I can do as you requested, but I'm 99.9% sure I'm not infected. I run a pretty tight ship and You probably have better places for your time. Please confirm if you want me to run those.
I have already ran MBAM, JRT, ESET on line scanner, and a couple more. They didn't find any thing. I Reilly appreciate you and will do what ever you suggest.
Gary!

 

[Broni]

In general MBAM will block most of upload sites for a simple reason.
Anyone can upload, which means something there can be malicious.

 

[holdum323]

Hi! Do you think I need to run FRST? It's not a problem if you think I need to make sure I'm clean.
Thanks for your time.

 

[Broni]

Personally I'd run some checks to make sure you're clean.

 

[holdum323]

Hi Friend I tried to down load the FRST log and I got this. What Do I do now?

 

[holdum323]

Hi Trying to cut the log in half.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2017
Ran by Gary (administrator) on GARY-PC (05-11-2017 19:49:18)
Running from C:\Users\Gary\Downloads
Loaded Profiles: Gary (Available Profiles: Gary & DefaultAppPool)
Platform: Windows 10 Home Version 1709 16299.19 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Windows\System32\GFNEXSrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe
(Murray Hurps Software Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch.exe
(Murray Hurps Software Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicator.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11709.1001.27.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.XboxApp_33.34.30002.0_x64__8wekyb3d8bbwe\XboxApp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
() C:\Program Files\WindowsApps\Microsoft.Office.Sway_18.1711.50301.0_x64__8wekyb3d8bbwe\Microsoft.Office.Sway.LightweightClient.UWP.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\Everything\Everything.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2011-03-30] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944648 2015-06-12] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Ad Muncher] => C:\Program Files (x86)\Ad Muncher\AdMunch.exe [560760 2015-03-20] (Murray Hurps Software Pty Ltd)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKU\S-1-5-21-3942731526-1549951770-3740554991-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-3942731526-1549951770-3740554991-1000\...\Run: [HP Photosmart 7510 series (NET)] => C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7510 series (Network).lnk [2017-03-12]
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7510 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk [2017-06-28]
ShortcutTarget: PalTalk.lnk -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{d4e9f94b-6c9a-40b9-bc36-0a68afafa088}: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{d523adc0-9e32-424a-82f5-987648328c62}: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{e982eb49-3b33-45ab-8556-fb0024d1a300}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.toshiba.com
HKU\S-1-5-21-3942731526-1549951770-3740554991-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.com/
SearchScopes: HKLM -> DefaultScope {4D30FB0D-DEA1-4AFD-B4E3-3DF95AEC27E0} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM -> {4D30FB0D-DEA1-4AFD-B4E3-3DF95AEC27E0} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> DefaultScope {4D30FB0D-DEA1-4AFD-B4E3-3DF95AEC27E0} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> {4D30FB0D-DEA1-4AFD-B4E3-3DF95AEC27E0} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3942731526-1549951770-3740554991-1000 -> DefaultScope {B4288A11-C9B8-4AC1-86C9-457280A60AC5} URL = hxxp://www.bing.com/search?FORM=U220DF&PC=U220&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3942731526-1549951770-3740554991-1000 -> DD356F92596C4A92A30B5508B958705E URL = hxxps://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie11
SearchScopes: HKU\S-1-5-21-3942731526-1549951770-3740554991-1000 -> {4D30FB0D-DEA1-4AFD-B4E3-3DF95AEC27E0} URL =
SearchScopes: HKU\S-1-5-21-3942731526-1549951770-3740554991-1000 -> {615EE365-E54B-4D13-A817-AB1429DFB34C} URL = hxxps://delicious.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-3942731526-1549951770-3740554991-1000 -> {B4288A11-C9B8-4AC1-86C9-457280A60AC5} URL = hxxp://www.bing.com/search?FORM=U220DF&PC=U220&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3942731526-1549951770-3740554991-1000 -> {BB660FD4-3372-4B84-9C8D-9E266C95477C} URL = hxxps://www.flickr.com/search/?q={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll => No File
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll => No File
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll No File
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll No File
Toolbar: HKU\S-1-5-21-3942731526-1549951770-3740554991-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll No File
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxps://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1479323368619
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93}
DPF: HKLM-x32 {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: HKLM-x32 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
DPF: HKLM-x32 {E0FEE963-BB53-4215-81AD-B28C77384644} hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab
Handler: AutorunsDisabled - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: AutorunsDisabled - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll [2012-03-15] (Belarc, Inc.)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll No File

FireFox:
========
FF DefaultProfile: 4x13xd3n.default-1490672475513-1506989525317
FF ProfilePath: C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\6jzgq59z.default-1505954497758 [2017-11-05]
FF ProfilePath: C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\4x13xd3n.default-1490672475513-1506989525317 [2017-11-05]
FF Homepage: Mozilla\Firefox\Profiles\4x13xd3n.default-1490672475513-1506989525317 -> hxxps://www.google.com/
FF Extension: (Safe Browsing Version 4 (temporary add-on)) - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\4x13xd3n.default-1490672475513-1506989525317\Extensions\sbv4-gradual-rollout@mozilla.com.xpi [2017-10-11]
FF Extension: (__MSG_appName__) - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\4x13xd3n.default-1490672475513-1506989525317\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2017-10-23]
FF Extension: (Adblock Plus) - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\4x13xd3n.default-1490672475513-1506989525317\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-10-02]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-25] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-25] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2010-04-30] (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3942731526-1549951770-3740554991-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Gary\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2014-04-25] (Google)
FF Plugin HKU\S-1-5-21-3942731526-1549951770-3740554991-1000: @talk.google.com/O1DPlugin -> C:\Users\Gary\AppData\Roaming\Mozilla\plugins\npo1d.dll [2014-04-25] (Google)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Gary\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2014-04-25] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Gary\AppData\Roaming\mozilla\plugins\npo1d.dll [2014-04-25] (Google)

Chrome:
=======
CHR DefaultProfile: Profile 2
CHR Profile: C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-10-31]
CHR Profile: C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-11-05]
CHR Extension: (Docs) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-24]
CHR Extension: (Google Drive) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-06]
CHR Extension: (YouTube) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-06]
CHR Extension: (Sheets) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-24]
CHR Extension: (Google Docs Offline) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-05]
CHR Extension: (Gmail) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-06]
CHR Extension: (Chrome Media Router) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-26]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-04-16] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3894760 2017-06-07] (Paramount Software UK Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-04-30] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-04-30] (Alcatel-Lucent) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 1999-12-31] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-06-12] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide64; C:\WINDOWS\System32\drivers\amdide64.sys [11944 1999-12-31] (Advanced Micro Devices Inc.)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-07-21] (Advanced Micro Devices)
S3 dc3d; C:\WINDOWS\System32\drivers\dc3d.sys [47616 2011-05-18] (Microsoft Corporation) [File not signed]
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [18528 2014-11-18] () [File not signed]
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [15968 2014-11-18] ()

 

[Broni]

As my instructions say:
"If some log exceeds 50,000 characters post limit, split it between couple of replies."

 

[holdum323]

