Inactive Website Blocked

Hi @Broni ;) I bet you'll be glad to get rid of me. I ran RogueKiller again. This time I selected all 69 registry entries an deleted them. Here's screen shot. Hopefully I got my head out of my behind and done this right.Capture26.JPG
 
You shouln't have had selected anything what wwasn't pre-checked but..too late.
You should be OK.

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2017
Ran by Gary (administrator) on GARY-PC (07-11-2017 19:21:08)
Running from C:\Users\Gary\Downloads
Loaded Profiles: Gary (Available Profiles: Gary & DefaultAppPool)
Platform: Windows 10 Home Version 1709 16299.19 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Windows\System32\GFNEXSrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe
(Murray Hurps Software Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch.exe
(Murray Hurps Software Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicator.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2011-03-30] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944648 2015-06-12] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Ad Muncher] => C:\Program Files (x86)\Ad Muncher\AdMunch.exe [560760 2015-03-20] (Murray Hurps Software Pty Ltd)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKU\S-1-5-21-3942731526-1549951770-3740554991-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-3942731526-1549951770-3740554991-1000\...\Run: [HP Photosmart 7510 series (NET)] => C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3942731526-1549951770-3740554991-1000\...\RunOnce: [Uninstall 17.3.7074.1023\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Gary\AppData\Local\Microsoft\OneDrive\17.3.7074.1023\amd64"
HKU\S-1-5-21-3942731526-1549951770-3740554991-1000\...\RunOnce: [Uninstall 17.3.7074.1023] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Gary\AppData\Local\Microsoft\OneDrive\17.3.7074.1023"
Startup: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7510 series (Network).lnk [2017-03-12]
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7510 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk [2017-06-28]
ShortcutTarget: PalTalk.lnk -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{d4e9f94b-6c9a-40b9-bc36-0a68afafa088}: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{d523adc0-9e32-424a-82f5-987648328c62}: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{e982eb49-3b33-45ab-8556-fb0024d1a300}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3942731526-1549951770-3740554991-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.com/
SearchScopes: HKLM -> DefaultScope {4D30FB0D-DEA1-4AFD-B4E3-3DF95AEC27E0} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM -> {4D30FB0D-DEA1-4AFD-B4E3-3DF95AEC27E0} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> DefaultScope {4D30FB0D-DEA1-4AFD-B4E3-3DF95AEC27E0} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> {4D30FB0D-DEA1-4AFD-B4E3-3DF95AEC27E0} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3942731526-1549951770-3740554991-1000 -> DefaultScope {B4288A11-C9B8-4AC1-86C9-457280A60AC5} URL = hxxp://www.bing.com/search?FORM=U220DF&PC=U220&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3942731526-1549951770-3740554991-1000 -> DD356F92596C4A92A30B5508B958705E URL = hxxps://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie11
SearchScopes: HKU\S-1-5-21-3942731526-1549951770-3740554991-1000 -> {615EE365-E54B-4D13-A817-AB1429DFB34C} URL = hxxps://delicious.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-3942731526-1549951770-3740554991-1000 -> {B4288A11-C9B8-4AC1-86C9-457280A60AC5} URL = hxxp://www.bing.com/search?FORM=U220DF&PC=U220&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3942731526-1549951770-3740554991-1000 -> {BB660FD4-3372-4B84-9C8D-9E266C95477C} URL = hxxps://www.flickr.com/search/?q={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll => No File
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll => No File
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll No File
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll No File
Toolbar: HKU\S-1-5-21-3942731526-1549951770-3740554991-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll No File
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxps://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1479323368619
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93}
DPF: HKLM-x32 {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: HKLM-x32 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
DPF: HKLM-x32 {E0FEE963-BB53-4215-81AD-B28C77384644} hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab
Handler: AutorunsDisabled - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: AutorunsDisabled - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll [2012-03-15] (Belarc, Inc.)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll No File

FireFox:
========
FF DefaultProfile: 4x13xd3n.default-1490672475513-1506989525317
FF ProfilePath: C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\6jzgq59z.default-1505954497758 [2017-11-05]
FF ProfilePath: C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\4x13xd3n.default-1490672475513-1506989525317 [2017-11-07]
FF Homepage: Mozilla\Firefox\Profiles\4x13xd3n.default-1490672475513-1506989525317 -> hxxps://www.google.com/
FF Extension: (Safe Browsing Version 4 (temporary add-on)) - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\4x13xd3n.default-1490672475513-1506989525317\Extensions\sbv4-gradual-rollout@mozilla.com.xpi [2017-10-11]
FF Extension: (__MSG_appName__) - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\4x13xd3n.default-1490672475513-1506989525317\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2017-10-23]
FF Extension: (Adblock Plus) - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\4x13xd3n.default-1490672475513-1506989525317\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-06]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-25] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-25] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2010-04-30] (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3942731526-1549951770-3740554991-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Gary\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2014-04-25] (Google)
FF Plugin HKU\S-1-5-21-3942731526-1549951770-3740554991-1000: @talk.google.com/O1DPlugin -> C:\Users\Gary\AppData\Roaming\Mozilla\plugins\npo1d.dll [2014-04-25] (Google)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Gary\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2014-04-25] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Gary\AppData\Roaming\mozilla\plugins\npo1d.dll [2014-04-25] (Google)