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-10-09] ()
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2014-11-18] () [File not signed]
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] () [File not signed]
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [192952 2017-10-09] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-11-01] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45504 2017-11-01] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-11-01] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-11-05] (Malwarebytes)
R1 MpKsld142fd6a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{09CDA980-6742-405A-842E-3A4E71B6F8AE}\MpKsld142fd6a.sys [49392 2017-11-01] (Microsoft Corporation)
R1 MpKsle6b8b9c4; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6AB55ACB-175E-4F82-9A8B-4EA437430F9B}\MpKsle6b8b9c4.sys [58120 2017-11-05] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 1999-12-31] (Realtek )
R3 rtwlane_13; C:\WINDOWS\System32\drivers\rtwlane_13.sys [3717120 2017-09-29] (Realtek Semiconductor Corporation )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver.sys [22800 2012-02-24] (Synaptics Incorporated)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [45728 2015-10-02] (Toshiba Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-05 19:49 - 2017-11-05 19:50 - 000022452 _____ C:\Users\Gary\Downloads\FRST.txt
2017-11-05 19:49 - 2017-11-05 19:49 - 000000000 ____D C:\Users\Gary\Downloads\FRST-OlderVersion
2017-11-05 19:48 - 2017-11-05 19:49 - 000000000 ____D C:\FRST
2017-11-05 19:48 - 2017-11-05 19:48 - 000001036 _____ C:\Users\Gary\Desktop\FRST64 - Shortcut.lnk
2017-11-05 19:47 - 2017-11-05 19:49 - 002403328 _____ (Farbar) C:\Users\Gary\Downloads\FRST64.exe
2017-11-05 19:06 - 2017-11-05 19:06 - 000000671 _____ C:\Users\Gary\Desktop\MBAM2.txt
2017-11-05 19:06 - 2017-11-05 19:06 - 000000667 _____ C:\Users\Gary\Desktop\MBAM 3.txt
2017-11-05 15:56 - 2017-11-05 15:56 - 000000659 _____ C:\Users\Gary\Desktop\MBAM.txt
2017-11-01 14:55 - 2017-11-01 14:55 - 000003564 _____ C:\Users\Gary\Desktop\ipconfig.txt
2017-10-31 08:07 - 2017-10-31 08:07 - 000000000 ____D C:\WINDOWS\Panther
2017-10-29 16:32 - 2017-10-29 18:51 - 000003564 _____ C:\Users\Gary\ipconfig.txt
2017-10-29 16:29 - 2017-10-29 18:13 - 000003564 _____ C:\WINDOWS\system32\ipconfig.txt
2017-10-29 16:27 - 2017-10-29 21:25 - 000003564 _____ C:\Users\Gary\myTcp.txt
2017-10-29 09:30 - 2017-10-29 17:54 - 000003564 _____ C:\WINDOWS\system32\myTcp.txt
2017-10-26 23:06 - 2017-10-26 23:06 - 018617536 _____ (Microsoft Corporation) C:\Users\Gary\Downloads\MediaCreationTool(1).exe
2017-10-26 18:28 - 2017-10-26 18:28 - 000000000 ____D C:\Users\Gary\Documents\FeedbackHub
2017-10-23 19:17 - 2017-10-23 19:16 - 000503513 _____ C:\Users\Gary\Desktop\Macrium.zip
2017-10-22 21:56 - 2017-10-22 21:56 - 006541184 _____ (Microsoft Corporation) C:\Users\Gary\Downloads\Windows10Upgrade9252.exe
2017-10-17 23:00 - 2017-10-17 23:00 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-10-17 22:59 - 2017-10-17 22:59 - 000000000 ___HD C:\Users\Gary\MicrosoftEdgeBackups
2017-10-17 22:57 - 2017-10-17 22:57 - 000000000 ____D C:\Users\Gary\AppData\Local\PackageStaging
2017-10-17 22:55 - 2017-10-17 22:55 - 000000020 ___SH C:\Users\Gary\ntuser.ini
2017-10-17 22:50 - 2017-10-17 22:51 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2017-10-17 22:50 - 2017-10-17 22:51 - 000011433 _____ C:\WINDOWS\diagerr.xml
2017-10-17 22:48 - 2017-11-05 19:04 - 000004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EBCAAE08-B5B5-420E-8AC2-0C02C1866AB3}
2017-10-17 22:48 - 2017-11-01 10:54 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-17 22:48 - 2017-10-26 23:10 - 000003360 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3942731526-1549951770-3740554991-1000
2017-10-17 22:48 - 2017-10-25 07:23 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-10-17 22:48 - 2017-10-17 22:48 - 000003610 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3942731526-1549951770-3740554991-1000UA
2017-10-17 22:48 - 2017-10-17 22:48 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-10-17 22:48 - 2017-10-17 22:48 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-10-17 22:48 - 2017-10-17 22:48 - 000003338 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3942731526-1549951770-3740554991-1000Core
2017-10-17 22:48 - 2017-10-17 22:48 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-10-17 22:48 - 2017-10-17 22:48 - 000002668 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP Photosmart 7510 series
2017-10-17 22:48 - 2017-10-17 22:48 - 000002590 _____ C:\WINDOWS\System32\Tasks\hpUrlLauncher.exe_{B3FA9662-64A8-451C-906B-878A3124103B}
2017-10-17 22:48 - 2017-10-17 22:48 - 000002412 _____ C:\WINDOWS\System32\Tasks\{CA8DD57D-1216-49C1-BAA8-BC03908E6419}
2017-10-17 22:48 - 2017-10-17 22:48 - 000002364 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2017-10-17 22:48 - 2017-10-17 22:48 - 000002338 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2017-10-17 22:48 - 2017-10-17 22:48 - 000002336 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2017-10-17 22:48 - 2017-10-17 22:48 - 000002322 _____ C:\WINDOWS\System32\Tasks\Microsoft Security Essentials
2017-10-17 22:48 - 2017-10-17 22:48 - 000002316 _____ C:\WINDOWS\System32\Tasks\{E27305A3-3D67-455A-8EE4-B2BA875BFEA8}
2017-10-17 22:48 - 2017-10-17 22:48 - 000002302 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe
2017-10-17 22:48 - 2017-10-17 22:48 - 000002298 _____ C:\WINDOWS\System32\Tasks\{A2D0D853-65BE-4435-9C98-7F6A6713DC9B}
2017-10-17 22:48 - 2017-10-17 22:48 - 000002270 _____ C:\WINDOWS\System32\Tasks\{B8C8DC05-D942-4CCA-9500-6C7D74AEEDC0}
2017-10-17 22:48 - 2017-10-17 22:48 - 000002268 _____ C:\WINDOWS\System32\Tasks\{674AE313-2F92-49E2-8E62-817F62D2DAC3}
2017-10-17 22:48 - 2017-10-17 22:48 - 000002244 _____ C:\WINDOWS\System32\Tasks\HPCustPartic.exe_{D81A7C3A-72D9-49DD-887E-EB791438ADDC}
2017-10-17 22:48 - 2017-10-17 22:48 - 000002224 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe
2017-10-17 22:48 - 2017-10-17 22:48 - 000002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-10-17 22:48 - 2017-10-17 22:48 - 000002176 _____ C:\WINDOWS\System32\Tasks\SidebarExecute
2017-10-17 22:48 - 2017-10-17 22:48 - 000002174 _____ C:\WINDOWS\System32\Tasks\{4F97251C-13CB-441A-8F32-4B3B52E010A4}
2017-10-17 22:48 - 2017-10-17 22:48 - 000002132 _____ C:\WINDOWS\System32\Tasks\{4D8AFD95-72DE-4EB0-B9AB-D864CF243669}
2017-10-17 22:48 - 2017-10-17 22:48 - 000002124 _____ C:\WINDOWS\System32\Tasks\{DB4AB491-93EF-4ECB-8886-400360145FDD}
2017-10-17 22:48 - 2017-10-17 22:48 - 000002124 _____ C:\WINDOWS\System32\Tasks\{7AB3CB3B-92FA-42F7-B9EB-AC59CDFE9AD0}
2017-10-17 22:48 - 2017-10-17 22:48 - 000002124 _____ C:\WINDOWS\System32\Tasks\{22A8C708-0AEE-48AD-9762-07C92BBEDF46}
2017-10-17 22:48 - 2017-10-17 22:48 - 000002112 _____ C:\WINDOWS\System32\Tasks\{28732AC3-6D3D-4C63-BB16-B0985D3FA390}
2017-10-17 22:48 - 2017-10-17 22:48 - 000002104 _____ C:\WINDOWS\System32\Tasks\{A3A9F015-55A3-41CB-9987-CC71BF0278F2}
2017-10-17 22:48 - 2017-10-17 22:48 - 000002104 _____ C:\WINDOWS\System32\Tasks\{6916640E-4285-4EF9-BB23-B3A4CD4A369E}
2017-10-17 22:48 - 2017-10-17 22:48 - 000000000 ____D C:\WINDOWS\System32\Tasks\WPD
2017-10-17 22:48 - 2017-10-17 22:48 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-3942731526-1549951770-3740554991-1000
2017-10-17 22:48 - 2017-10-17 22:48 - 000000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2017-10-17 22:48 - 2017-10-17 22:48 - 000000000 ____D C:\WINDOWS\System32\Tasks\Event Viewer Tasks
2017-10-17 22:30 - 2017-10-17 22:30 - 000000000 ____D C:\ProgramData\USOShared
2017-10-17 22:29 - 2017-10-17 22:29 - 000001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-10-17 22:26 - 2017-10-17 23:15 - 000000000 ____D C:\Users\Gary\AppData\Local\Packages
2017-10-17 22:24 - 2017-10-29 18:36 - 000000000 ____D C:\Users\Gary
2017-10-17 22:24 - 2017-10-17 22:40 - 000000000 ____D C:\Users\DefaultAppPool
2017-10-17 22:24 - 2017-10-17 22:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2017-10-17 22:24 - 2017-10-17 22:23 - 000000000 ____D C:\Users\Gary\AppData\Roaming\ATI
2017-10-17 22:24 - 2017-10-17 22:23 - 000000000 ____D C:\Users\Gary\AppData\Local\ATI
2017-10-17 22:24 - 2017-10-17 22:23 - 000000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\ATI
2017-10-17 22:24 - 2017-10-17 22:23 - 000000000 ____D C:\Users\DefaultAppPool\AppData\Local\ATI
2017-10-17 22:23 - 2017-11-01 11:01 - 001037652 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-17 22:23 - 2017-10-17 22:23 - 000000000 ____D C:\Users\Default\AppData\Roaming\ATI
2017-10-17 22:23 - 2017-10-17 22:23 - 000000000 ____D C:\Users\Default\AppData\Local\ATI
2017-10-17 22:23 - 2017-10-17 22:23 - 000000000 ____D C:\Users\Default User\AppData\Roaming\ATI
2017-10-17 22:23 - 2017-10-17 22:23 - 000000000 ____D C:\Users\Default User\AppData\Local\ATI
2017-10-17 22:22 - 2017-09-29 07:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-10-17 22:18 - 2017-11-05 18:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-10-17 22:18 - 2017-10-17 22:36 - 000235816 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-17 21:37 - 2017-11-05 11:03 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-10-17 21:37 - 2017-11-01 10:55 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-10-17 21:37 - 2017-11-01 10:55 - 000045504 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-10-17 21:37 - 2017-11-01 10:54 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-10-17 21:37 - 2017-10-09 03:03 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-10-17 21:37 - 2017-10-09 03:02 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-10-17 21:36 - 2017-10-18 01:07 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-10-17 21:36 - 2017-10-17 21:36 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines
2017-10-17 21:32 - 2017-10-17 21:36 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-10-17 21:26 - 2017-10-17 21:26 - 025246208 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-10-17 21:26 - 2017-10-17 21:26 - 023664128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-10-17 21:26 - 2017-10-17 21:26 - 021752832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2017-10-17 21:26 - 2017-10-17 21:26 - 019343360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-10-17 21:26 - 2017-10-17 21:26 - 018913792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-10-17 21:26 - 2017-10-17 21:26 - 017080832 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2017-10-17 21:26 - 2017-10-17 21:26 - 008097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-10-17 21:26 - 2017-10-17 21:26 - 006032896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-10-17 21:26 - 2017-10-17 21:26 - 004744192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-10-17 21:26 - 2017-10-17 21:26 - 003681280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-10-17 21:26 - 2017-10-17 21:26 - 002474080 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2017-10-17 21:26 - 2017-10-17 21:26 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-10-17 21:26 - 2017-10-17 21:26 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-10-17 21:26 - 2017-10-17 21:26 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-10-17 21:26 - 2017-10-17 21:26 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2017-10-17 21:26 - 2017-10-17 21:26 - 000538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2017-10-17 21:26 - 2017-10-17 21:26 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-10-17 21:26 - 2017-10-17 21:26 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
2017-10-17 21:26 - 2017-10-17 21:26 - 000285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-10-17 21:26 - 2017-10-17 21:26 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-10-17 21:26 - 2017-10-17 21:26 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-10-17 21:26 - 2017-10-17 21:26 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 008592280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-10-17 21:25 - 2017-10-17 21:25 - 005906264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 003672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-10-17 21:25 - 2017-10-17 21:25 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 003312432 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-10-17 21:25 - 2017-10-17 21:25 - 002869248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-10-17 21:25 - 2017-10-17 21:25 - 002400664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-10-17 21:25 - 2017-10-17 21:25 - 002106880 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-10-17 21:25 - 2017-10-17 21:25 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 001664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 001641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 001633744 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 001587200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 001554216 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 001528912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 001463856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 001436432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 001323840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 001261864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 001200024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-10-17 21:25 - 2017-10-17 21:25 - 001165824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 001053592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-10-17 21:25 - 2017-10-17 21:25 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-10-17 21:25 - 2017-10-17 21:25 - 000769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-10-17 21:25 - 2017-10-17 21:25 - 000677280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-10-17 21:25 - 2017-10-17 21:25 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-10-17 21:25 - 2017-10-17 21:25 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000591872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000559000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-10-17 21:25 - 2017-10-17 21:25 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-10-17 21:25 - 2017-10-17 21:25 - 000478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000464416 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000442880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000418712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-10-17 21:25 - 2017-10-17 21:25 - 000353688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000246168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000232344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-10-17 21:25 - 2017-10-17 21:25 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-10-17 21:25 - 2017-10-17 21:25 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000060824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urscx01000.sys
2017-10-17 21:25 - 2017-10-17 21:25 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-10-17 21:25 - 2017-10-17 21:25 - 000045976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2017-10-17 21:25 - 2017-10-17 21:25 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-10-17 21:25 - 2017-10-17 21:25 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-10-17 21:09 - 2017-10-23 19:00 - 000000000 ____D C:\WINDOWS\system32\msmq
2017-10-17 21:09 - 2017-10-17 21:09 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-10-17 21:09 - 2017-10-17 21:09 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2017-10-17 21:08 - 2017-10-17 21:08 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-10-17 21:08 - 2017-10-17 21:08 - 000000000 ____D C:\Program Files\MSBuild
2017-10-17 21:08 - 2017-10-17 21:08 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-10-17 21:08 - 2017-10-17 21:08 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-10-17 21:06 - 2017-10-17 21:06 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-10-17 21:06 - 2017-10-17 21:06 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-10-17 21:06 - 2017-10-17 21:06 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-10-17 21:06 - 2017-10-17 21:06 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-10-17 21:06 - 2017-10-17 21:06 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-10-17 21:06 - 2017-10-17 21:06 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-10-17 20:42 - 2017-10-17 20:42 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-10-10 17:37 - 2017-10-10 17:38 - 000317432 _____ C:\Users\Gary\Downloads\WinUSB.diagcab
2017-10-10 17:02 - 2017-10-10 17:02 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-05 19:37 - 2017-09-29 07:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-05 18:56 - 2011-10-25 20:00 - 000000000 ____D C:\Program Files (x86)\Everything
2017-11-05 18:30 - 2016-11-18 09:28 - 000000000 ____D C:\Users\Gary\AppData\LocalLow\Mozilla
2017-11-05 09:50 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2017-11-05 03:33 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-04 04:51 - 2017-09-29 07:46 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-03 17:49 - 2012-01-09 01:35 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-11-02 15:23 - 2017-01-31 13:55 - 000000472 _____ C:\Users\Gary\Desktop\Puzzles USA Today.website
2017-11-01 11:14 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\Registration
2017-11-01 10:53 - 2017-09-29 02:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-10-31 14:48 - 2017-09-29 07:44 - 000000000 ____D C:\WINDOWS\INF
2017-10-31 08:08 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-10-31 08:07 - 2017-05-19 10:33 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-10-31 08:07 - 2016-10-24 20:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-31 08:05 - 2015-10-02 02:48 - 000000000 __RDL C:\Users\Gary\OneDrive
2017-10-29 19:11 - 2016-12-05 22:54 - 000000000 ____D C:\Users\Gary\AppData\Local\ElevatedDiagnostics
2017-10-27 21:25 - 2016-04-12 19:28 - 000000000 ____D C:\Program Files\Speccy
2017-10-26 23:10 - 2015-10-02 02:48 - 000002413 _____ C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-10-25 07:23 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-25 07:23 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-22 21:57 - 2017-08-08 15:53 - 000000742 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2017-10-22 21:57 - 2017-08-08 15:53 - 000000730 _____ C:\Users\Gary\Desktop\Windows 10 Update Assistant.lnk
2017-10-22 21:57 - 2017-04-08 14:28 - 000000000 ____D C:\Windows10Upgrade
2017-10-21 00:53 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\rescache
2017-10-19 19:16 - 2011-12-07 13:26 - 000007591 ____H C:\Users\Gary\AppData\Local\resmon.resmoncfg
2017-10-18 02:42 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\appcompat
2017-10-18 01:17 - 2017-09-29 07:46 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-10-18 01:07 - 2017-10-02 08:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-18 01:07 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2017-10-18 01:07 - 2017-09-29 07:49 - 000000000 ____D C:\WINDOWS\Setup
2017-10-18 01:07 - 2017-09-29 07:46 - 000000000 __SHD C:\Program Files\Windows Sidebar
2017-10-18 01:07 - 2017-09-29 07:46 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-10-18 01:07 - 2017-09-29 07:46 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-10-18 01:07 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2017-10-18 01:07 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-10-18 01:07 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\spool
2017-10-18 01:07 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-10-18 01:07 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\IME
2017-10-18 01:07 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\schemas
2017-10-18 01:07 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-10-18 01:07 - 2017-09-29 07:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-10-18 01:07 - 2017-05-30 17:39 - 000000000 ____D C:\Program Files\Intel
2017-10-18 01:07 - 2017-04-08 16:04 - 000000000 ____D C:\Program Files\AMD
2017-10-18 01:07 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-10-18 01:07 - 2017-01-16 02:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2017-10-18 01:07 - 2016-08-03 20:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 10.8
2017-10-18 01:07 - 2016-07-30 19:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-10-18 01:07 - 2016-07-30 19:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-10-18 01:07 - 2015-11-09 11:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfraRecorder
2017-10-18 01:07 - 2015-05-26 23:26 - 000000000 ____D C:\WINDOWS\en
2017-10-18 01:07 - 2015-03-20 19:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad Muncher
2017-10-18 01:07 - 2015-03-10 17:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WizTree
2017-10-18 01:07 - 2015-03-09 17:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-10-18 01:07 - 2014-04-26 14:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
2017-10-18 01:07 - 2014-01-02 19:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hot CPU Tester Pro 4 LE
2017-10-18 01:07 - 2013-08-27 19:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-10-18 01:07 - 2012-12-19 16:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2017-10-18 01:07 - 2012-04-28 23:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Adobe
2017-10-18 01:07 - 2012-02-20 18:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Photo Resizer
2017-10-18 01:07 - 2012-01-24 03:04 - 000000000 ____D C:\Program Files\IIS
2017-10-18 01:07 - 2012-01-17 11:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Capture
2017-10-18 01:07 - 2012-01-01 17:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-10-18 01:07 - 2011-10-26 00:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.NET
2017-10-18 01:07 - 2011-10-24 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Label@Once
2017-10-18 01:07 - 2011-10-24 15:54 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2017-10-18 01:07 - 2011-04-27 21:25 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2017-10-18 01:07 - 2011-04-27 21:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Toshiba
2017-10-18 01:07 - 2009-07-13 23:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-10-18 01:07 - 2009-07-13 21:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-10-17 22:57 - 2016-08-25 03:01 - 000000000 ___HD C:\Users\Gary\AppData\Local\ConnectedDevicesPlatform
2017-10-17 22:57 - 2015-10-02 02:42 - 000000000 ____D C:\Users\Gary\AppData\Local\TileDataLayer
2017-10-17 22:56 - 2016-02-13 07:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-17 22:56 - 2015-10-02 16:47 - 000000000 ___RD C:\Users\Gary\3D Objects
2017-10-17 22:52 - 2017-09-29 02:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-10-17 22:48 - 2017-09-29 07:46 - 000000000 __RSD C:\WINDOWS\media
2017-10-17 22:48 - 2015-10-02 02:39 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-10-17 22:40 - 2014-08-01 21:14 - 000002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-10-17 22:34 - 2017-06-28 21:19 - 000000000 ____D C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger
2017-10-17 22:34 - 2011-10-25 20:00 - 000000000 ____D C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
2017-10-17 22:34 - 2011-04-27 21:25 - 000000000 ___RD C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities
2017-10-17 22:30 - 2017-09-29 07:46 - 000000000 ____D C:\ProgramData\USOPrivate
2017-10-17 22:29 - 2017-09-29 07:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-10-17 22:28 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-10-17 22:27 - 2017-06-17 22:09 - 000000000 ____D C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Macrium
2017-10-17 22:24 - 2017-04-08 16:06 - 000000000 ____D C:\Program Files\ATI Technologies
2017-10-17 22:24 - 2017-04-08 16:06 - 000000000 ____D C:\Program Files (x86)\ATI Technologies
2017-10-17 22:23 - 2017-09-29 02:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-10-17 22:23 - 2017-04-08 16:07 - 000936124 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-10-17 22:22 - 2017-04-08 16:05 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-10-17 22:21 - 2016-04-12 04:15 - 000000000 ____D C:\AMD
2017-10-17 21:43 - 2017-09-29 07:46 - 000000000 __RHD C:\Users\Public\Libraries
2017-10-17 21:37 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-10-17 21:37 - 2017-04-08 16:05 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2017-10-17 21:36 - 2017-04-08 16:06 - 000000000 ____D C:\Program Files\Synaptics
2017-10-17 21:36 - 2017-04-08 16:05 - 000000000 ____D C:\Program Files\Realtek
2017-10-17 21:36 - 2016-01-12 09:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2017-10-17 21:36 - 2015-11-07 22:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-10-17 21:36 - 2012-02-17 13:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2017-10-17 21:36 - 2009-07-13 23:32 - 000000000 ____D C:\Program Files\Microsoft Games
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\te-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\si-LK
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\or-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\km-KH
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\is-IS
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\id-ID
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\be-BY
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\as-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\am-ET
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2017-10-17 21:28 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-10-17 21:09 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2017-10-13 12:08 - 2017-09-29 07:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-10-13 12:08 - 2017-09-29 07:49 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-11 19:42 - 2017-01-17 15:22 - 000000000 ____D C:\ProgramData\boost_interprocess
2017-10-10 17:02 - 2011-10-24 17:28 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-10-07 16:59 - 2012-12-19 16:35 - 000000000 ____D C:\Program Files (x86)\SpeedFan