Chrome:
=======
CHR DefaultProfile: Profile 2
CHR Profile: C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-10-31]
CHR Profile: C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-11-06]
CHR Extension: (Docs) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-24]
CHR Extension: (Google Drive) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-06]
CHR Extension: (YouTube) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-06]
CHR Extension: (Sheets) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-24]
CHR Extension: (Google Docs Offline) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-05]
CHR Extension: (Gmail) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-06]
CHR Extension: (Chrome Media Router) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-26]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-04-16] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3894760 2017-06-07] (Paramount Software UK Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-04-30] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-04-30] (Alcatel-Lucent) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 1999-12-31] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-06-12] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide64; C:\WINDOWS\System32\drivers\amdide64.sys [11944 1999-12-31] (Advanced Micro Devices Inc.)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-07-21] (Advanced Micro Devices)
S3 dc3d; C:\WINDOWS\System32\drivers\dc3d.sys [47616 2011-05-18] (Microsoft Corporation) [File not signed]
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [18528 2014-11-18] () [File not signed]
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [15968 2014-11-18] () [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-10-09] ()
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2014-11-18] () [File not signed]
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] () [File not signed]
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [192952 2017-10-09] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-11-07] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45504 2017-11-07] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-11-07] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-11-07] (Malwarebytes)
R1 MpKsl01c1f143; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{42D8B9A9-2C35-4086-8935-DD4C7B788372}\MpKsl01c1f143.sys [58120 2017-11-07] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 1999-12-31] (Realtek )
R3 rtwlane_13; C:\WINDOWS\System32\drivers\rtwlane_13.sys [3717120 2017-09-29] (Realtek Semiconductor Corporation )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver.sys [22800 2012-02-24] (Synaptics Incorporated)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [45728 2015-10-02] (Toshiba Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-07 10:01 - 2017-11-07 10:01 - 000000000 ___HD C:\OneDriveTemp
2017-11-07 00:10 - 2017-11-07 00:10 - 000001237 _____ C:\Users\Gary\Desktop\MBAM4.txt
2017-11-06 22:23 - 2017-11-07 00:48 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-11-06 22:22 - 2017-11-07 00:47 - 000000910 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-11-06 22:22 - 2017-11-07 00:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-11-06 22:22 - 2017-11-07 00:47 - 000000000 ____D C:\Program Files\RogueKiller
2017-11-06 22:22 - 2017-11-06 23:35 - 000000000 ____D C:\ProgramData\RogueKiller
2017-11-06 22:19 - 2017-11-06 22:19 - 036135784 _____ (Adlice Software ) C:\Users\Gary\Downloads\RogueKiller_setup_ref3.exe
2017-11-05 22:05 - 2017-11-06 23:50 - 000000000 ____D C:\AdwCleaner
2017-11-05 22:04 - 2017-11-05 22:05 - 008261584 _____ (Malwarebytes) C:\Users\Gary\Downloads\adwcleaner_7.0.4.0.exe
2017-11-05 19:51 - 2017-11-05 19:52 - 000067552 _____ C:\Users\Gary\Downloads\Addition.txt
2017-11-05 19:49 - 2017-11-07 19:21 - 000021559 _____ C:\Users\Gary\Downloads\FRST.txt
2017-11-05 19:48 - 2017-11-07 19:21 - 000000000 ____D C:\FRST
2017-11-05 19:48 - 2017-11-05 19:48 - 000001036 _____ C:\Users\Gary\Desktop\FRST64 - Shortcut.lnk
2017-11-05 19:47 - 2017-11-05 19:49 - 002403328 _____ (Farbar) C:\Users\Gary\Downloads\FRST64.exe
2017-11-05 19:06 - 2017-11-05 19:06 - 000000671 _____ C:\Users\Gary\Desktop\MBAM2.txt
2017-11-05 19:06 - 2017-11-05 19:06 - 000000667 _____ C:\Users\Gary\Desktop\MBAM 3.txt
2017-11-05 15:56 - 2017-11-05 15:56 - 000000659 _____ C:\Users\Gary\Desktop\MBAM.txt
2017-10-31 08:07 - 2017-10-31 08:07 - 000000000 ____D C:\WINDOWS\Panther
2017-10-29 16:32 - 2017-10-29 18:51 - 000003564 _____ C:\Users\Gary\ipconfig.txt
2017-10-29 16:29 - 2017-10-29 18:13 - 000003564 _____ C:\WINDOWS\system32\ipconfig.txt
2017-10-29 16:27 - 2017-10-29 21:25 - 000003564 _____ C:\Users\Gary\myTcp.txt
2017-10-29 09:30 - 2017-10-29 17:54 - 000003564 _____ C:\WINDOWS\system32\myTcp.txt
2017-10-26 23:06 - 2017-10-26 23:06 - 018617536 _____ (Microsoft Corporation) C:\Users\Gary\Downloads\MediaCreationTool(1).exe
2017-10-26 18:28 - 2017-10-26 18:28 - 000000000 ____D C:\Users\Gary\Documents\FeedbackHub
2017-10-23 19:17 - 2017-10-23 19:16 - 000503513 _____ C:\Users\Gary\Desktop\Macrium.zip
2017-10-22 21:56 - 2017-10-22 21:56 - 006541184 _____ (Microsoft Corporation) C:\Users\Gary\Downloads\Windows10Upgrade9252.exe
2017-10-17 23:00 - 2017-10-17 23:00 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-10-17 22:59 - 2017-10-17 22:59 - 000000000 ___HD C:\Users\Gary\MicrosoftEdgeBackups
2017-10-17 22:57 - 2017-10-17 22:57 - 000000000 ____D C:\Users\Gary\AppData\Local\PackageStaging
2017-10-17 22:55 - 2017-10-17 22:55 - 000000020 ___SH C:\Users\Gary\ntuser.ini
2017-10-17 22:50 - 2017-10-17 22:51 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2017-10-17 22:50 - 2017-10-17 22:51 - 000011433 _____ C:\WINDOWS\diagerr.xml
2017-10-17 22:48 - 2017-11-07 15:45 - 000004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EBCAAE08-B5B5-420E-8AC2-0C02C1866AB3}
2017-10-17 22:48 - 2017-11-07 10:01 - 000003360 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3942731526-1549951770-3740554991-1000
2017-10-17 22:48 - 2017-11-07 02:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-17 22:48 - 2017-10-25 07:23 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-10-17 22:48 - 2017-10-17 22:48 - 000003610 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3942731526-1549951770-3740554991-1000UA
2017-10-17 22:48 - 2017-10-17 22:48 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-10-17 22:48 - 2017-10-17 22:48 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-10-17 22:48 - 2017-10-17 22:48 - 000003338 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3942731526-1549951770-3740554991-1000Core
2017-10-17 22:48 - 2017-10-17 22:48 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-10-17 22:48 - 2017-10-17 22:48 - 000002668 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP Photosmart 7510 series
2017-10-17 22:48 - 2017-10-17 22:48 - 000002590 _____ C:\WINDOWS\System32\Tasks\hpUrlLauncher.exe_{B3FA9662-64A8-451C-906B-878A3124103B}
2017-10-17 22:48 - 2017-10-17 22:48 - 000002412 _____ C:\WINDOWS\System32\Tasks\{CA8DD57D-1216-49C1-BAA8-BC03908E6419}
2017-10-17 22:48 - 2017-10-17 22:48 - 000002364 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2017-10-17 22:48 - 2017-10-17 22:48 - 000002338 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2017-10-17 22:48 - 2017-10-17 22:48 - 000002336 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2017-10-17 22:48 - 2017-10-17 22:48 - 000002322 _____ C:\WINDOWS\System32\Tasks\Microsoft Security Essentials
2017-10-17 22:48 - 2017-10-17 22:48 - 000002316 _____ C:\WINDOWS\System32\Tasks\{E27305A3-3D67-455A-8EE4-B2BA875BFEA8}
2017-10-17 22:48 - 2017-10-17 22:48 - 000002302 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe
2017-10-17 22:48 - 2017-10-17 22:48 - 000002298 _____ C:\WINDOWS\System32\Tasks\{A2D0D853-65BE-4435-9C98-7F6A6713DC9B}
2017-10-17 22:48 - 2017-10-17 22:48 - 000002270 _____ C:\WINDOWS\System32\Tasks\{B8C8DC05-D942-4CCA-9500-6C7D74AEEDC0}
2017-10-17 22:48 - 2017-10-17 22:48 - 000002268 _____ C:\WINDOWS\System32\Tasks\{674AE313-2F92-49E2-8E62-817F62D2DAC3}
2017-10-17 22:48 - 2017-10-17 22:48 - 000002244 _____ C:\WINDOWS\System32\Tasks\HPCustPartic.exe_{D81A7C3A-72D9-49DD-887E-EB791438ADDC}
2017-10-17 22:48 - 2017-10-17 22:48 - 000002224 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe
2017-10-17 22:48 - 2017-10-17 22:48 - 000002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-10-17 22:48 - 2017-10-17 22:48 - 000002176 _____ C:\WINDOWS\System32\Tasks\SidebarExecute
2017-10-17 22:48 - 2017-10-17 22:48 - 000002174 _____ C:\WINDOWS\System32\Tasks\{4F97251C-13CB-441A-8F32-4B3B52E010A4}
2017-10-17 22:48 - 2017-10-17 22:48 - 000002132 _____ C:\WINDOWS\System32\Tasks\{4D8AFD95-72DE-4EB0-B9AB-D864CF243669}
2017-10-17 22:48 - 2017-10-17 22:48 - 000002124 _____ C:\WINDOWS\System32\Tasks\{DB4AB491-93EF-4ECB-8886-400360145FDD}
2017-10-17 22:48 - 2017-10-17 22:48 - 000002124 _____ C:\WINDOWS\System32\Tasks\{7AB3CB3B-92FA-42F7-B9EB-AC59CDFE9AD0}
2017-10-17 22:48 - 2017-10-17 22:48 - 000002124 _____ C:\WINDOWS\System32\Tasks\{22A8C708-0AEE-48AD-9762-07C92BBEDF46}
2017-10-17 22:48 - 2017-10-17 22:48 - 000002112 _____ C:\WINDOWS\System32\Tasks\{28732AC3-6D3D-4C63-BB16-B0985D3FA390}
2017-10-17 22:48 - 2017-10-17 22:48 - 000002104 _____ C:\WINDOWS\System32\Tasks\{A3A9F015-55A3-41CB-9987-CC71BF0278F2}
2017-10-17 22:48 - 2017-10-17 22:48 - 000002104 _____ C:\WINDOWS\System32\Tasks\{6916640E-4285-4EF9-BB23-B3A4CD4A369E}
2017-10-17 22:48 - 2017-10-17 22:48 - 000000000 ____D C:\WINDOWS\System32\Tasks\WPD
2017-10-17 22:48 - 2017-10-17 22:48 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-3942731526-1549951770-3740554991-1000
2017-10-17 22:48 - 2017-10-17 22:48 - 000000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2017-10-17 22:48 - 2017-10-17 22:48 - 000000000 ____D C:\WINDOWS\System32\Tasks\Event Viewer Tasks
2017-10-17 22:30 - 2017-10-17 22:30 - 000000000 ____D C:\ProgramData\USOShared
2017-10-17 22:29 - 2017-10-17 22:29 - 000001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-10-17 22:26 - 2017-10-17 23:15 - 000000000 ____D C:\Users\Gary\AppData\Local\Packages
2017-10-17 22:24 - 2017-10-29 18:36 - 000000000 ____D C:\Users\Gary
2017-10-17 22:24 - 2017-10-17 22:40 - 000000000 ____D C:\Users\DefaultAppPool
2017-10-17 22:24 - 2017-10-17 22:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2017-10-17 22:24 - 2017-10-17 22:23 - 000000000 ____D C:\Users\Gary\AppData\Roaming\ATI
2017-10-17 22:24 - 2017-10-17 22:23 - 000000000 ____D C:\Users\Gary\AppData\Local\ATI
2017-10-17 22:24 - 2017-10-17 22:23 - 000000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\ATI
2017-10-17 22:24 - 2017-10-17 22:23 - 000000000 ____D C:\Users\DefaultAppPool\AppData\Local\ATI
2017-10-17 22:23 - 2017-11-07 02:39 - 001076744 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-17 22:23 - 2017-10-17 22:23 - 000000000 ____D C:\Users\Default\AppData\Roaming\ATI
2017-10-17 22:23 - 2017-10-17 22:23 - 000000000 ____D C:\Users\Default\AppData\Local\ATI
2017-10-17 22:23 - 2017-10-17 22:23 - 000000000 ____D C:\Users\Default User\AppData\Roaming\ATI
2017-10-17 22:23 - 2017-10-17 22:23 - 000000000 ____D C:\Users\Default User\AppData\Local\ATI
2017-10-17 22:22 - 2017-09-29 07:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-10-17 22:18 - 2017-11-07 19:18 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-10-17 22:18 - 2017-10-17 22:36 - 000235816 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-17 21:37 - 2017-11-07 17:43 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-10-17 21:37 - 2017-11-07 02:35 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-10-17 21:37 - 2017-11-07 02:35 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-10-17 21:37 - 2017-11-07 02:35 - 000045504 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-10-17 21:37 - 2017-10-09 03:03 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-10-17 21:37 - 2017-10-09 03:02 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-10-17 21:36 - 2017-10-18 01:07 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-10-17 21:36 - 2017-10-17 21:36 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines
2017-10-17 21:32 - 2017-10-17 21:36 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-10-17 21:26 - 2017-10-17 21:26 - 025246208 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-10-17 21:26 - 2017-10-17 21:26 - 023664128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-10-17 21:26 - 2017-10-17 21:26 - 021752832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2017-10-17 21:26 - 2017-10-17 21:26 - 019343360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-10-17 21:26 - 2017-10-17 21:26 - 018913792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-10-17 21:26 - 2017-10-17 21:26 - 017080832 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2017-10-17 21:26 - 2017-10-17 21:26 - 008097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-10-17 21:26 - 2017-10-17 21:26 - 006032896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-10-17 21:26 - 2017-10-17 21:26 - 004744192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-10-17 21:26 - 2017-10-17 21:26 - 003681280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-10-17 21:26 - 2017-10-17 21:26 - 002474080 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
 