==================== Files in the root of some directories =======

2015-12-10 20:08 - 2015-12-10 20:08 - 000000000 _____ () C:\Program Files\Microsoft Security Client
2015-12-10 20:08 - 2015-12-10 20:08 - 000000000 _____ () C:\Program Files (x86)\Common Files\AMD
2012-05-25 20:20 - 2016-07-02 18:03 - 000115211 ____H () C:\Users\Gary\AppData\Local\ars.cache
2012-05-25 20:21 - 2016-07-02 18:04 - 001313225 ____H () C:\Users\Gary\AppData\Local\census.cache
2012-05-25 20:09 - 2012-05-25 20:09 - 000000036 ____H () C:\Users\Gary\AppData\Local\housecall.guid.cache
2015-08-21 22:05 - 2016-01-03 17:11 - 000039535 ____H () C:\Users\Gary\AppData\Local\Perfmon.PerfmonCfg
2011-12-07 13:26 - 2017-10-19 19:16 - 000007591 ____H () C:\Users\Gary\AppData\Local\resmon.resmoncfg
2012-05-08 19:17 - 2012-05-08 19:17 - 000000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

[holdum323]

Hi I'm trying very hard. I told you I was thick headed some times. Did that work?

 

[Broni]

Yes. I need second log.

 

[holdum323]

Here's the other half I hope.