2017-10-17 21:26 - 2017-10-17 21:26 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-10-17 21:26 - 2017-10-17 21:26 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-10-17 21:26 - 2017-10-17 21:26 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-10-17 21:26 - 2017-10-17 21:26 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2017-10-17 21:26 - 2017-10-17 21:26 - 000538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2017-10-17 21:26 - 2017-10-17 21:26 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
2017-10-17 21:26 - 2017-10-17 21:26 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-10-17 21:26 - 2017-10-17 21:26 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-10-17 21:26 - 2017-10-17 21:26 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 008592280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-10-17 21:25 - 2017-10-17 21:25 - 005906264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 003672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-10-17 21:25 - 2017-10-17 21:25 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 003312432 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-10-17 21:25 - 2017-10-17 21:25 - 002869248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-10-17 21:25 - 2017-10-17 21:25 - 002400664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-10-17 21:25 - 2017-10-17 21:25 - 002106880 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-10-17 21:25 - 2017-10-17 21:25 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 001664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 001641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 001633744 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 001587200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 001554216 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 001528912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 001463856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 001436432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 001323840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 001261864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 001200024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-10-17 21:25 - 2017-10-17 21:25 - 001165824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 001053592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-10-17 21:25 - 2017-10-17 21:25 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-10-17 21:25 - 2017-10-17 21:25 - 000769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-10-17 21:25 - 2017-10-17 21:25 - 000677280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-10-17 21:25 - 2017-10-17 21:25 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-10-17 21:25 - 2017-10-17 21:25 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000591872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000559000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-10-17 21:25 - 2017-10-17 21:25 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-10-17 21:25 - 2017-10-17 21:25 - 000478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000464416 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000442880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000418712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-10-17 21:25 - 2017-10-17 21:25 - 000353688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000246168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000232344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-10-17 21:25 - 2017-10-17 21:25 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-10-17 21:25 - 2017-10-17 21:25 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000060824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urscx01000.sys
2017-10-17 21:25 - 2017-10-17 21:25 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-10-17 21:25 - 2017-10-17 21:25 - 000045976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2017-10-17 21:25 - 2017-10-17 21:25 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-10-17 21:25 - 2017-10-17 21:25 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-10-17 21:25 - 2017-10-17 21:25 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-10-17 21:09 - 2017-10-23 19:00 - 000000000 ____D C:\WINDOWS\system32\msmq
2017-10-17 21:09 - 2017-10-17 21:09 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-10-17 21:09 - 2017-10-17 21:09 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2017-10-17 21:08 - 2017-10-17 21:08 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-10-17 21:08 - 2017-10-17 21:08 - 000000000 ____D C:\Program Files\MSBuild
2017-10-17 21:08 - 2017-10-17 21:08 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-10-17 21:08 - 2017-10-17 21:08 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-10-17 21:06 - 2017-10-17 21:06 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-10-17 21:06 - 2017-10-17 21:06 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-10-17 21:06 - 2017-10-17 21:06 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-10-17 21:06 - 2017-10-17 21:06 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-10-17 21:06 - 2017-10-17 21:06 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-10-17 21:06 - 2017-10-17 21:06 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-10-17 20:42 - 2017-10-17 20:42 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-10-10 17:37 - 2017-10-10 17:38 - 000317432 _____ C:\Users\Gary\Downloads\WinUSB.diagcab
2017-10-10 17:02 - 2017-10-10 17:02 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-07 19:20 - 2016-11-18 09:28 - 000000000 ____D C:\Users\Gary\AppData\LocalLow\Mozilla
2017-11-07 10:01 - 2015-10-02 02:48 - 000002413 _____ C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-07 10:01 - 2015-10-02 02:48 - 000000000 __RDL C:\Users\Gary\OneDrive
2017-11-07 02:39 - 2017-09-29 07:46 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-07 02:39 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2017-11-07 02:39 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-07 02:33 - 2017-09-29 02:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-11-06 22:28 - 2017-09-29 07:44 - 000000000 ____D C:\WINDOWS\INF
2017-11-05 22:29 - 2017-08-09 22:57 - 000000686 _____ C:\Users\Gary\Desktop\JRT.txt
2017-11-05 22:14 - 2012-01-09 01:35 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-11-05 21:57 - 2017-09-29 07:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-05 18:56 - 2011-10-25 20:00 - 000000000 ____D C:\Program Files (x86)\Everything
2017-11-02 15:23 - 2017-01-31 13:55 - 000000472 _____ C:\Users\Gary\Desktop\Puzzles USA Today.website
2017-11-01 11:14 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\Registration
2017-10-31 08:08 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-10-31 08:07 - 2017-05-19 10:33 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-10-31 08:07 - 2016-10-24 20:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-29 19:11 - 2016-12-05 22:54 - 000000000 ____D C:\Users\Gary\AppData\Local\ElevatedDiagnostics
2017-10-27 21:25 - 2016-04-12 19:28 - 000000000 ____D C:\Program Files\Speccy
2017-10-25 07:23 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-25 07:23 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-22 21:57 - 2017-08-08 15:53 - 000000742 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2017-10-22 21:57 - 2017-08-08 15:53 - 000000730 _____ C:\Users\Gary\Desktop\Windows 10 Update Assistant.lnk
2017-10-22 21:57 - 2017-04-08 14:28 - 000000000 ____D C:\Windows10Upgrade
2017-10-21 00:53 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\rescache
2017-10-19 19:16 - 2011-12-07 13:26 - 000007591 ____H C:\Users\Gary\AppData\Local\resmon.resmoncfg
2017-10-18 02:42 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\appcompat
2017-10-18 01:17 - 2017-09-29 07:46 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-10-18 01:07 - 2017-10-02 08:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-18 01:07 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2017-10-18 01:07 - 2017-09-29 07:49 - 000000000 ____D C:\WINDOWS\Setup
2017-10-18 01:07 - 2017-09-29 07:46 - 000000000 __SHD C:\Program Files\Windows Sidebar
2017-10-18 01:07 - 2017-09-29 07:46 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-10-18 01:07 - 2017-09-29 07:46 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-10-18 01:07 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2017-10-18 01:07 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-10-18 01:07 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\spool
2017-10-18 01:07 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-10-18 01:07 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\IME
2017-10-18 01:07 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\schemas
2017-10-18 01:07 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-10-18 01:07 - 2017-09-29 07:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-10-18 01:07 - 2017-05-30 17:39 - 000000000 ____D C:\Program Files\Intel
2017-10-18 01:07 - 2017-04-08 16:04 - 000000000 ____D C:\Program Files\AMD
2017-10-18 01:07 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-10-18 01:07 - 2017-01-16 02:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2017-10-18 01:07 - 2016-08-03 20:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 10.8
2017-10-18 01:07 - 2016-07-30 19:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-10-18 01:07 - 2016-07-30 19:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-10-18 01:07 - 2015-11-09 11:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfraRecorder
2017-10-18 01:07 - 2015-05-26 23:26 - 000000000 ____D C:\WINDOWS\en
2017-10-18 01:07 - 2015-03-20 19:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad Muncher
2017-10-18 01:07 - 2015-03-10 17:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WizTree
2017-10-18 01:07 - 2015-03-09 17:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-10-18 01:07 - 2014-04-26 14:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
2017-10-18 01:07 - 2014-01-02 19:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hot CPU Tester Pro 4 LE
2017-10-18 01:07 - 2013-08-27 19:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-10-18 01:07 - 2012-12-19 16:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2017-10-18 01:07 - 2012-04-28 23:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Adobe
2017-10-18 01:07 - 2012-02-20 18:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Photo Resizer
2017-10-18 01:07 - 2012-01-24 03:04 - 000000000 ____D C:\Program Files\IIS
2017-10-18 01:07 - 2012-01-17 11:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Capture
2017-10-18 01:07 - 2012-01-01 17:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-10-18 01:07 - 2011-10-26 00:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.NET
2017-10-18 01:07 - 2011-10-24 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Label@Once
2017-10-18 01:07 - 2011-10-24 15:54 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2017-10-18 01:07 - 2011-04-27 21:25 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2017-10-18 01:07 - 2011-04-27 21:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Toshiba
2017-10-18 01:07 - 2009-07-13 23:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-10-18 01:07 - 2009-07-13 21:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-10-17 22:57 - 2016-08-25 03:01 - 000000000 ___HD C:\Users\Gary\AppData\Local\ConnectedDevicesPlatform
2017-10-17 22:57 - 2015-10-02 02:42 - 000000000 ____D C:\Users\Gary\AppData\Local\TileDataLayer
2017-10-17 22:56 - 2016-02-13 07:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-17 22:56 - 2015-10-02 16:47 - 000000000 ___RD C:\Users\Gary\3D Objects
2017-10-17 22:52 - 2017-09-29 02:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-10-17 22:48 - 2017-09-29 07:46 - 000000000 __RSD C:\WINDOWS\media
2017-10-17 22:48 - 2015-10-02 02:39 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-10-17 22:40 - 2014-08-01 21:14 - 000002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-10-17 22:34 - 2017-06-28 21:19 - 000000000 ____D C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger
2017-10-17 22:34 - 2011-10-25 20:00 - 000000000 ____D C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
2017-10-17 22:34 - 2011-04-27 21:25 - 000000000 ___RD C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities
2017-10-17 22:30 - 2017-09-29 07:46 - 000000000 ____D C:\ProgramData\USOPrivate
2017-10-17 22:29 - 2017-09-29 07:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-10-17 22:28 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-10-17 22:27 - 2017-06-17 22:09 - 000000000 ____D C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Macrium
2017-10-17 22:24 - 2017-04-08 16:06 - 000000000 ____D C:\Program Files\ATI Technologies
2017-10-17 22:24 - 2017-04-08 16:06 - 000000000 ____D C:\Program Files (x86)\ATI Technologies
2017-10-17 22:23 - 2017-09-29 02:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-10-17 22:23 - 2017-04-08 16:07 - 000936124 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-10-17 22:22 - 2017-04-08 16:05 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-10-17 22:21 - 2016-04-12 04:15 - 000000000 ____D C:\AMD
2017-10-17 21:43 - 2017-09-29 07:46 - 000000000 __RHD C:\Users\Public\Libraries
2017-10-17 21:37 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-10-17 21:37 - 2017-04-08 16:05 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2017-10-17 21:36 - 2017-04-08 16:06 - 000000000 ____D C:\Program Files\Synaptics
2017-10-17 21:36 - 2017-04-08 16:05 - 000000000 ____D C:\Program Files\Realtek
2017-10-17 21:36 - 2016-01-12 09:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2017-10-17 21:36 - 2015-11-07 22:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-10-17 21:36 - 2012-02-17 13:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2017-10-17 21:36 - 2009-07-13 23:32 - 000000000 ____D C:\Program Files\Microsoft Games
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\te-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\si-LK
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\or-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\km-KH
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\is-IS
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\id-ID
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\be-BY
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\as-IN
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\am-ET
2017-10-17 21:28 - 2017-09-29 08:42 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2017-10-17 21:28 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-10-17 21:09 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2017-10-13 12:08 - 2017-09-29 07:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-10-13 12:08 - 2017-09-29 07:49 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-11 19:42 - 2017-01-17 15:22 - 000000000 ____D C:\ProgramData\boost_interprocess
2017-10-10 17:02 - 2011-10-24 17:28 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2015-12-10 20:08 - 2015-12-10 20:08 - 000000000 _____ () C:\Program Files\Microsoft Security Client
2015-12-10 20:08 - 2015-12-10 20:08 - 000000000 _____ () C:\Program Files (x86)\Common Files\AMD
2012-05-25 20:20 - 2016-07-02 18:03 - 000115211 ____H () C:\Users\Gary\AppData\Local\ars.cache
2012-05-25 20:21 - 2016-07-02 18:04 - 001313225 ____H () C:\Users\Gary\AppData\Local\census.cache
2012-05-25 20:09 - 2012-05-25 20:09 - 000000036 ____H () C:\Users\Gary\AppData\Local\housecall.guid.cache
2015-08-21 22:05 - 2016-01-03 17:11 - 000039535 ____H () C:\Users\Gary\AppData\Local\Perfmon.PerfmonCfg
2011-12-07 13:26 - 2017-10-19 19:16 - 000007591 ____H () C:\Users\Gary\AppData\Local\resmon.resmoncfg
2012-05-08 19:17 - 2012-05-08 19:17 - 000000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
2017-11-06 22:22 - 2017-09-29 07:41 - 001954048 _____ (Microsoft Corporation) C:\Users\Gary\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-07 02:30