ShortcutWithArgument: C:\Users\Gary\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 07:41 - 2017-09-29 07:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2011-10-24 15:44 - 2010-09-09 18:26 - 000162824 _____ () C:\Windows\System32\GFNEXSrv.exe
2015-08-21 21:09 - 2015-08-21 21:09 - 000214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 000817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 003650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2015-08-21 21:09 - 2015-08-21 21:09 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2017-01-24 18:49 - 2017-10-09 03:02 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-01-24 18:49 - 2017-10-09 03:02 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-09-29 07:42 - 2017-09-29 08:43 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-09-29 07:42 - 2017-09-29 08:43 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-10-30 15:07 - 2017-10-30 15:07 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-10-30 15:07 - 2017-10-30 15:07 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-10-30 15:07 - 2017-10-30 15:07 - 025446400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-10-30 15:07 - 2017-10-30 15:07 - 002542592 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\skypert.dll
2017-10-30 15:07 - 2017-10-30 15:07 - 000685056 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-09-13 20:56 - 2017-09-13 20:56 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11709.1001.27.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-11-03 06:50 - 2017-11-03 06:50 - 000016384 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_33.34.30002.0_x64__8wekyb3d8bbwe\XboxApp.exe
2017-11-03 06:50 - 2017-11-03 06:50 - 033914368 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_33.34.30002.0_x64__8wekyb3d8bbwe\XboxApp.dll
2017-09-26 03:53 - 2017-09-26 03:53 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_33.34.30002.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2016-07-29 22:48 - 2016-07-29 22:48 - 001651112 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_33.34.30002.0_x64__8wekyb3d8bbwe\winsdkfb.dll
2017-11-04 04:51 - 2017-11-04 04:51 - 000015872 _____ () C:\Program Files\WindowsApps\Microsoft.Office.Sway_18.1711.50301.0_x64__8wekyb3d8bbwe\Microsoft.Office.Sway.LightweightClient.UWP.exe
2017-11-04 04:51 - 2017-11-04 04:51 - 006285824 _____ () C:\Program Files\WindowsApps\Microsoft.Office.Sway_18.1711.50301.0_x64__8wekyb3d8bbwe\Microsoft.Office.Sway.LightweightClient.UWP.dll
2017-10-30 15:06 - 2017-10-30 15:07 - 002361528 _____ () C:\Program Files\WindowsApps\Microsoft.Office.Sway_18.1711.50301.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2009-03-12 19:18 - 2009-03-12 19:18 - 000602624 _____ () C:\Program Files (x86)\Everything\Everything.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2015-09-11 14:42 - 000000021 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3942731526-1549951770-3740554991-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 208.180.42.68 - 208.180.42.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^Gary^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Photosmart 7510 series (Network).lnk => C:\windows\pss\Monitor Ink Alerts - HP Photosmart 7510 series (Network).lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HSON => C:\Program Files\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Teco => "C:\Program Files\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosNC => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TosWaitSrv => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TPwrMain => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: TSleepSrv => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "TosReelTimeMonitor"
HKLM\...\StartupApproved\Run: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "SynTPEnh"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "ToshibaServiceStation"
HKLM\...\StartupApproved\Run32: => "TosReelTimeMonitor"
HKLM\...\StartupApproved\Run32: => "EaseUS Cleanup"
HKU\S-1-5-21-3942731526-1549951770-3740554991-1000\...\StartupApproved\StartupFolder: => "Monitor Ink Alerts - HP Photosmart 7510 series (Network).lnk"
HKU\S-1-5-21-3942731526-1549951770-3740554991-1000\...\StartupApproved\StartupFolder: => "PalTalk.lnk"
HKU\S-1-5-21-3942731526-1549951770-3740554991-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3942731526-1549951770-3740554991-1000\...\StartupApproved\Run: => "AppEx Accelerator UI"
HKU\S-1-5-21-3942731526-1549951770-3740554991-1000\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{854F270D-F5AA-4725-A353-625E23E893D1}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Block) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [TCP Query User{0F6C7414-3DBF-4D62-B7A9-C9788B05FFB7}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Block) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [{2A3CB666-BA9D-429A-93EC-E4B26B4063B9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F42AE726-A30E-46C0-B1D8-44E1B8195229}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS633A\HPDiagnosticCoreUI.exe
FirewallRules: [{1CBADB12-D2A7-40BF-9B09-759C36B68C16}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS633A\HPDiagnosticCoreUI.exe
FirewallRules: [{D230FD91-10DB-44D1-914A-5691B1E60AAC}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS04EC\HPDiagnosticCoreUI.exe
FirewallRules: [{CD2C7253-0B1B-48EF-AE46-2F581390E72D}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS04EC\HPDiagnosticCoreUI.exe
FirewallRules: [{FC7B26FF-AECB-441A-A8F2-DD1485C275E3}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS0A25\HPDiagnosticCoreUI.exe
FirewallRules: [{E6A63ED7-EC30-4232-96B2-ED19E5265FF9}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS0A25\HPDiagnosticCoreUI.exe
FirewallRules: [{64C6D25F-E396-49A9-BFAF-1A2C2A24EA1B}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS7C13\HPDiagnosticCoreUI.exe
FirewallRules: [{71AD69F5-51E1-4E7D-A201-F2F6DC38392D}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS7C13\HPDiagnosticCoreUI.exe
FirewallRules: [{FF523DCD-12A7-4F96-A73A-1D03FAF7D414}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS76E2\HPDiagnosticCoreUI.exe
FirewallRules: [{90935298-1667-42AC-8301-1BB57419A637}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS76E2\HPDiagnosticCoreUI.exe
FirewallRules: [{CFF65427-74A5-4DEA-8687-C114C22525A9}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS1D9D\HPDiagnosticCoreUI.exe
FirewallRules: [{2B6078FE-49F1-4B22-9369-6F8E038C57FF}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS1D9D\HPDiagnosticCoreUI.exe
FirewallRules: [{46B88164-D79A-46D0-A41D-EC0634691104}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS185F\HPDiagnosticCoreUI.exe
FirewallRules: [{58D2A63F-8631-429C-B68F-C2B66EF94012}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS185F\HPDiagnosticCoreUI.exe
FirewallRules: [{31E7C943-F79C-4140-B9FE-70440AD7B544}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS63C5\HPDiagnosticCoreUI.exe
FirewallRules: [{60D1251C-DE28-4F3C-8BE0-8A59DE94F41F}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS63C5\HPDiagnosticCoreUI.exe
FirewallRules: [{8008B895-4254-41D0-82BF-E636F0ADC5B4}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS57EB\HPDiagnosticCoreUI.exe
FirewallRules: [{3BE70632-CE31-43E2-9FD0-D8CDC9BB1524}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS57EB\HPDiagnosticCoreUI.exe
FirewallRules: [{3CD238DD-8F5A-42E6-B52F-68B4E18B6DC6}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS331A\HPDiagnosticCoreUI.exe
FirewallRules: [{FE25941A-FF80-44B5-A6CB-296529964637}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS331A\HPDiagnosticCoreUI.exe
FirewallRules: [{DA5B64CB-F076-482E-AA4D-FFD160198F75}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS0B2D\hppiw.exe
FirewallRules: [{D2CF04E5-5760-4708-A81D-005C1D4AB5D6}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS0B2D\hppiw.exe
FirewallRules: [{E7DB9C1C-C561-4C9A-A749-237A14B9254D}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS1642\HPDiagnosticCoreUI.exe
FirewallRules: [{83C62AB2-3C3A-4784-8787-20316DA2C934}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS1642\HPDiagnosticCoreUI.exe
FirewallRules: [{72F83AFA-FB34-4689-ACF6-E8D28E338CE4}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS0D4A\hppiw.exe
FirewallRules: [{8F8073F5-32DD-435C-8A51-12B116EC444F}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS0D4A\hppiw.exe
FirewallRules: [{24D0C5A5-5A4E-4B4D-9FBF-DA6ED4A75209}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS0AC4\hppiw.exe
FirewallRules: [{0722E6BB-ED27-49BD-B0B4-EBF783EAED62}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS0AC4\hppiw.exe
FirewallRules: [{69149DE4-96DF-4294-A574-5DCABD373BFD}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS71B9\hppiw.exe
FirewallRules: [{683A6EE7-DD64-442B-BCAD-C4C1182C622A}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS71B9\hppiw.exe
FirewallRules: [{30A8E4DC-E68C-422D-9660-A51F2E17BD68}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS28AF\HPDiagnosticCoreUI.exe
FirewallRules: [{0BE78E34-6C77-4709-9C71-2EA25378E2B4}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS28AF\HPDiagnosticCoreUI.exe
FirewallRules: [{3BF166A6-E66A-4B17-8439-78620CD6EBA8}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS62FF\HPDiagnosticCoreUI.exe
FirewallRules: [{42C8072B-9F1A-495C-A657-D3C942B7D2EE}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS62FF\HPDiagnosticCoreUI.exe
FirewallRules: [{9FDBACB4-70A0-4E39-A8AA-06E03DD24567}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS58BA\HPDiagnosticCoreUI.exe
FirewallRules: [{FA9AC3B6-E3A8-47B9-BDC0-69F2D4C28882}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS58BA\HPDiagnosticCoreUI.exe
FirewallRules: [{9713C405-E7EB-4B9F-9385-0CCFCF26F2AA}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS2678\HPDiagnosticCoreUI.exe
FirewallRules: [{ADECAE84-7C53-4589-AF2C-BC5941519514}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS2678\HPDiagnosticCoreUI.exe
FirewallRules: [{FF3E0CA5-2B09-4F04-9FA8-C63E78D28A12}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS1715\HPDiagnosticCoreUI.exe
FirewallRules: [{73D5AA13-98F3-4E0C-A403-33CD5E088874}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS1715\HPDiagnosticCoreUI.exe
FirewallRules: [{2DE380AB-AE1C-4F09-863D-95BC85DEA3D2}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{15C22D3D-9569-49AA-BA2B-D87BB5D00E7A}C:\program files\hp\hp photosmart 7510 series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp photosmart 7510 series\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{508F0897-B59E-464E-88AB-9CC815EC7E5E}C:\program files\hp\hp photosmart 7510 series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp photosmart 7510 series\bin\hpnetworkcommunicator.exe
FirewallRules: [{69788CE5-0324-4479-9D6E-3ED1C43F3A3A}] => (Block) C:\program files\hp\hp photosmart 7510 series\bin\hpnetworkcommunicator.exe
FirewallRules: [{0F8C931A-297A-4F33-AF86-A78B6E13873D}] => (Block) C:\program files\hp\hp photosmart 7510 series\bin\hpnetworkcommunicator.exe
FirewallRules: [TCP Query User{D770F4B0-6370-49C0-B469-9DBD6928B651}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{E6A61CED-D5B1-4AF1-96F1-2A3E7DFADE2F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{895A996C-C779-46D2-AD75-DBB3C70BD3B8}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{367FF8E2-94CF-4ABE-8BE6-945820E354CB}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{7C8B94F0-1539-42AA-8C7D-2CBA48829D25}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS34F4\HPDiagnosticCoreUI.exe
FirewallRules: [{BFA2EABB-9324-4CAC-BDB2-A9C82A0C86DD}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS34F4\HPDiagnosticCoreUI.exe
FirewallRules: [{8B00A111-1CA3-4E9B-9362-0DE31A75790C}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS1030\HPDiagnosticCoreUI.exe
FirewallRules: [{26626B35-1330-4311-A655-485E6036B95F}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS1030\HPDiagnosticCoreUI.exe
FirewallRules: [{4978D553-3CAD-4668-9CEA-2D255411B3AB}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS1173\HPDiagnosticCoreUI.exe
FirewallRules: [{A64478D2-D8CE-4468-AF76-6B37FE051555}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS1173\HPDiagnosticCoreUI.exe
FirewallRules: [{85EFF196-5D10-4995-B5AA-72A31F7CCB91}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS7AE8\HPDiagnosticCoreUI.exe
FirewallRules: [{A4E72EA7-7E53-494F-BD0F-12773448951D}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS7AE8\HPDiagnosticCoreUI.exe
FirewallRules: [{4721E3AD-1518-4A25-BEA1-6F892E71F30E}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS5AFB\HPDiagnosticCoreUI.exe
FirewallRules: [{A2303EFF-B823-4D9B-B6F2-99DA00537225}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS5AFB\HPDiagnosticCoreUI.exe
FirewallRules: [{E417FE99-A3C9-4267-A578-5052F2188E52}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9309DCBE-AC86-4116-93A6-CEC8495815D1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7D07BAAE-1DAC-4E41-9C2E-F5607EF91465}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS1975\HPDiagnosticCoreUI.exe
FirewallRules: [{E7156693-00B2-4649-8595-C59D49BEE07E}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS1975\HPDiagnosticCoreUI.exe
FirewallRules: [{9F3288B7-2D1B-446E-8BA2-F435207FBCFE}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS219F\HPDiagnosticCoreUI.exe
FirewallRules: [{6B88CE27-C257-4D8E-95D9-50B1B89BB9D9}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS219F\HPDiagnosticCoreUI.exe
FirewallRules: [{3112EEB6-1BE4-4C81-9DB8-1F06477BAC60}] => (Allow) C:\Program Files\HP\HP Photosmart 7510 series\Bin\DeviceSetup.exe
FirewallRules: [{F3650C9C-7793-4115-AA31-E8CD1E4F2FED}] => (Allow) C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{554FC8CD-2F6F-4F56-B790-78EA607A4AF9}] => (Allow) C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{A42F4AE4-C00C-4192-8B5A-7EFC57B29781}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS2A33\HPDiagnosticCoreUI.exe
FirewallRules: [{423D67C3-B903-4FDB-88C8-1874B8C8E8E4}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS2A33\HPDiagnosticCoreUI.exe
FirewallRules: [{0F802E57-6BE2-46D7-874B-F0AC06052BE0}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS2EB4\HPDiagnosticCoreUI.exe
FirewallRules: [{5A35D7A4-95A1-474A-809A-C325BD66C89B}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS2EB4\HPDiagnosticCoreUI.exe
FirewallRules: [{0EC904C6-E1B7-4397-9013-5C288D85E0DE}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS32BC\HPDiagnosticCoreUI.exe
FirewallRules: [{EE58BCEB-BAA5-4C34-B868-9FE9C89AF9D4}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS32BC\HPDiagnosticCoreUI.exe
FirewallRules: [TCP Query User{CC7BF960-9340-49DF-BA87-1F66125EEEE3}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Block) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [UDP Query User{3BCC8E98-75DD-49E7-B1C1-BED58A9D84D2}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Block) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [{4455D91E-3267-43AB-A90F-D92163F40D04}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS2700\HPDiagnosticCoreUI.exe
FirewallRules: [{118F675C-D5FC-4619-BF27-02FC56BCDB22}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS2700\HPDiagnosticCoreUI.exe
FirewallRules: [{D82F7663-0A71-4E30-BD82-3F7965842119}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS74CD\HPDiagnosticCoreUI.exe
FirewallRules: [{6D282163-FC79-42CC-B07B-BEE32A293023}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS74CD\HPDiagnosticCoreUI.exe
FirewallRules: [{ADB37591-2082-4FA7-96D4-94C000DAC856}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS3C6D\HPDiagnosticCoreUI.exe
FirewallRules: [{6E23163F-C0AA-4F63-ABD7-42C84ED97926}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS3C6D\HPDiagnosticCoreUI.exe
FirewallRules: [{1F2A5ED3-65EC-438F-A9C0-DFFA413FC5E4}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS4E4C\HPDiagnosticCoreUI.exe
FirewallRules: [{FA4C3909-D9D0-4003-9F58-148D11A906F7}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS4E4C\HPDiagnosticCoreUI.exe
FirewallRules: [{987F5D3A-73A8-4998-91AA-2A58564F0AA4}] => (Allow) %systemroot%\system32\alg.exe

==================== Restore Points =========================

18-10-2017 00:36:55 Windows Update
27-10-2017 02:51:53 Scheduled Checkpoint
01-11-2017 22:55:55 Windows Modules Installer

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/19/2017 09:41:37 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Disabled performance counter data collection from the "ASP.NET_2.0.50727" service because the performance counter library for that service has generated one or more errors. The errors that forced this action have been written to the application event log. Correct the errors before enabling the performance counters for this service.

Error: (10/19/2017 09:41:37 PM) (Source: Perflib) (EventID: 1021) (User: )
Description: Windows cannot open the 32-bit extensible counter DLL ASP.NET_2.0.50727 in a 64-bit environment. Contact the file vendor to obtain a 64-bit version. Alternatively, you can open the 32-bit extensible counter DLL by using the 32-bit version of Performance Monitor. To use this tool, open the Windows folder, open the Syswow64 folder, and then start Perfmon.exe.

Error: (10/17/2017 10:48:40 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (10/17/2017 10:41:09 PM) (Source: ESENT) (EventID: 455) (User: )
Description: mighost (3748,R,0) TILEREPOSITORYS-1-5-82-3006700770-424185619-1745488364-794895919-4004696415: Error -1023 (0xfffffc01) occurred while opening logfile C:\Users\DefaultAppPool\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (10/17/2017 10:40:27 PM) (Source: ESENT) (EventID: 455) (User: )
Description: mighost (4528,R,0) TILEREPOSITORYS-1-0-0: Error -1023 (0xfffffc01) occurred while opening logfile C:\Users\Default\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (10/17/2017 10:39:31 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (10/17/2017 10:39:30 PM) (Source: MSDTC 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (10/17/2017 10:39:29 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (10/17/2017 10:24:15 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\AMD\WU-CCC2\ccc2_install\VC12RTx64\vcredist_x64.exe /q /norestart; Description = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727; Error = 0x80042302).