==================== End of FRST.txt =========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017
Ran by Gary (07-11-2017 19:22:55)
Running from C:\Users\Gary\Downloads
Windows 10 Home Version 1709 16299.19 (X64) (2017-10-18 04:54:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3942731526-1549951770-3740554991-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3942731526-1549951770-3740554991-503 - Limited - Disabled)
Gary (S-1-5-21-3942731526-1549951770-3740554991-1000 - Administrator - Enabled) => C:\Users\Gary
Guest (S-1-5-21-3942731526-1549951770-3740554991-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3942731526-1549951770-3740554991-1009 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-3942731526-1549951770-3740554991-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ad Muncher v4.94.34121 (Free) (HKLM-x32\...\Ad Muncher) (Version: - )
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
ATI Catalyst Install Manager (HKLM\...\{9F455BA4-BAFB-AE04-2537-1CFC94FE400A}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
CPUID HWMonitor 1.29 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Debug Diagnostics 2 Update 2 (HKLM\...\{7A94F4D3-AC7B-48EB-866E-BBA62AEFFA4B}) (Version: 2.2.0.13 - Microsoft Corporation)
EaseUS Partition Master 10.8 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version: - EaseUS)
Everything 1.2.1.371 (HKLM-x32\...\Everything) (Version: - )
FastStone Capture 5.3 (HKLM-x32\...\FastStone Capture) (Version: 5.3 - FastStone Soft)
FastStone Photo Resizer 3.1 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.1 - FastStone Soft.)
Google Chrome (HKLM-x32\...\{224B61E6-7E54-3DBA-872B-CCE85072D44D}) (Version: 61.0.3163.100 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{8E29C1CE-346A-3F59-AE22-8C5B7F230498}) (Version: 5.3.1.18536 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hot CPU Tester Pro 4.4.1 (HKLM-x32\...\{5A39D5C2-A28B-421D-925A-0390FD1E5529}_is1) (Version: 4.4 LE - 7Byte Computers)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 7510 series Basic Device Software (HKLM\...\{24C7AD6B-F418-4D3B-B7F2-F3603FD720BF}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 7510 series Help (HKLM-x32\...\{6357D25F-A9C9-4CC7-A1FB-0DCF344E7C40}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 7510 series Product Improvement Study (HKLM\...\{566BB063-0E28-4273-A748-690BE86A7E26}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.8.37.11 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB67}) (Version: 1.0.3.0 - Hewlett Packard)
InfraRecorder (HKLM-x32\...\InfraRecorder) (Version: - Christian Kindahl)
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Macrium Reflect Free Edition (HKLM\...\{77A97A7F-31F6-496A-9625-589717602062}) (Version: 6.3.1821 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-3942731526-1549951770-3740554991-1000\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 56.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 56.0.2 (x64 en-US)) (Version: 56.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0 - Mozilla)
Paltalk Messenger 11.8 (HKLM-x32\...\Paltalk Messenger) (Version: 11.8.667.17975 - AVM Software Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
RogueKiller version 12.11.23.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.23.0 - Adlice Software)
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.6 - Seagate Technology)
SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Simple Adblock (HKLM-x32\...\{A9A75A7F-4785-430D-8013-77BC1FD13A4C}) (Version: 1.1.5 - Simple Adblock)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1224 - SUPERAntiSpyware.com)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.10.0 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}) (Version: 2.1.10.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.9 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{6FF9A012-0254-41E9-81E2-F538C4B53611}) (Version: 1.3.2.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0012 - TOSHIBA)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.8 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.7.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.18.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.14 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0007 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.10.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.21 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}) (Version: 1.0.4 - TOSHIBA CORPORATION)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
TreeSize Free V3.3 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.3 - JAM Software)
WhoCrashed 5.52 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22256 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WizTree v1.07 (HKLM-x32\...\WizTree_is1) (Version: - Antibody Software)
WMV9/VC-1 Video Playback (HKLM\...\{ADF96813-AFAD-7A71-402D-2D2795401B9E}) (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
WOT for Internet Explorer (HKLM\...\{C0DA129B-1E45-494D-A362-5CD0109C306B}) (Version: 11.11.7.0 - WOT Services Oy)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-08-21] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers6: [IconLayout] -> {19F500E0-9964-11cf-B63D-08002B317C03} => Layout.dll -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {007ED8B7-2809-41E9-BE24-0CC60F58F7F0} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {0357DFC0-D920-45BE-9AC8-20165FA31304} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3942731526-1549951770-3740554991-1000UA => C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {05D6E3E1-D64E-47A4-8C99-78A1468C1442} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3942731526-1549951770-3740554991-1000Core => C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {08F83415-4D05-4898-AB70-2F7B59139E26} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => C:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {0B9417D5-04E7-4E5B-8BC6-B07526057782} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0D244588-1989-41A5-A056-6DCECFCE8E3B} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {11F0BB47-B98B-47DD-B8DA-E8728578C533} - System32\Tasks\{B8C8DC05-D942-4CCA-9500-6C7D74AEEDC0} => C:\windows\system32\pcalua.exe -a C:\Users\Gary\Downloads\h1100165.exe -d C:\Users\Gary\Downloads
Task: {19341595-F197-4587-9C66-E60B2E87B1CB} - System32\Tasks\{CA8DD57D-1216-49C1-BAA8-BC03908E6419} => C:\windows\system32\pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
Task: {1AAF2DCA-DEBA-4173-85C7-BCB2F788F47C} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{3671AF20-CE3D-4B94-A7CE-2E11101DE99F}_System Diagnostics => Command(1): C:\windows\system32\rundll32.exe -> C:\windows\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {1AAF2DCA-DEBA-4173-85C7-BCB2F788F47C} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{3671AF20-CE3D-4B94-A7CE-2E11101DE99F}_System Diagnostics => Command(2): C:\windows\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{3671AF20-CE3D-4B94-A7CE-2E11101DE99F}_System Diagnostics"
Task: {1C27777A-A8B9-4473-8ED0-45B0BECB7B48} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {1E73D510-B1EB-4EFA-A902-92C51FDE13A7} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {208AFA7F-0328-450E-B964-73762F41CEC3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {21084ABA-7705-4A92-B561-F86304C518D7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {270EBD83-16F2-4C1D-962B-8423F7311571} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{6867483B-C089-4C8D-A1C7-2DA4AF71C683}_System Diagnostics => Command(1): C:\windows\system32\rundll32.exe -> C:\windows\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {270EBD83-16F2-4C1D-962B-8423F7311571} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{6867483B-C089-4C8D-A1C7-2DA4AF71C683}_System Diagnostics => Command(2): C:\windows\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{6867483B-C089-4C8D-A1C7-2DA4AF71C683}_System Diagnostics"
Task: {2C5C1AB8-3098-459B-A3C5-385541582A95} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2C9B174B-F3E9-4A55-8AAA-C20BFF7B7CBE} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2E918E79-D38F-4A77-809A-3A59B26E51D6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {32FE2A94-AADA-44EE-A329-A421C3AC6F5B} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{2130C6DC-6554-42D8-A4D3-42AC48E618CB}_System Diagnostics => Command(1): C:\windows\system32\rundll32.exe -> C:\windows\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {32FE2A94-AADA-44EE-A329-A421C3AC6F5B} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{2130C6DC-6554-42D8-A4D3-42AC48E618CB}_System Diagnostics => Command(2): C:\windows\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{2130C6DC-6554-42D8-A4D3-42AC48E618CB}_System Diagnostics"
Task: {3356A5AF-C6E8-49B9-BA6E-468D356D2AFD} - \DriverToolkit Autorun -> No File <==== ATTENTION
Task: {3479A395-31D9-4A61-8358-2C516EC97F4A} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3745F225-4A4E-4FC0-9B09-DEA4206361F1} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{1F7F9636-AE8B-47FB-B2A8-1AB34D24FC11}_System Diagnostics => Command(1): C:\windows\system32\rundll32.exe -> C:\windows\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {3745F225-4A4E-4FC0-9B09-DEA4206361F1} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{1F7F9636-AE8B-47FB-B2A8-1AB34D24FC11}_System Diagnostics => Command(2): C:\windows\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{1F7F9636-AE8B-47FB-B2A8-1AB34D24FC11}_System Diagnostics"
Task: {3C006EC0-F53D-4EBC-8263-10A63BC126F2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {411182A2-CC43-413F-BCD6-2F3E01FDCDAF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd)
Task: {44355577-D715-4F4C-A40C-6F897E8F1BEB} - System32\Tasks\{22A8C708-0AEE-48AD-9762-07C92BBEDF46} => C:\Program Files\Microsoft Security Client\msseces.exe
Task: {4A26B70A-7C14-4A3E-9984-83C10E405262} - System32\Tasks\{674AE313-2F92-49E2-8E62-817F62D2DAC3} => C:\windows\system32\pcalua.exe -a C:\Users\Gary\Downloads\sp39534.exe -d C:\Users\Gary\Downloads
Task: {4A5E68B0-90E7-4AA2-93A6-66A6B492E604} - System32\Tasks\{DB4AB491-93EF-4ECB-8886-400360145FDD} => C:\Program Files\Microsoft Security Client\msseces.exe
Task: {5623215E-DA57-42F4-8ED2-6EBEC52FB41F} - System32\Tasks\{7AB3CB3B-92FA-42F7-B9EB-AC59CDFE9AD0} => C:\Program Files\Microsoft Security Client\msseces.exe
Task: {56BBEC19-A6AF-4679-A52D-F4663AF8C1CC} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {56BE7ED6-7246-43D2-996F-6AE1913FE591} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5BD8CD01-A5CF-4049-B927-1AF0C3006D76} - System32\Tasks\{28732AC3-6D3D-4C63-BB16-B0985D3FA390} => C:\Program Files (x86)\Everything\Everything.exe [2009-03-12] ()
Task: {5C0FC2F0-1094-4C34-9E10-88A9E5623B61} - System32\Tasks\{A2D0D853-65BE-4435-9C98-7F6A6713DC9B} => C:\windows\system32\pcalua.exe -a C:\Users\Gary\Documents\startuplite-setup-1.07.exe -d C:\Users\Gary\Documents
Task: {60B046DA-9B58-4D49-AE3C-C3D897AA1F5F} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {60F6761A-20D7-42A2-A179-036E67F2E537} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {61F49CB9-E959-4BB8-8361-9742D357E1F2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {6981D3E8-4007-4E33-B32B-56DC2C7912A3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {6E637828-115F-49A1-9696-57B0531DFE2E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {6ECA8D7C-F53A-4858-9CD1-7331F6FE457C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {72B0329F-B37F-4872-A79B-BA7E468EF197} - System32\Tasks\HPCustParticipation HP Photosmart 7510 series => C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {78519CA9-EF0B-4887-A86F-41B2A37E4687} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {7989C00E-9B31-4E6A-848E-69010C126337} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {7A8E1A0F-576E-416F-928F-1AA2CA38B906} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8572C731-EC9F-4003-BD75-65ACBCD11940} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {88F31520-A037-4859-B29E-86B336F8D63B} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{C84695EC-D4D1-4473-A258-29C8CF30D312}_System Diagnostics => Command(1): C:\windows\system32\rundll32.exe -> C:\windows\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {88F31520-A037-4859-B29E-86B336F8D63B} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{C84695EC-D4D1-4473-A258-29C8CF30D312}_System Diagnostics => Command(2): C:\windows\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{C84695EC-D4D1-4473-A258-29C8CF30D312}_System Diagnostics"
Task: {8BBC0164-7E1B-407A-8A4F-E1BB7FAB840A} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {8CF4DCF5-3877-4B23-97DB-259D9DA4B2EC} - System32\Tasks\{4F97251C-13CB-441A-8F32-4B3B52E010A4} => C:\Program Files\HP\HP Photosmart 7510 series\Bin\HP Photosmart 7510 series.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {9584079B-F2DC-4067-B7C1-DE2B4D4FC65E} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {980BE2C9-8B46-452C-A029-99B13C5D9C39} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{62AB7E0A-F578-477C-B221-1925D1201A64}_System Diagnostics => Command(1): C:\windows\system32\rundll32.exe -> C:\windows\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {980BE2C9-8B46-452C-A029-99B13C5D9C39} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{62AB7E0A-F578-477C-B221-1925D1201A64}_System Diagnostics => Command(2): C:\windows\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{62AB7E0A-F578-477C-B221-1925D1201A64}_System Diagnostics"
Task: {9C677C12-08BD-48E1-9EA3-1CE0DEFE23B1} - System32\Tasks\{4D8AFD95-72DE-4EB0-B9AB-D864CF243669} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Task: {A505A8CF-9F15-4ECC-B897-BEBF8BBA9626} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AB0E654D-0CE3-42D7-A82C-5CF02EA09BDE} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {AC076ED2-8703-4B0E-A051-F6C72BCEE410} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B3F7B148-F254-45B6-8091-EB0A0AB09D61} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B5071C2A-CC83-44AB-B458-8E4FC50FD8D4} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{5AE045FE-BE0E-4442-ADDB-6C43383565DB}_System Diagnostics => Command(1): C:\windows\system32\rundll32.exe -> C:\windows\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {B5071C2A-CC83-44AB-B458-8E4FC50FD8D4} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{5AE045FE-BE0E-4442-ADDB-6C43383565DB}_System Diagnostics => Command(2): C:\windows\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{5AE045FE-BE0E-4442-ADDB-6C43383565DB}_System Diagnostics"
Task: {B962D4A1-0DC4-400A-A804-EFBB312217C9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {BD77550A-B697-4721-BE48-53E140250CEA} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {BF6FCD7A-1B5A-413D-8369-D88B15A4E8CF} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => rundll32.exe url.dll,OpenURL hxxp://go.microsoft.com/fwlink/?LinkId=116866
Task: {C0793A9C-27F1-46E2-8F25-DF5C95B6C95D} - System32\Tasks\S-1-5-21-3942731526-1549951770-3740554991-1000\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {C12CF340-8269-4DA6-B420-7074B33ADA72} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {C378A690-9183-456C-BBD4-095626A84B9E} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{1BE32315-FC55-4A5A-9043-C58363593605}_System Diagnostics => Command(1): C:\windows\system32\rundll32.exe -> C:\windows\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {C378A690-9183-456C-BBD4-095626A84B9E} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{1BE32315-FC55-4A5A-9043-C58363593605}_System Diagnostics => Command(2): C:\windows\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{1BE32315-FC55-4A5A-9043-C58363593605}_System Diagnostics"
Task: {C46DE4BE-BC77-484A-BCE5-F6E788CDEBC1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-10-10] (Microsoft Corporation)
Task: {D7B09082-A0BC-46A2-B8EF-B25C07AD3288} - System32\Tasks\{E27305A3-3D67-455A-8EE4-B2BA875BFEA8} => C:\WINDOWS\system32\pcalua.exe -a "C
 
\Program Files\TOSHIBA\TOSAPINS\Install.exe" -d "C:\Program Files\TOSHIBA\TOSAPINS"
Task: {D94C3DDE-BA73-4F72-8585-2903492D8939} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {DA793F80-591F-45BE-8E91-FC6402EF8BA6} - System32\Tasks\HPCustPartic.exe_{D81A7C3A-72D9-49DD-887E-EB791438ADDC} => C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {DDAD48D8-7797-4EB0-ADF2-F4C7E15C0C03} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E11C9C11-FF79-4C0E-92A8-92772B08D684} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E45BF126-999F-4A48-94DF-34012A4EB781} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E4E7D6A4-B877-4DF4-B23F-98B27260D919} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {ECBC31B2-69B7-413A-AA53-01F493308882} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {ECFCA40A-A042-4336-81AB-B98084AEEEAD} - System32\Tasks\{6916640E-4285-4EF9-BB23-B3A4CD4A369E} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-12-20] (Skype Technologies S.A.)
Task: {EF668BC5-A473-45E5-BAD4-BDBAC874F73A} - System32\Tasks\hpUrlLauncher.exe_{B3FA9662-64A8-451C-906B-878A3124103B} => C:\Program Files\HP\HP Photosmart 7510 series\Bin\utils\hpUrlLauncher.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {F0C21C28-7D3E-4695-9127-7B362A99A2EB} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F0C66D6D-99C9-49C7-A963-76F089D5E3C8} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{6FFBF101-8B1E-4692-BE67-CA7212BE98F4}_System Diagnostics => Command(1): C:\windows\system32\rundll32.exe -> C:\windows\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {F0C66D6D-99C9-49C7-A963-76F089D5E3C8} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{6FFBF101-8B1E-4692-BE67-CA7212BE98F4}_System Diagnostics => Command(2): C:\windows\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{6FFBF101-8B1E-4692-BE67-CA7212BE98F4}_System Diagnostics"
Task: {F929EC93-EAA0-4343-B956-C0C77D62F824} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F98A8EAF-BF4C-4D06-8741-2D1892CF5DF1} - System32\Tasks\{A3A9F015-55A3-41CB-9987-CC71BF0278F2} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-12-20] (Skype Technologies S.A.)
Task: {F9D2067B-95CB-4932-8274-B51B8CA3DC14} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-25] (Adobe Systems Incorporated)
Task: {F9EFAB7C-F87F-4F48-BB41-153DCDE6B2FD} - System32\Tasks\Microsoft Security Essentials => Custom [Argument = Handler]
Task: {FE159A3A-E87F-4048-B534-28953FEA5970} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {FF0D1689-34A2-4A53-9D02-3061FDB52EC5} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3942731526-1549951770-3740554991-1000Core.job => C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3942731526-1549951770-3740554991-1000UA.job => C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Gary\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 07:41 - 2017-09-29 07:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2011-10-24 15:44 - 2010-09-09 18:26 - 000162824 _____ () C:\Windows\System32\GFNEXSrv.exe
2015-08-21 21:09 - 2015-08-21 21:09 - 000214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 000817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 003650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2015-08-21 21:09 - 2015-08-21 21:09 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2017-01-24 18:49 - 2017-10-09 03:02 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-01-24 18:49 - 2017-10-09 03:02 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-09-29 07:42 - 2017-09-29 08:43 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-09-29 07:42 - 2017-09-29 08:43 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-11-07 02:38 - 2017-11-07 02:39 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-07 02:38 - 2017-11-07 02:39 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-11-07 02:38 - 2017-11-07 02:39 - 025461760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-11-07 02:38 - 2017-11-07 02:39 - 002552832 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\skypert.dll
2017-11-07 02:38 - 2017-11-07 02:39 - 000685056 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2015-09-11 14:42 - 000000021 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3942731526-1549951770-3740554991-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 208.180.42.68 - 208.180.42.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^Gary^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Photosmart 7510 series (Network).lnk => C:\windows\pss\Monitor Ink Alerts - HP Photosmart 7510 series (Network).lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HSON => C:\Program Files\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Teco => "C:\Program Files\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosNC => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TosWaitSrv => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TPwrMain => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: TSleepSrv => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "TosReelTimeMonitor"
HKLM\...\StartupApproved\Run: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "SynTPEnh"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "ToshibaServiceStation"
HKLM\...\StartupApproved\Run32: => "TosReelTimeMonitor"
HKLM\...\StartupApproved\Run32: => "EaseUS Cleanup"
HKU\S-1-5-21-3942731526-1549951770-3740554991-1000\...\StartupApproved\StartupFolder: => "Monitor Ink Alerts - HP Photosmart 7510 series (Network).lnk"
HKU\S-1-5-21-3942731526-1549951770-3740554991-1000\...\StartupApproved\StartupFolder: => "PalTalk.lnk"
HKU\S-1-5-21-3942731526-1549951770-3740554991-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3942731526-1549951770-3740554991-1000\...\StartupApproved\Run: => "AppEx Accelerator UI"
HKU\S-1-5-21-3942731526-1549951770-3740554991-1000\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{854F270D-F5AA-4725-A353-625E23E893D1}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Block) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [TCP Query User{0F6C7414-3DBF-4D62-B7A9-C9788B05FFB7}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Block) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [{2A3CB666-BA9D-429A-93EC-E4B26B4063B9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2DE380AB-AE1C-4F09-863D-95BC85DEA3D2}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{15C22D3D-9569-49AA-BA2B-D87BB5D00E7A}C:\program files\hp\hp photosmart 7510 series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp photosmart 7510 series\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{508F0897-B59E-464E-88AB-9CC815EC7E5E}C:\program files\hp\hp photosmart 7510 series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp photosmart 7510 series\bin\hpnetworkcommunicator.exe
FirewallRules: [{69788CE5-0324-4479-9D6E-3ED1C43F3A3A}] => (Block) C:\program files\hp\hp photosmart 7510 series\bin\hpnetworkcommunicator.exe
FirewallRules: [{0F8C931A-297A-4F33-AF86-A78B6E13873D}] => (Block) C:\program files\hp\hp photosmart 7510 series\bin\hpnetworkcommunicator.exe
FirewallRules: [TCP Query User{D770F4B0-6370-49C0-B469-9DBD6928B651}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{E6A61CED-D5B1-4AF1-96F1-2A3E7DFADE2F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{895A996C-C779-46D2-AD75-DBB3C70BD3B8}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{367FF8E2-94CF-4ABE-8BE6-945820E354CB}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{E417FE99-A3C9-4267-A578-5052F2188E52}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9309DCBE-AC86-4116-93A6-CEC8495815D1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3112EEB6-1BE4-4C81-9DB8-1F06477BAC60}] => (Allow) C:\Program Files\HP\HP Photosmart 7510 series\Bin\DeviceSetup.exe
FirewallRules: [{F3650C9C-7793-4115-AA31-E8CD1E4F2FED}] => (Allow) C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{554FC8CD-2F6F-4F56-B790-78EA607A4AF9}] => (Allow) C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{CC7BF960-9340-49DF-BA87-1F66125EEEE3}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Block) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [UDP Query User{3BCC8E98-75DD-49E7-B1C1-BED58A9D84D2}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Block) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [{987F5D3A-73A8-4998-91AA-2A58564F0AA4}] => (Allow) %systemroot%\system32\alg.exe

==================== Restore Points =========================

18-10-2017 00:36:55 Windows Update
27-10-2017 02:51:53 Scheduled Checkpoint
01-11-2017 22:55:55 Windows Modules Installer
05-11-2017 22:26:26 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/07/2017 08:35:00 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (11/06/2017 08:36:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mmc.exe, version: 10.0.16299.15, time stamp: 0x5098c662
Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x4736733c
Exception code: 0xe0434352
Fault offset: 0x0000000000013fb8
Faulting process id: 0x206c
Faulting application start time: 0x01d3570c858383a9
Faulting application path: C:\WINDOWS\system32\mmc.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 370573f4-b90f-4f25-8e86-84e314936182
Faulting package full name:
Faulting package-relative application ID:

Error: (11/06/2017 08:36:54 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: mmc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException
at Microsoft.ManagementConsole.Interop.IWaitDialog.CompleteRequest()
at Microsoft.ManagementConsole.Executive.WaitDialog.InnerCompleteDialog()
at Microsoft.ManagementConsole.Executive.WaitDialog.CompleteDialog()
at Microsoft.ManagementConsole.Executive.SnapInInitializationOperation.TerminateWaitDialog()
at Microsoft.ManagementConsole.Executive.Operation.OnThreadTransfer(Microsoft.ManagementConsole.Executive.SimpleOperationCallback)

Exception Info: System.Reflection.TargetInvocationException
at Microsoft.ManagementConsole.Executive.MmcThreadMessageWindow.OnThreadException(System.Exception)
at System.Windows.Forms.NativeWindow.Callback(IntPtr, Int32, IntPtr, IntPtr)

Error: (10/19/2017 09:41:37 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Disabled performance counter data collection from the "ASP.NET_2.0.50727" service because the performance counter library for that service has generated one or more errors. The errors that forced this action have been written to the application event log. Correct the errors before enabling the performance counters for this service.

Error: (10/19/2017 09:41:37 PM) (Source: Perflib) (EventID: 1021) (User: )
Description: Windows cannot open the 32-bit extensible counter DLL ASP.NET_2.0.50727 in a 64-bit environment. Contact the file vendor to obtain a 64-bit version. Alternatively, you can open the 32-bit extensible counter DLL by using the 32-bit version of Performance Monitor. To use this tool, open the Windows folder, open the Syswow64 folder, and then start Perfmon.exe.

Error: (10/17/2017 10:48:40 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (10/17/2017 10:41:09 PM) (Source: ESENT) (EventID: 455) (User: )
Description: mighost (3748,R,0) TILEREPOSITORYS-1-5-82-3006700770-424185619-1745488364-794895919-4004696415: Error -1023 (0xfffffc01) occurred while opening logfile C:\Users\DefaultAppPool\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (10/17/2017 10:40:27 PM) (Source: ESENT) (EventID: 455) (User: )
Description: mighost (4528,R,0) TILEREPOSITORYS-1-0-0: Error -1023 (0xfffffc01) occurred while opening logfile C:\Users\Default\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (10/17/2017 10:39:31 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (10/17/2017 10:39:30 PM) (Source: MSDTC 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A


System errors:
=============
Error: (11/07/2017 02:34:43 AM) (Source: APPHOSTSVC) (EventID: 9010) (User: )
Description: The Application Host Helper Service encountered an error trying to access the root history directory 'C:\inetpub\history'. The directory either doesn't exist or the permissions on it don't allow the history service to access it. The config history feature is disabled for now and will be re-enabled after the issue is resolved. To resolve this issue, please ensure that the directory exists and that the Administrators group have read and write access to it. The data field contains the error number.

Error: (11/07/2017 02:34:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The APXACC service failed to start due to the following error:
A device attached to the system is not functioning.

Error: (11/07/2017 02:34:40 AM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)

Error: (11/06/2017 08:06:23 AM) (Source: DCOM) (EventID: 10016) (User: GARY-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user Gary-PC\Gary SID (S-1-5-21-3942731526-1549951770-3740554991-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/05/2017 10:57:08 PM) (Source: DCOM) (EventID: 10016) (User: GARY-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Gary-PC\Gary SID (S-1-5-21-3942731526-1549951770-3740554991-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (11/05/2017 10:57:08 PM) (Source: DCOM) (EventID: 10016) (User: GARY-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Gary-PC\Gary SID (S-1-5-21-3942731526-1549951770-3740554991-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (11/05/2017 10:18:32 PM) (Source: DCOM) (EventID: 10010) (User: GARY-PC)
Description: The server {31337EC7-5767-11CF-BEAB-00AA006C3606} did not register with DCOM within the required timeout.

Error: (11/05/2017 10:14:27 PM) (Source: APPHOSTSVC) (EventID: 9010) (User: )
Description: The Application Host Helper Service encountered an error trying to access the root history directory 'C:\inetpub\history'. The directory either doesn't exist or the permissions on it don't allow the history service to access it. The config history feature is disabled for now and will be re-enabled after the issue is resolved. To resolve this issue, please ensure that the directory exists and that the Administrators group have read and write access to it. The data field contains the error number.

Error: (11/05/2017 10:14:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The APXACC service failed to start due to the following error:
A device attached to the system is not functioning.