Error: (10/17/2017 10:24:15 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.


Operation:
Instantiating VSS server


System errors:
=============
Error: (11/05/2017 08:22:35 AM) (Source: DCOM) (EventID: 10016) (User: GARY-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user Gary-PC\Gary SID (S-1-5-21-3942731526-1549951770-3740554991-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/04/2017 10:51:07 PM) (Source: DCOM) (EventID: 10016) (User: GARY-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Gary-PC\Gary SID (S-1-5-21-3942731526-1549951770-3740554991-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (11/04/2017 10:51:07 PM) (Source: DCOM) (EventID: 10016) (User: GARY-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Gary-PC\Gary SID (S-1-5-21-3942731526-1549951770-3740554991-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (11/04/2017 09:13:16 AM) (Source: DCOM) (EventID: 10016) (User: GARY-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user Gary-PC\Gary SID (S-1-5-21-3942731526-1549951770-3740554991-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/04/2017 09:07:29 AM) (Source: DCOM) (EventID: 10016) (User: GARY-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user Gary-PC\Gary SID (S-1-5-21-3942731526-1549951770-3740554991-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/04/2017 07:39:29 AM) (Source: DCOM) (EventID: 10016) (User: GARY-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user Gary-PC\Gary SID (S-1-5-21-3942731526-1549951770-3740554991-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/03/2017 10:54:50 PM) (Source: DCOM) (EventID: 10016) (User: GARY-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Gary-PC\Gary SID (S-1-5-21-3942731526-1549951770-3740554991-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (11/03/2017 10:54:50 PM) (Source: DCOM) (EventID: 10016) (User: GARY-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Gary-PC\Gary SID (S-1-5-21-3942731526-1549951770-3740554991-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (11/03/2017 07:43:38 AM) (Source: DCOM) (EventID: 10016) (User: GARY-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user Gary-PC\Gary SID (S-1-5-21-3942731526-1549951770-3740554991-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/02/2017 03:23:53 PM) (Source: DCOM) (EventID: 10016) (User: GARY-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user Gary-PC\Gary SID (S-1-5-21-3942731526-1549951770-3740554991-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
Date: 2017-10-29 20:09:35.604
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-10-29 20:09:34.389
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-10-29 20:09:26.616
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-10-29 20:09:26.183
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-10-29 19:54:30.294
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-10-29 19:54:29.401
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-10-29 19:54:05.561
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-10-29 19:54:05.059
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-10-29 19:53:57.606
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-10-29 19:53:57.186
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: AMD A6-3400M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 60%
Total physical RAM: 5610.12 MB
Available physical RAM: 2223.46 MB
Total Virtual: 6326.46 MB
Available Virtual: 2086.62 MB

==================== Drives ================================

Drive c: (TI106164W0D) (Fixed) (Total:463.49 GB) (Free:414.69 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 81A4963E)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=463.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=818 MB) - (Type=27)

==================== End of Addition.txt ============================

 

[holdum323]

Hi @Broni At this time I have no idea where I am. If you need some thing different, please advise. I'm completely lost.
Seriously! I'm giving this my best shot. What do I need to do?

 

[Broni]

You've been doing fine but you posted only half of the second log. I need to see entire second log.

 

[holdum323]

Ok! I'll give it another try.
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017
Ran by Gary (05-11-2017 19:51:11)
Running from C:\Users\Gary\Downloads
Windows 10 Home Version 1709 16299.19 (X64) (2017-10-18 04:54:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3942731526-1549951770-3740554991-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3942731526-1549951770-3740554991-503 - Limited - Disabled)
Gary (S-1-5-21-3942731526-1549951770-3740554991-1000 - Administrator - Enabled) => C:\Users\Gary
Guest (S-1-5-21-3942731526-1549951770-3740554991-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3942731526-1549951770-3740554991-1009 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-3942731526-1549951770-3740554991-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ad Muncher v4.94.34121 (Free) (HKLM-x32\...\Ad Muncher) (Version: - )
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
ATI Catalyst Install Manager (HKLM\...\{9F455BA4-BAFB-AE04-2537-1CFC94FE400A}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
CPUID HWMonitor 1.29 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Debug Diagnostics 2 Update 2 (HKLM\...\{7A94F4D3-AC7B-48EB-866E-BBA62AEFFA4B}) (Version: 2.2.0.13 - Microsoft Corporation)
EaseUS Partition Master 10.8 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version: - EaseUS)
Everything 1.2.1.371 (HKLM-x32\...\Everything) (Version: - )
FastStone Capture 5.3 (HKLM-x32\...\FastStone Capture) (Version: 5.3 - FastStone Soft)
FastStone Photo Resizer 3.1 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.1 - FastStone Soft.)
Google Chrome (HKLM-x32\...\{224B61E6-7E54-3DBA-872B-CCE85072D44D}) (Version: 61.0.3163.100 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{8E29C1CE-346A-3F59-AE22-8C5B7F230498}) (Version: 5.3.1.18536 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hot CPU Tester Pro 4.4.1 (HKLM-x32\...\{5A39D5C2-A28B-421D-925A-0390FD1E5529}_is1) (Version: 4.4 LE - 7Byte Computers)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 7510 series Basic Device Software (HKLM\...\{24C7AD6B-F418-4D3B-B7F2-F3603FD720BF}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 7510 series Help (HKLM-x32\...\{6357D25F-A9C9-4CC7-A1FB-0DCF344E7C40}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 7510 series Product Improvement Study (HKLM\...\{566BB063-0E28-4273-A748-690BE86A7E26}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.8.37.11 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB67}) (Version: 1.0.3.0 - Hewlett Packard)
InfraRecorder (HKLM-x32\...\InfraRecorder) (Version: - Christian Kindahl)
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Macrium Reflect Free Edition (HKLM\...\{77A97A7F-31F6-496A-9625-589717602062}) (Version: 6.3.1821 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-3942731526-1549951770-3740554991-1000\...\OneDriveSetup.exe) (Version: 17.3.7074.1023 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 56.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 56.0.2 (x64 en-US)) (Version: 56.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0 - Mozilla)
Paltalk Messenger 11.8 (HKLM-x32\...\Paltalk Messenger) (Version: 11.8.667.17975 - AVM Software Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.6 - Seagate Technology)
SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Simple Adblock (HKLM-x32\...\{A9A75A7F-4785-430D-8013-77BC1FD13A4C}) (Version: 1.1.5 - Simple Adblock)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1224 - SUPERAntiSpyware.com)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.10.0 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}) (Version: 2.1.10.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.9 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{6FF9A012-0254-41E9-81E2-F538C4B53611}) (Version: 1.3.2.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0012 - TOSHIBA)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.8 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.7.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.18.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.14 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0007 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.10.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.21 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}) (Version: 1.0.4 - TOSHIBA CORPORATION)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
TreeSize Free V3.3 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.3 - JAM Software)
WhoCrashed 5.52 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22256 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WizTree v1.07 (HKLM-x32\...\WizTree_is1) (Version: - Antibody Software)
WMV9/VC-1 Video Playback (HKLM\...\{ADF96813-AFAD-7A71-402D-2D2795401B9E}) (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
WOT for Internet Explorer (HKLM\...\{C0DA129B-1E45-494D-A362-5CD0109C306B}) (Version: 11.11.7.0 - WOT Services Oy)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-08-21] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers6: [IconLayout] -> {19F500E0-9964-11cf-B63D-08002B317C03} => Layout.dll -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {007ED8B7-2809-41E9-BE24-0CC60F58F7F0} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {0357DFC0-D920-45BE-9AC8-20165FA31304} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3942731526-1549951770-3740554991-1000UA => C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {05D6E3E1-D64E-47A4-8C99-78A1468C1442} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3942731526-1549951770-3740554991-1000Core => C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {08F83415-4D05-4898-AB70-2F7B59139E26} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => C:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {0B9417D5-04E7-4E5B-8BC6-B07526057782} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0D244588-1989-41A5-A056-6DCECFCE8E3B} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {11F0BB47-B98B-47DD-B8DA-E8728578C533} - System32\Tasks\{B8C8DC05-D942-4CCA-9500-6C7D74AEEDC0} => C:\windows\system32\pcalua.exe -a C:\Users\Gary\Downloads\h1100165.exe -d C:\Users\Gary\Downloads
Task: {19341595-F197-4587-9C66-E60B2E87B1CB} - System32\Tasks\{CA8DD57D-1216-49C1-BAA8-BC03908E6419} => C:\windows\system32\pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
Task: {1AAF2DCA-DEBA-4173-85C7-BCB2F788F47C} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{3671AF20-CE3D-4B94-A7CE-2E11101DE99F}_System Diagnostics => Command(1): C:\windows\system32\rundll32.exe -> C:\windows\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {1AAF2DCA-DEBA-4173-85C7-BCB2F788F47C} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{3671AF20-CE3D-4B94-A7CE-2E11101DE99F}_System Diagnostics => Command(2): C:\windows\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{3671AF20-CE3D-4B94-A7CE-2E11101DE99F}_System Diagnostics"
Task: {1C27777A-A8B9-4473-8ED0-45B0BECB7B48} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {1E73D510-B1EB-4EFA-A902-92C51FDE13A7} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {208AFA7F-0328-450E-B964-73762F41CEC3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {21084ABA-7705-4A92-B561-F86304C518D7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {270EBD83-16F2-4C1D-962B-8423F7311571} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{6867483B-C089-4C8D-A1C7-2DA4AF71C683}_System Diagnostics => Command(1): C:\windows\system32\rundll32.exe -> C:\windows\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {270EBD83-16F2-4C1D-962B-8423F7311571} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{6867483B-C089-4C8D-A1C7-2DA4AF71C683}_System Diagnostics => Command(2): C:\windows\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{6867483B-C089-4C8D-A1C7-2DA4AF71C683}_System Diagnostics"
Task: {2C5C1AB8-3098-459B-A3C5-385541582A95} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2C9B174B-F3E9-4A55-8AAA-C20BFF7B7CBE} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2E918E79-D38F-4A77-809A-3A59B26E51D6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {32FE2A94-AADA-44EE-A329-A421C3AC6F5B} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{2130C6DC-6554-42D8-A4D3-42AC48E618CB}_System Diagnostics => Command(1): C:\windows\system32\rundll32.exe -> C:\windows\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {32FE2A94-AADA-44EE-A329-A421C3AC6F5B} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{2130C6DC-6554-42D8-A4D3-42AC48E618CB}_System Diagnostics => Command(2): C:\windows\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{2130C6DC-6554-42D8-A4D3-42AC48E618CB}_System Diagnostics"
Task: {3356A5AF-C6E8-49B9-BA6E-468D356D2AFD} - \DriverToolkit Autorun -> No File <==== ATTENTION
Task: {3479A395-31D9-4A61-8358-2C516EC97F4A} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3745F225-4A4E-4FC0-9B09-DEA4206361F1} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{1F7F9636-AE8B-47FB-B2A8-1AB34D24FC11}_System Diagnostics => Command(1): C:\windows\system32\rundll32.exe -> C:\windows\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {3745F225-4A4E-4FC0-9B09-DEA4206361F1} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{1F7F9636-AE8B-47FB-B2A8-1AB34D24FC11}_System Diagnostics => Command(2): C:\windows\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{1F7F9636-AE8B-47FB-B2A8-1AB34D24FC11}_System Diagnostics"
Task: {3C006EC0-F53D-4EBC-8263-10A63BC126F2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {411182A2-CC43-413F-BCD6-2F3E01FDCDAF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd)
Task: {44355577-D715-4F4C-A40C-6F897E8F1BEB} - System32\Tasks\{22A8C708-0AEE-48AD-9762-07C92BBEDF46} => C:\Program Files\Microsoft Security Client\msseces.exe
Task: {4A26B70A-7C14-4A3E-9984-83C10E405262} - System32\Tasks\{674AE313-2F92-49E2-8E62-817F62D2DAC3} => C:\windows\system32\pcalua.exe -a C:\Users\Gary\Downloads\sp39534.exe -d C:\Users\Gary\Downloads
Task: {4A5E68B0-90E7-4AA2-93A6-66A6B492E604} - System32\Tasks\{DB4AB491-93EF-4ECB-8886-400360145FDD} => C:\Program Files\Microsoft Security Client\msseces.exe
Task: {5623215E-DA57-42F4-8ED2-6EBEC52FB41F} - System32\Tasks\{7AB3CB3B-92FA-42F7-B9EB-AC59CDFE9AD0} => C:\Program Files\Microsoft Security Client\msseces.exe
Task: {56BBEC19-A6AF-4679-A52D-F4663AF8C1CC} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {56BE7ED6-7246-43D2-996F-6AE1913FE591} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5BD8CD01-A5CF-4049-B927-1AF0C3006D76} - System32\Tasks\{28732AC3-6D3D-4C63-BB16-B0985D3FA390} => C:\Program Files (x86)\Everything\Everything.exe [2009-03-12] ()
Task: {5C0FC2F0-1094-4C34-9E10-88A9E5623B61} - System32\Tasks\{A2D0D853-65BE-4435-9C98-7F6A6713DC9B} => C:\windows\system32\pcalua.exe -a C:\Users\Gary\Documents\startuplite-setup-1.07.exe -d C:\Users\Gary\Documents
Task: {60B046DA-9B58-4D49-AE3C-C3D897AA1F5F} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {60F6761A-20D7-42A2-A179-036E67F2E537} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {61F49CB9-E959-4BB8-8361-9742D357E1F2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {6981D3E8-4007-4E33-B32B-56DC2C7912A3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {6E637828-115F-49A1-9696-57B0531DFE2E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {6ECA8D7C-F53A-4858-9CD1-7331F6FE457C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {72B0329F-B37F-4872-A79B-BA7E468EF197} - System32\Tasks\HPCustParticipation HP Photosmart 7510 series => C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {78519CA9-EF0B-4887-A86F-41B2A37E4687} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {7989C00E-9B31-4E6A-848E-69010C126337} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {7A8E1A0F-576E-416F-928F-1AA2CA38B906} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8572C731-EC9F-4003-BD75-65ACBCD11940} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {88F31520-A037-4859-B29E-86B336F8D63B} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{C84695EC-D4D1-4473-A258-29C8CF30D312}_System Diagnostics => Command(1): C:\windows\system32\rundll32.exe -> C:\windows\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {88F31520-A037-4859-B29E-86B336F8D63B} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{C84695EC-D4D1-4473-A258-29C8CF30D312}_System Diagnostics => Command(2): C:\windows\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{C84695EC-D4D1-4473-A258-29C8CF30D312}_System Diagnostics"
Task: {8BBC0164-7E1B-407A-8A4F-E1BB7FAB840A} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {8CF4DCF5-3877-4B23-97DB-259D9DA4B2EC} - System32\Tasks\{4F97251C-13CB-441A-8F32-4B3B52E010A4} => C:\Program Files\HP\HP Photosmart 7510 series\Bin\HP Photosmart 7510 series.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {9584079B-F2DC-4067-B7C1-DE2B4D4FC65E} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {980BE2C9-8B46-452C-A029-99B13C5D9C39} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{62AB7E0A-F578-477C-B221-1925D1201A64}_System Diagnostics => Command(1): C:\windows\system32\rundll32.exe -> C:\windows\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {980BE2C9-8B46-452C-A029-99B13C5D9C39} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{62AB7E0A-F578-477C-B221-1925D1201A64}_System Diagnostics => Command(2): C:\windows\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{62AB7E0A-F578-477C-B221-1925D1201A64}_System Diagnostics"
Task: {9C677C12-08BD-48E1-9EA3-1CE0DEFE23B1} - System32\Tasks\{4D8AFD95-72DE-4EB0-B9AB-D864CF243669} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Task: {A505A8CF-9F15-4ECC-B897-BEBF8BBA9626} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AB0E654D-0CE3-42D7-A82C-5CF02EA09BDE} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {AC076ED2-8703-4B0E-A051-F6C72BCEE410} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B3F7B148-F254-45B6-8091-EB0A0AB09D61} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B5071C2A-CC83-44AB-B458-8E4FC50FD8D4} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{5AE045FE-BE0E-4442-ADDB-6C43383565DB}_System Diagnostics => Command(1): C:\windows\system32\rundll32.exe -> C:\windows\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {B5071C2A-CC83-44AB-B458-8E4FC50FD8D4} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{5AE045FE-BE0E-4442-ADDB-6C43383565DB}_System Diagnostics => Command(2): C:\windows\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{5AE045FE-BE0E-4442-ADDB-6C43383565DB}_System Diagnostics"
Task: {B962D4A1-0DC4-400A-A804-EFBB312217C9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {BD77550A-B697-4721-BE48-53E140250CEA} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {BF6FCD7A-1B5A-413D-8369-D88B15A4E8CF} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => rundll32.exe url.dll,OpenURL hxxp://go.microsoft.com/fwlink/?LinkId=116866
Task: {C0793A9C-27F1-46E2-8F25-DF5C95B6C95D} - System32\Tasks\S-1-5-21-3942731526-1549951770-3740554991-1000\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {C12CF340-8269-4DA6-B420-7074B33ADA72} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {C378A690-9183-456C-BBD4-095626A84B9E} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{1BE32315-FC55-4A5A-9043-C58363593605}_System Diagnostics => Command(1): C:\windows\system32\rundll32.exe -> C:\windows\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {C378A690-9183-456C-BBD4-095626A84B9E} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{1BE32315-FC55-4A5A-9043-C58363593605}_System Diagnostics => Command(2): C:\windows\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{1BE32315-FC55-4A5A-9043-C58363593605}_System Diagnostics"
Task: {C46DE4BE-BC77-484A-BCE5-F6E788CDEBC1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-10-10] (Microsoft Corporation)
Task: {D7B09082-A0BC-46A2-B8EF-B25C07AD3288} - System32\Tasks\{E27305A3-3D67-455A-8EE4-B2BA875BFEA8} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\TOSHIBA\TOSAPINS\Install.exe" -d "C:\Program Files\TOSHIBA\TOSAPINS"
Task: {D94C3DDE-BA73-4F72-8585-2903492D8939} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {DA793F80-591F-45BE-8E91-FC6402EF8BA6} - System32\Tasks\HPCustPartic.exe_{D81A7C3A-72D9-49DD-887E-EB791438ADDC} => C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {DDAD48D8-7797-4EB0-ADF2-F4C7E15C0C03} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E11C9C11-FF79-4C0E-92A8-92772B08D684} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E45BF126-999F-4A48-94DF-34012A4EB781} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E4E7D6A4-B877-4DF4-B23F-98B27260D919} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {ECBC31B2-69B7-413A-AA53-01F493308882} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {ECFCA40A-A042-4336-81AB-B98084AEEEAD} - System32\Tasks\{6916640E-4285-4EF9-BB23-B3A4CD4A369E} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-12-20] (Skype Technologies S.A.)
Task: {EF668BC5-A473-45E5-BAD4-BDBAC874F73A} - System32\Tasks\hpUrlLauncher.exe_{B3FA9662-64A8-451C-906B-878A3124103B} => C:\Program Files\HP\HP Photosmart 7510 series\Bin\utils\hpUrlLauncher.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {F0C21C28-7D3E-4695-9127-7B362A99A2EB} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F0C66D6D-99C9-49C7-A963-76F089D5E3C8} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{6FFBF101-8B1E-4692-BE67-CA7212BE98F4}_System Diagnostics => Command(1): C:\windows\system32\rundll32.exe -> C:\windows\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {F0C66D6D-99C9-49C7-A963-76F089D5E3C8} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{6FFBF101-8B1E-4692-BE67-CA7212BE98F4}_System Diagnostics => Command(2): C:\windows\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{6FFBF101-8B1E-4692-BE67-CA7212BE98F4}_System Diagnostics"
Task: {F929EC93-EAA0-4343-B956-C0C77D62F824} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F98A8EAF-BF4C-4D06-8741-2D1892CF5DF1} - System32\Tasks\{A3A9F015-55A3-41CB-9987-CC71BF0278F2} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-12-20] (Skype Technologies S.A.)
Task: {F9D2067B-95CB-4932-8274-B51B8CA3DC14} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-25] (Adobe Systems Incorporated)
Task: {F9EFAB7C-F87F-4F48-BB41-153DCDE6B2FD} - System32\Tasks\Microsoft Security Essentials => Custom [Argument = Handler]
Task: {FE159A3A-E87F-4048-B534-28953FEA5970} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {FF0D1689-34A2-4A53-9D02-3061FDB52EC5} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3942731526-1549951770-3740554991-1000Core.job => C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3942731526-1549951770-3740554991-1000UA.job => C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