Error: (11/05/2017 10:14:24 PM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)


CodeIntegrity:
===================================
Date: 2017-11-06 17:09:14.138
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-11-06 17:09:13.603
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-11-06 17:09:02.351
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-11-06 17:09:01.957
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-10-29 20:09:35.604
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-10-29 20:09:34.389
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-10-29 20:09:26.616
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-10-29 20:09:26.183
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-10-29 19:54:30.294
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-10-29 19:54:29.401
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: AMD A6-3400M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 42%
Total physical RAM: 5610.12 MB
Available physical RAM: 3234.22 MB
Total Virtual: 5994.12 MB
Available Virtual: 3506.27 MB

==================== Drives ================================

Drive c: (TI106164W0D) (Fixed) (Total:463.49 GB) (Free:414.07 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 81A4963E)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=463.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=818 MB) - (Type=27)

==================== End of Addition.txt =========================
 
Hi @Broni ! You are appreciated(y). Hope this is what you need. Tried to break them in half. Wife is in hospital, but will try to stay with you, and post what you request. I live in a retirement village where I help seniors with their printers and PCs for free; so I'm very interested in malware. I clean up seniors PC, but not as well as you do. I haven't had any training, but I have been able to clean up PCs here in my village good enough to get them working.;) I really appreciate your time and patience.
Gary!
 
It's very nice of you to help others :)
I wish your wife all the best :)
Leave RK history alone.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    3.2 KB · Views: 1
Hi! I may have messed up. I always save my down loads to "My downloads".
Here's what I got. Sorry if I messed up.
GroupPolicy: Restriction <==== ATTENTION
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll => No File
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll => No File
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll No File
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll No File
Toolbar: HKU\S-1-5-21-3942731526-1549951770-3740554991-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll No File
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll No File
U3 idsvc; no ImagePath
2015-12-10 20:08 - 2015-12-10 20:08 - 000000000 _____ () C:\Program Files\Microsoft Security Client
2015-12-10 20:08 - 2015-12-10 20:08 - 000000000 _____ () C:\Program Files (x86)\Common Files\AMD
2012-05-25 20:20 - 2016-07-02 18:03 - 000115211 ____H () C:\Users\Gary\AppData\Local\ars.cache
2012-05-25 20:21 - 2016-07-02 18:04 - 001313225 ____H () C:\Users\Gary\AppData\Local\census.cache
2012-05-25 20:09 - 2012-05-25 20:09 - 000000036 ____H () C:\Users\Gary\AppData\Local\housecall.guid.cache
2015-08-21 22:05 - 2016-01-03 17:11 - 000039535 ____H () C:\Users\Gary\AppData\Local\Perfmon.PerfmonCfg
2011-12-07 13:26 - 2017-10-19 19:16 - 000007591 ____H () C:\Users\Gary\AppData\Local\resmon.resmoncfg
2012-05-08 19:17 - 2012-05-08 19:17 - 000000057 _____ () C:\ProgramData\Ament.ini
2017-11-06 22:22 - 2017-09-29 07:41 - 001954048 _____ (Microsoft Corporation) C:\Users\Gary\AppData\Local\Temp\dllnt_dump.dll
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers6: [IconLayout] -> {19F500E0-9964-11cf-B63D-08002B317C03} => Layout.dll -> No File
Task: {1C27777A-A8B9-4473-8ED0-45B0BECB7B48} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {2C5C1AB8-3098-459B-A3C5-385541582A95} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3356A5AF-C6E8-49B9-BA6E-468D356D2AFD} - \DriverToolkit Autorun -> No File <==== ATTENTION
Task: {60F6761A-20D7-42A2-A179-036E67F2E537} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6981D3E8-4007-4E33-B32B-56DC2C7912A3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {6E637828-115F-49A1-9696-57B0531DFE2E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {6ECA8D7C-F53A-4858-9CD1-7331F6FE457C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7989C00E-9B31-4E6A-848E-69010C126337} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8572C731-EC9F-4003-BD75-65ACBCD11940} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {E11C9C11-FF79-4C0E-92A8-92772B08D684} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E4E7D6A4-B877-4DF4-B23F-98B27260D919} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {ECBC31B2-69B7-413A-AA53-01F493308882} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
 
You did messed up :)
You posted a content of my file.
Please re-read my previous reply.
 
Sorry! I think this is right!
Fix result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017
Ran by Gary (08-11-2017 20:24:00) Run:1
Running from C:\Users\Gary\Downloads
Loaded Profiles: Gary (Available Profiles: Gary & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
GroupPolicy: Restriction <==== ATTENTION
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll => No File
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll => No File
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll No File
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll No File
Toolbar: HKU\S-1-5-21-3942731526-1549951770-3740554991-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll No File
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll No File
U3 idsvc; no ImagePath
2015-12-10 20:08 - 2015-12-10 20:08 - 000000000 _____ () C:\Program Files\Microsoft Security Client
2015-12-10 20:08 - 2015-12-10 20:08 - 000000000 _____ () C:\Program Files (x86)\Common Files\AMD
2012-05-25 20:20 - 2016-07-02 18:03 - 000115211 ____H () C:\Users\Gary\AppData\Local\ars.cache
2012-05-25 20:21 - 2016-07-02 18:04 - 001313225 ____H () C:\Users\Gary\AppData\Local\census.cache
2012-05-25 20:09 - 2012-05-25 20:09 - 000000036 ____H () C:\Users\Gary\AppData\Local\housecall.guid.cache
2015-08-21 22:05 - 2016-01-03 17:11 - 000039535 ____H () C:\Users\Gary\AppData\Local\Perfmon.PerfmonCfg
2011-12-07 13:26 - 2017-10-19 19:16 - 000007591 ____H () C:\Users\Gary\AppData\Local\resmon.resmoncfg
2012-05-08 19:17 - 2012-05-08 19:17 - 000000057 _____ () C:\ProgramData\Ament.ini
2017-11-06 22:22 - 2017-09-29 07:41 - 001954048 _____ (Microsoft Corporation) C:\Users\Gary\AppData\Local\Temp\dllnt_dump.dll
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers6: [IconLayout] -> {19F500E0-9964-11cf-B63D-08002B317C03} => Layout.dll -> No File
Task: {1C27777A-A8B9-4473-8ED0-45B0BECB7B48} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {2C5C1AB8-3098-459B-A3C5-385541582A95} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3356A5AF-C6E8-49B9-BA6E-468D356D2AFD} - \DriverToolkit Autorun -> No File <==== ATTENTION
Task: {60F6761A-20D7-42A2-A179-036E67F2E537} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6981D3E8-4007-4E33-B32B-56DC2C7912A3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {6E637828-115F-49A1-9696-57B0531DFE2E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {6ECA8D7C-F53A-4858-9CD1-7331F6FE457C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7989C00E-9B31-4E6A-848E-69010C126337} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8572C731-EC9F-4003-BD75-65ACBCD11940} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {E11C9C11-FF79-4C0E-92A8-92772B08D684} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E4E7D6A4-B877-4DF4-B23F-98B27260D919} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {ECBC31B2-69B7-413A-AA53-01F493308882} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

*****************

C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7} => key removed successfully
HKLM\Software\Classes\CLSID\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7} => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{71576546-354D-41c9-AAE8-31F2EC22BF0D} => value removed successfully
HKLM\Software\Classes\CLSID\{71576546-354D-41c9-AAE8-31F2EC22BF0D} => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{71576546-354D-41c9-AAE8-31F2EC22BF0D} => value removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{71576546-354D-41c9-AAE8-31F2EC22BF0D} => key removed successfully
HKU\S-1-5-21-3942731526-1549951770-3740554991-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => value removed successfully
HKLM\Software\Classes\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => key not found.
HKLM\Software\Classes\PROTOCOLS\Handler\wot => key removed successfully
HKLM\Software\Classes\CLSID\{C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} => key removed successfully
HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully
idsvc => service removed successfully
C:\Program Files\Microsoft Security Client => FRST is scripted not to move this directory.
C:\Program Files (x86)\Common Files\AMD => moved successfully
C:\Users\Gary\AppData\Local\ars.cache => moved successfully
C:\Users\Gary\AppData\Local\census.cache => moved successfully
C:\Users\Gary\AppData\Local\housecall.guid.cache => moved successfully
C:\Users\Gary\AppData\Local\Perfmon.PerfmonCfg => moved successfully
C:\Users\Gary\AppData\Local\resmon.resmoncfg => moved successfully
C:\ProgramData\Ament.ini => moved successfully
C:\Users\Gary\AppData\Local\Temp\dllnt_dump.dll => moved successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => key removed successfully
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => key not found.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\IconLayout => key removed successfully
HKLM\Software\Classes\CLSID\{19F500E0-9964-11cf-B63D-08002B317C03} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C27777A-A8B9-4473-8ED0-45B0BECB7B48} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C27777A-A8B9-4473-8ED0-45B0BECB7B48} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2C5C1AB8-3098-459B-A3C5-385541582A95} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C5C1AB8-3098-459B-A3C5-385541582A95} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3356A5AF-C6E8-49B9-BA6E-468D356D2AFD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3356A5AF-C6E8-49B9-BA6E-468D356D2AFD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverToolkit Autorun => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{60F6761A-20D7-42A2-A179-036E67F2E537} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60F6761A-20D7-42A2-A179-036E67F2E537} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6981D3E8-4007-4E33-B32B-56DC2C7912A3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6981D3E8-4007-4E33-B32B-56DC2C7912A3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E637828-115F-49A1-9696-57B0531DFE2E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E637828-115F-49A1-9696-57B0531DFE2E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6ECA8D7C-F53A-4858-9CD1-7331F6FE457C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6ECA8D7C-F53A-4858-9CD1-7331F6FE457C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7989C00E-9B31-4E6A-848E-69010C126337} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7989C00E-9B31-4E6A-848E-69010C126337} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8572C731-EC9F-4003-BD75-65ACBCD11940} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8572C731-EC9F-4003-BD75-65ACBCD11940} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E11C9C11-FF79-4C0E-92A8-92772B08D684} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E11C9C11-FF79-4C0E-92A8-92772B08D684} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4E7D6A4-B877-4DF4-B23F-98B27260D919} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4E7D6A4-B877-4DF4-B23F-98B27260D919} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ECBC31B2-69B7-413A-AA53-01F493308882} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECBC31B2-69B7-413A-AA53-01F493308882} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully


The system needed a reboot.

==== End of Fixlog 20:24:22 ====
 
No worries :)

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Going to do these one at a time and hope I do it right!
Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 27.0.0.183
Google Chrome (61.0.3163.100)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
Windows Defender MSASCuiL.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 27-01-2016
Ran by Gary (administrator) on 08-11-2017 at 20:49:12
Running from "C:\Users\Gary\Desktop"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
Verbose logging started: 11/8/2017 21:01:20 Build type: SHIP UNICODE 5.00.10011.00 Calling process: C:\WINDOWS\SysWOW64\msiexec.exe ===
MSI (c) (A4:28) [21:01:20:214]: Font created. Charset: Req=0, Ret=0, Font: Req=MS Shell Dlg, Ret=MS Shell Dlg

MSI (c) (A4:28) [21:01:20:214]: Font created. Charset: Req=0, Ret=0, Font: Req=MS Shell Dlg, Ret=MS Shell Dlg