 

[holdum323]

I tried to divide it in half. Hopefully here's the other half. Let me know if you need more and I'll try to provide it.
ShortcutWithArgument: C:\Users\Gary\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 07:41 - 2017-09-29 07:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2011-10-24 15:44 - 2010-09-09 18:26 - 000162824 _____ () C:\Windows\System32\GFNEXSrv.exe
2015-08-21 21:09 - 2015-08-21 21:09 - 000214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 000817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 003650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2015-08-21 21:09 - 2015-08-21 21:09 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2017-01-24 18:49 - 2017-10-09 03:02 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-01-24 18:49 - 2017-10-09 03:02 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-09-29 07:42 - 2017-09-29 08:43 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-09-29 07:42 - 2017-09-29 08:43 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-10-30 15:07 - 2017-10-30 15:07 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-10-30 15:07 - 2017-10-30 15:07 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-10-30 15:07 - 2017-10-30 15:07 - 025446400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-10-30 15:07 - 2017-10-30 15:07 - 002542592 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\skypert.dll
2017-10-30 15:07 - 2017-10-30 15:07 - 000685056 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-09-13 20:56 - 2017-09-13 20:56 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11709.1001.27.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-11-03 06:50 - 2017-11-03 06:50 - 000016384 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_33.34.30002.0_x64__8wekyb3d8bbwe\XboxApp.exe
2017-11-03 06:50 - 2017-11-03 06:50 - 033914368 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_33.34.30002.0_x64__8wekyb3d8bbwe\XboxApp.dll
2017-09-26 03:53 - 2017-09-26 03:53 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_33.34.30002.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2016-07-29 22:48 - 2016-07-29 22:48 - 001651112 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_33.34.30002.0_x64__8wekyb3d8bbwe\winsdkfb.dll
2017-11-04 04:51 - 2017-11-04 04:51 - 000015872 _____ () C:\Program Files\WindowsApps\Microsoft.Office.Sway_18.1711.50301.0_x64__8wekyb3d8bbwe\Microsoft.Office.Sway.LightweightClient.UWP.exe
2017-11-04 04:51 - 2017-11-04 04:51 - 006285824 _____ () C:\Program Files\WindowsApps\Microsoft.Office.Sway_18.1711.50301.0_x64__8wekyb3d8bbwe\Microsoft.Office.Sway.LightweightClient.UWP.dll
2017-10-30 15:06 - 2017-10-30 15:07 - 002361528 _____ () C:\Program Files\WindowsApps\Microsoft.Office.Sway_18.1711.50301.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2009-03-12 19:18 - 2009-03-12 19:18 - 000602624 _____ () C:\Program Files (x86)\Everything\Everything.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2015-09-11 14:42 - 000000021 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3942731526-1549951770-3740554991-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 208.180.42.68 - 208.180.42.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^Gary^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Photosmart 7510 series (Network).lnk => C:\windows\pss\Monitor Ink Alerts - HP Photosmart 7510 series (Network).lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HSON => C:\Program Files\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Teco => "C:\Program Files\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosNC => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TosWaitSrv => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TPwrMain => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: TSleepSrv => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "TosReelTimeMonitor"
HKLM\...\StartupApproved\Run: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "SynTPEnh"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "ToshibaServiceStation"
HKLM\...\StartupApproved\Run32: => "TosReelTimeMonitor"
HKLM\...\StartupApproved\Run32: => "EaseUS Cleanup"
HKU\S-1-5-21-3942731526-1549951770-3740554991-1000\...\StartupApproved\StartupFolder: => "Monitor Ink Alerts - HP Photosmart 7510 series (Network).lnk"
HKU\S-1-5-21-3942731526-1549951770-3740554991-1000\...\StartupApproved\StartupFolder: => "PalTalk.lnk"
HKU\S-1-5-21-3942731526-1549951770-3740554991-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3942731526-1549951770-3740554991-1000\...\StartupApproved\Run: => "AppEx Accelerator UI"
HKU\S-1-5-21-3942731526-1549951770-3740554991-1000\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{854F270D-F5AA-4725-A353-625E23E893D1}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Block) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [TCP Query User{0F6C7414-3DBF-4D62-B7A9-C9788B05FFB7}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Block) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [{2A3CB666-BA9D-429A-93EC-E4B26B4063B9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F42AE726-A30E-46C0-B1D8-44E1B8195229}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS633A\HPDiagnosticCoreUI.exe
FirewallRules: [{1CBADB12-D2A7-40BF-9B09-759C36B68C16}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS633A\HPDiagnosticCoreUI.exe
FirewallRules: [{D230FD91-10DB-44D1-914A-5691B1E60AAC}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS04EC\HPDiagnosticCoreUI.exe
FirewallRules: [{CD2C7253-0B1B-48EF-AE46-2F581390E72D}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS04EC\HPDiagnosticCoreUI.exe
FirewallRules: [{FC7B26FF-AECB-441A-A8F2-DD1485C275E3}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS0A25\HPDiagnosticCoreUI.exe
FirewallRules: [{E6A63ED7-EC30-4232-96B2-ED19E5265FF9}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS0A25\HPDiagnosticCoreUI.exe
FirewallRules: [{64C6D25F-E396-49A9-BFAF-1A2C2A24EA1B}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS7C13\HPDiagnosticCoreUI.exe
FirewallRules: [{71AD69F5-51E1-4E7D-A201-F2F6DC38392D}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS7C13\HPDiagnosticCoreUI.exe
FirewallRules: [{FF523DCD-12A7-4F96-A73A-1D03FAF7D414}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS76E2\HPDiagnosticCoreUI.exe
FirewallRules: [{90935298-1667-42AC-8301-1BB57419A637}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS76E2\HPDiagnosticCoreUI.exe
FirewallRules: [{CFF65427-74A5-4DEA-8687-C114C22525A9}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS1D9D\HPDiagnosticCoreUI.exe
FirewallRules: [{2B6078FE-49F1-4B22-9369-6F8E038C57FF}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS1D9D\HPDiagnosticCoreUI.exe
FirewallRules: [{46B88164-D79A-46D0-A41D-EC0634691104}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS185F\HPDiagnosticCoreUI.exe
FirewallRules: [{58D2A63F-8631-429C-B68F-C2B66EF94012}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS185F\HPDiagnosticCoreUI.exe
FirewallRules: [{31E7C943-F79C-4140-B9FE-70440AD7B544}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS63C5\HPDiagnosticCoreUI.exe
FirewallRules: [{60D1251C-DE28-4F3C-8BE0-8A59DE94F41F}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS63C5\HPDiagnosticCoreUI.exe
FirewallRules: [{8008B895-4254-41D0-82BF-E636F0ADC5B4}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS57EB\HPDiagnosticCoreUI.exe
FirewallRules: [{3BE70632-CE31-43E2-9FD0-D8CDC9BB1524}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS57EB\HPDiagnosticCoreUI.exe
FirewallRules: [{3CD238DD-8F5A-42E6-B52F-68B4E18B6DC6}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS331A\HPDiagnosticCoreUI.exe
FirewallRules: [{FE25941A-FF80-44B5-A6CB-296529964637}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS331A\HPDiagnosticCoreUI.exe
FirewallRules: [{DA5B64CB-F076-482E-AA4D-FFD160198F75}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS0B2D\hppiw.exe
FirewallRules: [{D2CF04E5-5760-4708-A81D-005C1D4AB5D6}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS0B2D\hppiw.exe
FirewallRules: [{E7DB9C1C-C561-4C9A-A749-237A14B9254D}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS1642\HPDiagnosticCoreUI.exe
FirewallRules: [{83C62AB2-3C3A-4784-8787-20316DA2C934}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS1642\HPDiagnosticCoreUI.exe
FirewallRules: [{72F83AFA-FB34-4689-ACF6-E8D28E338CE4}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS0D4A\hppiw.exe
FirewallRules: [{8F8073F5-32DD-435C-8A51-12B116EC444F}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS0D4A\hppiw.exe
FirewallRules: [{24D0C5A5-5A4E-4B4D-9FBF-DA6ED4A75209}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS0AC4\hppiw.exe
FirewallRules: [{0722E6BB-ED27-49BD-B0B4-EBF783EAED62}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS0AC4\hppiw.exe
FirewallRules: [{69149DE4-96DF-4294-A574-5DCABD373BFD}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS71B9\hppiw.exe
FirewallRules: [{683A6EE7-DD64-442B-BCAD-C4C1182C622A}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS71B9\hppiw.exe
FirewallRules: [{30A8E4DC-E68C-422D-9660-A51F2E17BD68}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS28AF\HPDiagnosticCoreUI.exe
FirewallRules: [{0BE78E34-6C77-4709-9C71-2EA25378E2B4}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS28AF\HPDiagnosticCoreUI.exe
FirewallRules: [{3BF166A6-E66A-4B17-8439-78620CD6EBA8}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS62FF\HPDiagnosticCoreUI.exe
FirewallRules: [{42C8072B-9F1A-495C-A657-D3C942B7D2EE}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS62FF\HPDiagnosticCoreUI.exe
FirewallRules: [{9FDBACB4-70A0-4E39-A8AA-06E03DD24567}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS58BA\HPDiagnosticCoreUI.exe
FirewallRules: [{FA9AC3B6-E3A8-47B9-BDC0-69F2D4C28882}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS58BA\HPDiagnosticCoreUI.exe
FirewallRules: [{9713C405-E7EB-4B9F-9385-0CCFCF26F2AA}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS2678\HPDiagnosticCoreUI.exe
FirewallRules: [{ADECAE84-7C53-4589-AF2C-BC5941519514}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS2678\HPDiagnosticCoreUI.exe
FirewallRules: [{FF3E0CA5-2B09-4F04-9FA8-C63E78D28A12}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS1715\HPDiagnosticCoreUI.exe
FirewallRules: [{73D5AA13-98F3-4E0C-A403-33CD5E088874}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS1715\HPDiagnosticCoreUI.exe
FirewallRules: [{2DE380AB-AE1C-4F09-863D-95BC85DEA3D2}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{15C22D3D-9569-49AA-BA2B-D87BB5D00E7A}C:\program files\hp\hp photosmart 7510 series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp photosmart 7510 series\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{508F0897-B59E-464E-88AB-9CC815EC7E5E}C:\program files\hp\hp photosmart 7510 series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp photosmart 7510 series\bin\hpnetworkcommunicator.exe
FirewallRules: [{69788CE5-0324-4479-9D6E-3ED1C43F3A3A}] => (Block) C:\program files\hp\hp photosmart 7510 series\bin\hpnetworkcommunicator.exe
FirewallRules: [{0F8C931A-297A-4F33-AF86-A78B6E13873D}] => (Block) C:\program files\hp\hp photosmart 7510 series\bin\hpnetworkcommunicator.exe
FirewallRules: [TCP Query User{D770F4B0-6370-49C0-B469-9DBD6928B651}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{E6A61CED-D5B1-4AF1-96F1-2A3E7DFADE2F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{895A996C-C779-46D2-AD75-DBB3C70BD3B8}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{367FF8E2-94CF-4ABE-8BE6-945820E354CB}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{7C8B94F0-1539-42AA-8C7D-2CBA48829D25}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS34F4\HPDiagnosticCoreUI.exe
FirewallRules: [{BFA2EABB-9324-4CAC-BDB2-A9C82A0C86DD}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS34F4\HPDiagnosticCoreUI.exe
FirewallRules: [{8B00A111-1CA3-4E9B-9362-0DE31A75790C}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS1030\HPDiagnosticCoreUI.exe
FirewallRules: [{26626B35-1330-4311-A655-485E6036B95F}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS1030\HPDiagnosticCoreUI.exe
FirewallRules: [{4978D553-3CAD-4668-9CEA-2D255411B3AB}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS1173\HPDiagnosticCoreUI.exe
FirewallRules: [{A64478D2-D8CE-4468-AF76-6B37FE051555}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS1173\HPDiagnosticCoreUI.exe
FirewallRules: [{85EFF196-5D10-4995-B5AA-72A31F7CCB91}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS7AE8\HPDiagnosticCoreUI.exe
FirewallRules: [{A4E72EA7-7E53-494F-BD0F-12773448951D}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS7AE8\HPDiagnosticCoreUI.exe
FirewallRules: [{4721E3AD-1518-4A25-BEA1-6F892E71F30E}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS5AFB\HPDiagnosticCoreUI.exe
FirewallRules: [{A2303EFF-B823-4D9B-B6F2-99DA00537225}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS5AFB\HPDiagnosticCoreUI.exe
FirewallRules: [{E417FE99-A3C9-4267-A578-5052F2188E52}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9309DCBE-AC86-4116-93A6-CEC8495815D1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7D07BAAE-1DAC-4E41-9C2E-F5607EF91465}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS1975\HPDiagnosticCoreUI.exe
FirewallRules: [{E7156693-00B2-4649-8595-C59D49BEE07E}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS1975\HPDiagnosticCoreUI.exe
FirewallRules: [{9F3288B7-2D1B-446E-8BA2-F435207FBCFE}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS219F\HPDiagnosticCoreUI.exe
FirewallRules: [{6B88CE27-C257-4D8E-95D9-50B1B89BB9D9}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS219F\HPDiagnosticCoreUI.exe
FirewallRules: [{3112EEB6-1BE4-4C81-9DB8-1F06477BAC60}] => (Allow) C:\Program Files\HP\HP Photosmart 7510 series\Bin\DeviceSetup.exe
FirewallRules: [{F3650C9C-7793-4115-AA31-E8CD1E4F2FED}] => (Allow) C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{554FC8CD-2F6F-4F56-B790-78EA607A4AF9}] => (Allow) C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{A42F4AE4-C00C-4192-8B5A-7EFC57B29781}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS2A33\HPDiagnosticCoreUI.exe
FirewallRules: [{423D67C3-B903-4FDB-88C8-1874B8C8E8E4}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS2A33\HPDiagnosticCoreUI.exe
FirewallRules: [{0F802E57-6BE2-46D7-874B-F0AC06052BE0}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS2EB4\HPDiagnosticCoreUI.exe
FirewallRules: [{5A35D7A4-95A1-474A-809A-C325BD66C89B}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS2EB4\HPDiagnosticCoreUI.exe
FirewallRules: [{0EC904C6-E1B7-4397-9013-5C288D85E0DE}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS32BC\HPDiagnosticCoreUI.exe
FirewallRules: [{EE58BCEB-BAA5-4C34-B868-9FE9C89AF9D4}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS32BC\HPDiagnosticCoreUI.exe
FirewallRules: [TCP Query User{CC7BF960-9340-49DF-BA87-1F66125EEEE3}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Block) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [UDP Query User{3BCC8E98-75DD-49E7-B1C1-BED58A9D84D2}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Block) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [{4455D91E-3267-43AB-A90F-D92163F40D04}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS2700\HPDiagnosticCoreUI.exe
FirewallRules: [{118F675C-D5FC-4619-BF27-02FC56BCDB22}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS2700\HPDiagnosticCoreUI.exe
FirewallRules: [{D82F7663-0A71-4E30-BD82-3F7965842119}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS74CD\HPDiagnosticCoreUI.exe
FirewallRules: [{6D282163-FC79-42CC-B07B-BEE32A293023}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS74CD\HPDiagnosticCoreUI.exe
FirewallRules: [{ADB37591-2082-4FA7-96D4-94C000DAC856}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS3C6D\HPDiagnosticCoreUI.exe
FirewallRules: [{6E23163F-C0AA-4F63-ABD7-42C84ED97926}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS3C6D\HPDiagnosticCoreUI.exe
FirewallRules: [{1F2A5ED3-65EC-438F-A9C0-DFFA413FC5E4}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS4E4C\HPDiagnosticCoreUI.exe
FirewallRules: [{FA4C3909-D9D0-4003-9F58-148D11A906F7}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS4E4C\HPDiagnosticCoreUI.exe
FirewallRules: [{987F5D3A-73A8-4998-91AA-2A58564F0AA4}] => (Allow) %systemroot%\system32\alg.exe

==================== Restore Points =========================

18-10-2017 00:36:55 Windows Update
27-10-2017 02:51:53 Scheduled Checkpoint
01-11-2017 22:55:55 Windows Modules Installer

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/19/2017 09:41:37 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Disabled performance counter data collection from the "ASP.NET_2.0.50727" service because the performance counter library for that service has generated one or more errors. The errors that forced this action have been written to the application event log. Correct the errors before enabling the performance counters for this service.