MSI (c) (A4:8C) [21:01:20:267]: Resetting cached policy values
MSI (c) (A4:8C) [21:01:20:267]: Machine policy value 'Debug' is 0
MSI (c) (A4:8C) [21:01:20:267]: ******* RunEngine:
******* Product: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\Sophos Virus Removal Tool.msi
******* Action:
******* CommandLine: **********
MSI (c) (A4:8C) [21:01:20:267]: Machine policy value 'DisableUserInstalls' is 0
MSI (c) (A4:8C) [21:01:20:936]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\Sophos Virus Removal Tool.msi' against software restriction policy
MSI (c) (A4:8C) [21:01:21:037]: SOFTWARE RESTRICTION POLICY: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\Sophos Virus Removal Tool.msi has a digital signature
MSI (c) (A4:8C) [21:01:24:978]: SOFTWARE RESTRICTION POLICY: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\Sophos Virus Removal Tool.msi is permitted to run at the 'unrestricted' authorization level.
MSI (c) (A4:8C) [21:01:26:026]: Cloaking enabled.
MSI (c) (A4:8C) [21:01:26:026]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (A4:8C) [21:01:26:127]: End dialog not enabled
MSI (c) (A4:8C) [21:01:26:180]: Original package ==> C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\Sophos Virus Removal Tool.msi
MSI (c) (A4:8C) [21:01:26:180]: Package we're running from ==> C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\Sophos Virus Removal Tool.msi
MSI (c) (A4:8C) [21:01:26:480]: APPCOMPAT: Compatibility mode property overrides found.
MSI (c) (A4:8C) [21:01:26:627]: APPCOMPAT: looking for appcompat database entry with ProductCode '{B829E117-D072-41EA-9606-9826A38D34C1}'.
MSI (c) (A4:8C) [21:01:26:749]: APPCOMPAT: no matching ProductCode found in database.
MSI (c) (A4:8C) [21:01:27:250]: MSCOREE not loaded loading copy from system32
MSI (c) (A4:8C) [21:01:28:649]: Machine policy value 'TransformsSecure' is 0
MSI (c) (A4:8C) [21:01:28:649]: User policy value 'TransformsAtSource' is 0
MSI (c) (A4:8C) [21:01:28:771]: Machine policy value 'DisablePatch' is 0
MSI (c) (A4:8C) [21:01:28:771]: Machine policy value 'AllowLockdownPatch' is 0
MSI (c) (A4:8C) [21:01:28:771]: Machine policy value 'DisableMsi' is 0
MSI (c) (A4:8C) [21:01:28:771]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (c) (A4:8C) [21:01:28:771]: User policy value 'AlwaysInstallElevated' is 0
MSI (c) (A4:8C) [21:01:28:771]: Running product '{B829E117-D072-41EA-9606-9826A38D34C1}' with user privileges: It's not assigned.
MSI (c) (A4:8C) [21:01:28:771]: Machine policy value 'DisableLUAPatching' is 0
MSI (c) (A4:8C) [21:01:28:771]: Machine policy value 'DisableFlyWeightPatching' is 0
MSI (c) (A4:8C) [21:01:28:802]: Enabling baseline caching for this transaction since all active patches are MSI 3.0 style MSPs or at least one MSI 3.0 minor update patch is active
MSI (c) (A4:8C) [21:01:28:889]: APPCOMPAT: looking for appcompat database entry with ProductCode '{B829E117-D072-41EA-9606-9826A38D34C1}'.
MSI (c) (A4:8C) [21:01:28:889]: APPCOMPAT: no matching ProductCode found in database.
MSI (c) (A4:8C) [21:01:28:889]: Transforms are not secure.
MSI (c) (A4:8C) [21:01:28:889]: PROPERTY CHANGE: Adding MsiLogFileLocation property. Its value is 'C:\Users\Gary\AppData\Local\Temp\MSI70cf.LOG'.
MSI (c) (A4:8C) [21:01:28:889]: Command Line: CURRENTDIRECTORY=C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir CLIENTUILEVEL=0 CLIENTPROCESSID=1188
MSI (c) (A4:8C) [21:01:28:889]: PROPERTY CHANGE: Adding PackageCode property. Its value is '{301F9BA2-812F-434E-9975-D8DE90C67CBE}'.
MSI (c) (A4:8C) [21:01:28:889]: Product Code passed to Engine.Initialize: ''
MSI (c) (A4:8C) [21:01:28:889]: Product Code from property table before transforms: '{B829E117-D072-41EA-9606-9826A38D34C1}'
MSI (c) (A4:8C) [21:01:28:889]: Product Code from property table after transforms: '{B829E117-D072-41EA-9606-9826A38D34C1}'
MSI (c) (A4:8C) [21:01:28:889]: Product not registered: beginning first-time install
MSI (c) (A4:8C) [21:01:28:889]: PROPERTY CHANGE: Adding ProductState property. Its value is '-1'.
MSI (c) (A4:8C) [21:01:28:889]: Entering CMsiConfigurationManager::SetLastUsedSource.
MSI (c) (A4:8C) [21:01:28:889]: User policy value 'SearchOrder' is 'nmu'
MSI (c) (A4:8C) [21:01:28:973]: Adding new sources is allowed.
MSI (c) (A4:8C) [21:01:28:973]: PROPERTY CHANGE: Adding PackagecodeChanging property. Its value is '1'.
MSI (c) (A4:8C) [21:01:28:973]: Package name extracted from package path: 'Sophos Virus Removal Tool.msi'
MSI (c) (A4:8C) [21:01:28:973]: Package to be registered: 'Sophos Virus Removal Tool.msi'
MSI (c) (A4:8C) [21:01:28:973]: Note: 1: 2262 2: AdminProperties 3: -2147287038
MSI (c) (A4:8C) [21:01:28:973]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (c) (A4:8C) [21:01:28:973]: User policy value 'AlwaysInstallElevated' is 0
MSI (c) (A4:8C) [21:01:28:973]: Running product '{B829E117-D072-41EA-9606-9826A38D34C1}' with user privileges: It's not assigned.
MSI (c) (A4:8C) [21:01:28:973]: PROPERTY CHANGE: Adding CURRENTDIRECTORY property. Its value is 'C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir'.
MSI (c) (A4:8C) [21:01:28:973]: PROPERTY CHANGE: Adding CLIENTUILEVEL property. Its value is '0'.
MSI (c) (A4:8C) [21:01:28:973]: PROPERTY CHANGE: Adding CLIENTPROCESSID property. Its value is '1188'.
MSI (c) (A4:8C) [21:01:29:090]: PROPERTY CHANGE: Adding MsiSystemRebootPending property. Its value is '1'.
MSI (c) (A4:8C) [21:01:29:090]: TRANSFORMS property is now:
MSI (c) (A4:8C) [21:01:29:090]: PROPERTY CHANGE: Adding VersionDatabase property. Its value is '200'.
MSI (c) (A4:8C) [21:01:29:090]: SHELL32::SHGetFolderPath returned: C:\Users\Gary\AppData\Roaming
MSI (c) (A4:8C) [21:01:29:106]: SHELL32::SHGetFolderPath returned: C:\Users\Gary\Favorites
MSI (c) (A4:8C) [21:01:29:106]: SHELL32::SHGetFolderPath returned: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Network Shortcuts
MSI (c) (A4:8C) [21:01:29:106]: SHELL32::SHGetFolderPath returned: C:\Users\Gary\Documents
MSI (c) (A4:8C) [21:01:29:106]: SHELL32::SHGetFolderPath returned: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
MSI (c) (A4:8C) [21:01:29:106]: SHELL32::SHGetFolderPath returned: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Recent
MSI (c) (A4:8C) [21:01:29:106]: SHELL32::SHGetFolderPath returned: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\SendTo
MSI (c) (A4:8C) [21:01:29:106]: SHELL32::SHGetFolderPath returned: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Templates
MSI (c) (A4:8C) [21:01:29:122]: SHELL32::SHGetFolderPath returned: C:\ProgramData
MSI (c) (A4:8C) [21:01:29:122]: SHELL32::SHGetFolderPath returned: C:\Users\Gary\AppData\Local
MSI (c) (A4:8C) [21:01:29:122]: SHELL32::SHGetFolderPath returned: C:\Users\Gary\Pictures
MSI (c) (A4:8C) [21:01:29:122]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
MSI (c) (A4:8C) [21:01:29:122]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
MSI (c) (A4:8C) [21:01:29:122]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
MSI (c) (A4:8C) [21:01:29:122]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu
MSI (c) (A4:8C) [21:01:29:122]: SHELL32::SHGetFolderPath returned: C:\Users\Public\Desktop
MSI (c) (A4:8C) [21:01:29:122]: SHELL32::SHGetFolderPath returned: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
MSI (c) (A4:8C) [21:01:29:122]: SHELL32::SHGetFolderPath returned: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MSI (c) (A4:8C) [21:01:29:122]: SHELL32::SHGetFolderPath returned: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
MSI (c) (A4:8C) [21:01:29:122]: SHELL32::SHGetFolderPath returned: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu
MSI (c) (A4:8C) [21:01:29:122]: SHELL32::SHGetFolderPath returned: C:\Users\Gary\Desktop
MSI (c) (A4:8C) [21:01:29:122]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Templates
MSI (c) (A4:8C) [21:01:29:122]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\Fonts
MSI (c) (A4:8C) [21:01:29:137]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans Serif 4: 0 5: 20
MSI (c) (A4:8C) [21:01:29:159]: MSI_LUA: Setting AdminUser property to 1 because this is the client or the user has already permitted elevation
MSI (c) (A4:8C) [21:01:29:159]: PROPERTY CHANGE: Adding AdminUser property. Its value is '1'.
MSI (c) (A4:8C) [21:01:29:159]: PROPERTY CHANGE: Adding Privileged property. Its value is '1'.
MSI (c) (A4:8C) [21:01:29:159]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (c) (A4:8C) [21:01:29:159]: PROPERTY CHANGE: Adding USERNAME property. Its value is 'Gary'.
MSI (c) (A4:8C) [21:01:29:159]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (c) (A4:8C) [21:01:29:159]: PROPERTY CHANGE: Adding COMPANYNAME property. Its value is 'Toshiba'.
MSI (c) (A4:8C) [21:01:29:159]: PROPERTY CHANGE: Adding DATABASE property. Its value is 'C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\Sophos Virus Removal Tool.msi'.
MSI (c) (A4:8C) [21:01:29:159]: PROPERTY CHANGE: Adding OriginalDatabase property. Its value is 'C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\Sophos Virus Removal Tool.msi'.
MSI (c) (A4:8C) [21:01:29:159]: Machine policy value 'MsiDisableEmbeddedUI' is 0
MSI (c) (A4:8C) [21:01:29:159]: PROPERTY CHANGE: Adding SourceDir property. Its value is 'C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\'.
MSI (c) (A4:8C) [21:01:29:159]: PROPERTY CHANGE: Adding SOURCEDIR property. Its value is 'C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\'.
MSI (c) (A4:28) [21:01:29:359]: PROPERTY CHANGE: Adding VersionHandler property. Its value is '5.00'.
=== Logging started: 11/8/2017 21:01:29 ===
MSI (c) (A4:8C) [21:01:29:491]: Note: 1: 2205 2: 3: PatchPackage
MSI (c) (A4:8C) [21:01:29:491]: Machine policy value 'DisableRollback' is 0
MSI (c) (A4:8C) [21:01:29:491]: User policy value 'DisableRollback' is 0
MSI (c) (A4:8C) [21:01:29:491]: PROPERTY CHANGE: Adding UILevel property. Its value is '5'.
MSI (c) (A4:8C) [21:01:29:690]: Note: 1: 2203 2: C:\WINDOWS\Installer\inprogressinstallinfo.ipi 3: -2147287038
MSI (c) (A4:8C) [21:01:29:690]: APPCOMPAT: [DetectVersionLaunchCondition] Launch condition already passes.
MSI (c) (A4:8C) [21:01:29:961]: PROPERTY CHANGE: Adding ACTION property. Its value is 'INSTALL'.
MSI (c) (A4:8C) [21:01:29:961]: Doing action: INSTALL
Action 21:01:29: INSTALL.
Action start 21:01:29: INSTALL.
MSI (c) (A4:8C) [21:01:30:023]: UI Sequence table 'InstallUISequence' is present and populated.
MSI (c) (A4:8C) [21:01:30:023]: Running UISequence
MSI (c) (A4:8C) [21:01:30:023]: PROPERTY CHANGE: Adding EXECUTEACTION property. Its value is 'INSTALL'.
MSI (c) (A4:8C) [21:01:30:023]: Doing action: AppSearch
Action 21:01:30: AppSearch. Searching for installed applications
Action start 21:01:30: AppSearch.
MSI (c) (A4:8C) [21:01:30:039]: Note: 1: 2205 2: 3: AppSearch
MSI (c) (A4:8C) [21:01:30:039]: Note: 1: 2228 2: 3: AppSearch 4: SELECT `Property`, `Signature_` FROM `AppSearch`
Action ended 21:01:30: AppSearch. Return value 0.
MSI (c) (A4:8C) [21:01:30:054]: Doing action: LaunchConditions
Action 21:01:30: LaunchConditions. Evaluating launch conditions
Action start 21:01:30: LaunchConditions.
Action ended 21:01:30: LaunchConditions. Return value 1.
MSI (c) (A4:8C) [21:01:30:055]: Doing action: SetupInitialization
Action 21:01:30: SetupInitialization.
Action start 21:01:30: SetupInitialization.
MSI (c) (A4:8C) [21:01:30:061]: Note: 1: 2235 2: 3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'SetupInitialization'
Info 2898.For Tahoma8 textstyle, the system created a 'Tahoma' font, in 0 character set.
Info 2898.For TahomaBold10 textstyle, the system created a 'Tahoma' font, in 0 character set.
Action 21:01:30: SetupInitialization. Dialog created