Error: (10/19/2017 09:41:37 PM) (Source: Perflib) (EventID: 1021) (User: )
Description: Windows cannot open the 32-bit extensible counter DLL ASP.NET_2.0.50727 in a 64-bit environment. Contact the file vendor to obtain a 64-bit version. Alternatively, you can open the 32-bit extensible counter DLL by using the 32-bit version of Performance Monitor. To use this tool, open the Windows folder, open the Syswow64 folder, and then start Perfmon.exe.

Error: (10/17/2017 10:48:40 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (10/17/2017 10:41:09 PM) (Source: ESENT) (EventID: 455) (User: )
Description: mighost (3748,R,0) TILEREPOSITORYS-1-5-82-3006700770-424185619-1745488364-794895919-4004696415: Error -1023 (0xfffffc01) occurred while opening logfile C:\Users\DefaultAppPool\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (10/17/2017 10:40:27 PM) (Source: ESENT) (EventID: 455) (User: )
Description: mighost (4528,R,0) TILEREPOSITORYS-1-0-0: Error -1023 (0xfffffc01) occurred while opening logfile C:\Users\Default\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (10/17/2017 10:39:31 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (10/17/2017 10:39:30 PM) (Source: MSDTC 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (10/17/2017 10:39:29 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (10/17/2017 10:24:15 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\AMD\WU-CCC2\ccc2_install\VC12RTx64\vcredist_x64.exe /q /norestart; Description = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727; Error = 0x80042302).

Error: (10/17/2017 10:24:15 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.


Operation:
Instantiating VSS server


System errors:
=============
Error: (11/05/2017 08:22:35 AM) (Source: DCOM) (EventID: 10016) (User: GARY-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user Gary-PC\Gary SID (S-1-5-21-3942731526-1549951770-3740554991-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/04/2017 10:51:07 PM) (Source: DCOM) (EventID: 10016) (User: GARY-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Gary-PC\Gary SID (S-1-5-21-3942731526-1549951770-3740554991-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (11/04/2017 10:51:07 PM) (Source: DCOM) (EventID: 10016) (User: GARY-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Gary-PC\Gary SID (S-1-5-21-3942731526-1549951770-3740554991-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (11/04/2017 09:13:16 AM) (Source: DCOM) (EventID: 10016) (User: GARY-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user Gary-PC\Gary SID (S-1-5-21-3942731526-1549951770-3740554991-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/04/2017 09:07:29 AM) (Source: DCOM) (EventID: 10016) (User: GARY-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user Gary-PC\Gary SID (S-1-5-21-3942731526-1549951770-3740554991-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/04/2017 07:39:29 AM) (Source: DCOM) (EventID: 10016) (User: GARY-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user Gary-PC\Gary SID (S-1-5-21-3942731526-1549951770-3740554991-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/03/2017 10:54:50 PM) (Source: DCOM) (EventID: 10016) (User: GARY-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Gary-PC\Gary SID (S-1-5-21-3942731526-1549951770-3740554991-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (11/03/2017 10:54:50 PM) (Source: DCOM) (EventID: 10016) (User: GARY-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Gary-PC\Gary SID (S-1-5-21-3942731526-1549951770-3740554991-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (11/03/2017 07:43:38 AM) (Source: DCOM) (EventID: 10016) (User: GARY-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user Gary-PC\Gary SID (S-1-5-21-3942731526-1549951770-3740554991-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/02/2017 03:23:53 PM) (Source: DCOM) (EventID: 10016) (User: GARY-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user Gary-PC\Gary SID (S-1-5-21-3942731526-1549951770-3740554991-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
Date: 2017-10-29 20:09:35.604
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-10-29 20:09:34.389
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-10-29 20:09:26.616
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-10-29 20:09:26.183
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-10-29 19:54:30.294
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-10-29 19:54:29.401
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-10-29 19:54:05.561
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-10-29 19:54:05.059
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-10-29 19:53:57.606
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-10-29 19:53:57.186
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: AMD A6-3400M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 60%
Total physical RAM: 5610.12 MB
Available physical RAM: 2223.46 MB
Total Virtual: 6326.46 MB
Available Virtual: 2086.62 MB

==================== Drives ================================

Drive c: (TI106164W0D) (Fixed) (Total:463.49 GB) (Free:414.69 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 81A4963E)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=463.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=818 MB) - (Type=27)

==================== End of Addition.txt ============================

 

[Broni]

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Remove Selected.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8/10 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

 

[holdum323]

Hi @Broni As usual I have no idea what I'm doing I ran RogueKiller. It ran for over a hour. It found 70 items and I think they were removed?? This is what it found. 69 of them were Registry items. Let me know If I messed up. I'll do the other scans and post them.
RogueKiller V12.11.23.0 (x64) [Nov 6 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : Gary [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 11/06/2017 22:23:33 (Duration : 01:05:22)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 69 ¤¤¤
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://start.toshiba.com -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F42AE726-A30E-46C0-B1D8-44E1B8195229} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS633A\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1CBADB12-D2A7-40BF-9B09-759C36B68C16} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS633A\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D230FD91-10DB-44D1-914A-5691B1E60AAC} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS04EC\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CD2C7253-0B1B-48EF-AE46-2F581390E72D} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS04EC\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {FC7B26FF-AECB-441A-A8F2-DD1485C275E3} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS0A25\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E6A63ED7-EC30-4232-96B2-ED19E5265FF9} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS0A25\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {64C6D25F-E396-49A9-BFAF-1A2C2A24EA1B} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS7C13\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {71AD69F5-51E1-4E7D-A201-F2F6DC38392D} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS7C13\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {FF523DCD-12A7-4F96-A73A-1D03FAF7D414} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS76E2\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {90935298-1667-42AC-8301-1BB57419A637} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS76E2\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CFF65427-74A5-4DEA-8687-C114C22525A9} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS1D9D\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2B6078FE-49F1-4B22-9369-6F8E038C57FF} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS1D9D\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {46B88164-D79A-46D0-A41D-EC0634691104} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS185F\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {58D2A63F-8631-429C-B68F-C2B66EF94012} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS185F\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {31E7C943-F79C-4140-B9FE-70440AD7B544} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS63C5\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {60D1251C-DE28-4F3C-8BE0-8A59DE94F41F} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS63C5\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8008B895-4254-41D0-82BF-E636F0ADC5B4} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS57EB\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3BE70632-CE31-43E2-9FD0-D8CDC9BB1524} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS57EB\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3CD238DD-8F5A-42E6-B52F-68B4E18B6DC6} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS331A\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {FE25941A-FF80-44B5-A6CB-296529964637} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS331A\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {DA5B64CB-F076-482E-AA4D-FFD160198F75} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS0B2D\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D2CF04E5-5760-4708-A81D-005C1D4AB5D6} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS0B2D\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E7DB9C1C-C561-4C9A-A749-237A14B9254D} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS1642\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {83C62AB2-3C3A-4784-8787-20316DA2C934} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS1642\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {72F83AFA-FB34-4689-ACF6-E8D28E338CE4} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS0D4A\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8F8073F5-32DD-435C-8A51-12B116EC444F} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS0D4A\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {24D0C5A5-5A4E-4B4D-9FBF-DA6ED4A75209} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS0AC4\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0722E6BB-ED27-49BD-B0B4-EBF783EAED62} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS0AC4\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {69149DE4-96DF-4294-A574-5DCABD373BFD} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS71B9\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {683A6EE7-DD64-442B-BCAD-C4C1182C622A} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS71B9\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {30A8E4DC-E68C-422D-9660-A51F2E17BD68} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS28AF\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0BE78E34-6C77-4709-9C71-2EA25378E2B4} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS28AF\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3BF166A6-E66A-4B17-8439-78620CD6EBA8} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS62FF\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {42C8072B-9F1A-495C-A657-D3C942B7D2EE} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS62FF\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9FDBACB4-70A0-4E39-A8AA-06E03DD24567} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS58BA\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {FA9AC3B6-E3A8-47B9-BDC0-69F2D4C28882} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS58BA\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9713C405-E7EB-4B9F-9385-0CCFCF26F2AA} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS2678\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {ADECAE84-7C53-4589-AF2C-BC5941519514} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS2678\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {FF3E0CA5-2B09-4F04-9FA8-C63E78D28A12} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS1715\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {73D5AA13-98F3-4E0C-A403-33CD5E088874} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS1715\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7C8B94F0-1539-42AA-8C7D-2CBA48829D25} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS34F4\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {BFA2EABB-9324-4CAC-BDB2-A9C82A0C86DD} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS34F4\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8B00A111-1CA3-4E9B-9362-0DE31A75790C} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS1030\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {26626B35-1330-4311-A655-485E6036B95F} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS1030\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4978D553-3CAD-4668-9CEA-2D255411B3AB} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS1173\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A64478D2-D8CE-4468-AF76-6B37FE051555} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS1173\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {85EFF196-5D10-4995-B5AA-72A31F7CCB91} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS7AE8\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A4E72EA7-7E53-494F-BD0F-12773448951D} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS7AE8\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4721E3AD-1518-4A25-BEA1-6F892E71F30E} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS5AFB\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A2303EFF-B823-4D9B-B6F2-99DA00537225} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS5AFB\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7D07BAAE-1DAC-4E41-9C2E-F5607EF91465} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS1975\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E7156693-00B2-4649-8595-C59D49BEE07E} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS1975\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9F3288B7-2D1B-446E-8BA2-F435207FBCFE} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS219F\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6B88CE27-C257-4D8E-95D9-50B1B89BB9D9} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS219F\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A42F4AE4-C00C-4192-8B5A-7EFC57B29781} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS2A33\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {423D67C3-B903-4FDB-88C8-1874B8C8E8E4} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS2A33\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0F802E57-6BE2-46D7-874B-F0AC06052BE0} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS2EB4\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5A35D7A4-95A1-474A-809A-C325BD66C89B} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS2EB4\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0EC904C6-E1B7-4397-9013-5C288D85E0DE} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS32BC\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {EE58BCEB-BAA5-4C34-B868-9FE9C89AF9D4} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS32BC\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4455D91E-3267-43AB-A90F-D92163F40D04} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS2700\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {118F675C-D5FC-4619-BF27-02FC56BCDB22} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS2700\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D82F7663-0A71-4E30-BD82-3F7965842119} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS74CD\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6D282163-FC79-42CC-B07B-BEE32A293023} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS74CD\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {ADB37591-2082-4FA7-96D4-94C000DAC856} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS3C6D\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6E23163F-C0AA-4F63-ABD7-42C84ED97926} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS3C6D\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1F2A5ED3-65EC-438F-A9C0-DFFA413FC5E4} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS4E4C\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {FA4C3909-D9D0-4003-9F58-148D11A906F7} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Gary\AppData\Local\Temp\7zS4E4C\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[PUP.Tific][Folder] C:\Users\Gary\AppData\Roaming\Tific -> Deleted
[PUP.Tific][File] C:\Users\Gary\AppData\Roaming\Tific\Environment.tfc -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547550A9E384 SATA Disk Device +++++
--- User ---
[MBR] 5e3087f449bac72ca0c87bab88f26d2a
[BSP] 053dca83385b5105388688b53d624d3f : HP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 474617 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 975091712 | Size: 818 MB
User = LL1 ... OK
User = LL2 ... OK

 

[holdum323]

Here's Adwcleaner log.
# AdwCleaner 7.0.4.0 - Logfile created on Tue Nov 07 05:50:24 2017
# Updated on 2017/27/10 by Malwarebytes
# Database: 11-06-2017.2
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [1330 B] - [2017/11/6 4:12:59]
C:/AdwCleaner/AdwCleaner[S0].txt - [1213 B] - [2017/11/6 4:9:43]


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########

 

[holdum323]

OK! I hope you have all you need. Here's MBAM scan. I have the Premium version and I run it in real time with Windows Defender. I t scans daily.
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/6/17
Scan Time: 11:54 PM
Log File: 24ffa00e-c380-11e7-9bc7-38607736156c.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.212
Update Package Version: 1.0.3194
License: Premium

-System Information-
OS: Windows 10 (Build 16299.19)
CPU: x64
File System: NTFS
User: GARY-PC\Gary

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 422134
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 14 min, 0 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)