Action ended 21:01:30: SetupInitialization. Return value 1.
MSI (c) (A4:8C) [21:01:30:627]: Doing action: FindRelatedProducts
Action 21:01:30: FindRelatedProducts. Searching for related applications
Action start 21:01:30: FindRelatedProducts.
MSI (c) (A4:8C) [21:01:30:627]: Note: 1: 2205 2: 3: Upgrade
MSI (c) (A4:8C) [21:01:30:627]: Note: 1: 2228 2: 3: Upgrade 4: SELECT `UpgradeCode`,`VersionMin`,`VersionMax`,`Language`,`Attributes`,`ActionProperty` FROM `Upgrade`
Action ended 21:01:30: FindRelatedProducts. Return value 0.
MSI (c) (A4:8C) [21:01:30:627]: Skipping action: CCPSearch (condition is false)
MSI (c) (A4:8C) [21:01:30:627]: Skipping action: RMCCPSearch (condition is false)
MSI (c) (A4:8C) [21:01:30:627]: Doing action: ValidateProductID
Action 21:01:30: ValidateProductID.
Action start 21:01:30: ValidateProductID.
Action ended 21:01:30: ValidateProductID. Return value 1.
MSI (c) (A4:8C) [21:01:30:627]: Doing action: CostInitialize
Action 21:01:30: CostInitialize. Computing space requirements
Action start 21:01:30: CostInitialize.
MSI (c) (A4:8C) [21:01:30:660]: Machine policy value 'MaxPatchCacheSize' is 10
MSI (c) (A4:8C) [21:01:30:660]: Baseline: Sorting baselines for {B829E117-D072-41EA-9606-9826A38D34C1}.
MSI (c) (A4:8C) [21:01:30:660]: Baseline: New baseline 2.6.1 from transaction.
MSI (c) (A4:8C) [21:01:30:711]: Baseline: Sorted order Native: Order 0.
MSI (c) (A4:8C) [21:01:30:711]: Baseline Data Table:
MSI (c) (A4:8C) [21:01:30:711]: ProductCode: {B829E117-D072-41EA-9606-9826A38D34C1} Version: 2.6.1 Attributes: 0 PatchId: Native BaselineId: -2147483648 Order: 0
MSI (c) (A4:8C) [21:01:30:711]: Baseline File Table:
MSI (c) (A4:8C) [21:01:30:711]: PROPERTY CHANGE: Adding ROOTDRIVE property. Its value is 'C:\'.
MSI (c) (A4:8C) [21:01:30:711]: PROPERTY CHANGE: Adding CostingComplete property. Its value is '0'.
Action ended 21:01:30: CostInitialize. Return value 1.
MSI (c) (A4:8C) [21:01:30:711]: Doing action: FileCost
Action 21:01:30: FileCost. Computing space requirements
Action start 21:01:30: FileCost.
MSI (c) (A4:8C) [21:01:30:711]: Note: 1: 2205 2: 3: MsiAssembly
MSI (c) (A4:8C) [21:01:30:711]: Note: 1: 2205 2: 3: Class
MSI (c) (A4:8C) [21:01:30:711]: Note: 1: 2205 2: 3: Extension
MSI (c) (A4:8C) [21:01:30:711]: Note: 1: 2205 2: 3: TypeLib
Action ended 21:01:30: FileCost. Return value 1.
MSI (c) (A4:8C) [21:01:30:711]: Doing action: IsolateComponents
Action 21:01:30: IsolateComponents.
Action start 21:01:30: IsolateComponents.
Action ended 21:01:30: IsolateComponents. Return value 0.
MSI (c) (A4:8C) [21:01:30:711]: Doing action: setUserProfileNT
Action 21:01:30: setUserProfileNT.
Action start 21:01:30: setUserProfileNT.
MSI (c) (A4:8C) [21:01:30:711]: Note: 1: 2235 2: 3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'setUserProfileNT'
MSI (c) (A4:8C) [21:01:30:711]: PROPERTY CHANGE: Adding USERPROFILE property. Its value is 'C:\Users\Gary'.
Action ended 21:01:30: setUserProfileNT. Return value 1.
MSI (c) (A4:8C) [21:01:30:711]: Skipping action: SetAllUsersProfileNT (condition is false)
MSI (c) (A4:8C) [21:01:30:711]: Doing action: setAllUsersProfile2K
Action 21:01:30: setAllUsersProfile2K.
Action start 21:01:30: setAllUsersProfile2K.
MSI (c) (A4:8C) [21:01:30:727]: Note: 1: 2235 2: 3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'setAllUsersProfile2K'
MSI (c) (A4:8C) [21:01:30:727]: PROPERTY CHANGE: Adding ALLUSERSPROFILE property. Its value is 'C:\ProgramData'.
Action ended 21:01:30: setAllUsersProfile2K. Return value 1.
MSI (c) (A4:8C) [21:01:30:727]: Doing action: ResolveSource
Action 21:01:30: ResolveSource.
Action start 21:01:30: ResolveSource.
MSI (c) (A4:8C) [21:01:30:727]: Resolving source.
MSI (c) (A4:8C) [21:01:30:727]: Resolving source to launched-from source.
MSI (c) (A4:8C) [21:01:30:727]: Setting launched-from source as last-used.
MSI (c) (A4:8C) [21:01:30:727]: PROPERTY CHANGE: Adding SourcedirProduct property. Its value is '{B829E117-D072-41EA-9606-9826A38D34C1}'.
MSI (c) (A4:8C) [21:01:30:727]: SOURCEDIR ==> C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\
MSI (c) (A4:8C) [21:01:30:727]: SOURCEDIR product ==> {B829E117-D072-41EA-9606-9826A38D34C1}
MSI (c) (A4:8C) [21:01:30:727]: Determining source type
MSI (c) (A4:8C) [21:01:30:727]: Source type from package 'Sophos Virus Removal Tool.msi': 0
MSI (c) (A4:8C) [21:01:30:727]: Source path resolution complete. Dumping Directory table...
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: TARGETDIR , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\ , LongSubPath: , ShortSubPath:
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: sophos_1_sophos_cleanup_tool1 , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\ , LongSubPath: , ShortSubPath:
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: sophos_1_sophos_plc1 , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\ , LongSubPath: , ShortSubPath:
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: WindowsVolume , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\WinRoot\ , LongSubPath: WinRoot\ , ShortSubPath:
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: WindowsFolder , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\Windows\ , LongSubPath: Windows\ , ShortSubPath:
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: USERPROFILE , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\UserProfile\ , LongSubPath: UserProfile\ , ShortSubPath: USERPR~1\
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: TemplateFolder , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\ShellNew\ , LongSubPath: ShellNew\ , ShortSubPath:
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: TempFolder , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\Temp\ , LongSubPath: Temp\ , ShortSubPath:
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: SystemFolder , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\System32\ , LongSubPath: System32\ , ShortSubPath:
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: System64Folder , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\System64\ , LongSubPath: System64\ , ShortSubPath:
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: System16Folder , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\System\ , LongSubPath: System\ , ShortSubPath:
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: StartupFolder , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\StartUp\ , LongSubPath: StartUp\ , ShortSubPath:
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: StartMenuFolder , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\Start Menu\ , LongSubPath: Start Menu\ , ShortSubPath: STARTM~1\
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: SendToFolder , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\SendTo\ , LongSubPath: SendTo\ , ShortSubPath:
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: ProgramMenuFolder , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\Programs\ , LongSubPath: Programs\ , ShortSubPath:
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: sophos_1_sophos_plc , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\Programs\Sophos\ , LongSubPath: Programs\Sophos\ , ShortSubPath:
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: sophos_1_sophos_cleanup_tool , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\Programs\Sophos\Sophos Virus Removal Tool\ , LongSubPath: Programs\Sophos\Sophos Virus Removal Tool\ , ShortSubPath: Programs\Sophos\SOPHOS~1\
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: ProgramFiles64Folder , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\Program Files 64\ , LongSubPath: Program Files 64\ , ShortSubPath: Prog64~1\
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: PrimaryVolumePath , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\PrimaryVolumePath\ , LongSubPath: PrimaryVolumePath\ , ShortSubPath: Primar~1\
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: PersonalFolder , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\Personal\ , LongSubPath: Personal\ , ShortSubPath:
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: MyPicturesFolder , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\MyPictures\ , LongSubPath: MyPictures\ , ShortSubPath: MyPict~1\
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: LocalAppDataFolder , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\LocalAppData\ , LongSubPath: LocalAppData\ , ShortSubPath: LocalA~1\
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: GlobalAssemblyCache , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\GlobalAssemblyCache\ , LongSubPath: GlobalAssemblyCache\ , ShortSubPath: Global~1\
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: FontsFolder , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\Fonts\ , LongSubPath: Fonts\ , ShortSubPath:
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: FavoritesFolder , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\Favorites\ , LongSubPath: Favorites\ , ShortSubPath: FAVORI~1\
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: DesktopFolder , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\Desktop\ , LongSubPath: Desktop\ , ShortSubPath:
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: ProgramFilesFolder , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\program files\ , LongSubPath: program files\ , ShortSubPath: PROGRA~1\
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: ISMyCompanyDir , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\program files\My Company Name\ , LongSubPath: program files\My Company Name\ , ShortSubPath: PROGRA~1\MYCOMP~1\
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: ISMyProductDir , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\program files\My Company Name\My Product Name\ , LongSubPath: program files\My Company Name\My Product Name\ , ShortSubPath: PROGRA~1\MYCOMP~1\MYPROD~1\
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: SOPHOS_PLC , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\program files\Sophos\ , LongSubPath: program files\Sophos\ , ShortSubPath: PROGRA~1\Sophos\
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: MY_PRODUCT_NAME , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\program files\Sophos\Sophos Virus Removal Tool\ , LongSubPath: program files\Sophos\Sophos Virus Removal Tool\ , ShortSubPath: PROGRA~1\Sophos\SOPHOS~1\
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: INSTALLDIR , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\program files\Sophos\Sophos Virus Removal Tool\ , LongSubPath: program files\Sophos\Sophos Virus Removal Tool\ , ShortSubPath: PROGRA~1\Sophos\SOPHOS~1\
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: SKMSCAN , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\program files\Sophos\Sophos Virus Removal Tool\skmscan\ , LongSubPath: program files\Sophos\Sophos Virus Removal Tool\skmscan\ , ShortSubPath: PROGRA~1\Sophos\SOPHOS~1\skmscan\
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: SCTBootDriver , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\program files\Sophos\Sophos Virus Removal Tool\SCTBootDriver\ , LongSubPath: program files\Sophos\Sophos Virus Removal Tool\SCTBootDriver\ , ShortSubPath: PROGRA~1\Sophos\SOPHOS~1\SCTBOO~1\
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: IDEFOLDER , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\program files\Sophos\Sophos Virus Removal Tool\data\ , LongSubPath: program files\Sophos\Sophos Virus Removal Tool\data\ , ShortSubPath: PROGRA~1\Sophos\SOPHOS~1\data\
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: ENGINE , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\program files\Sophos\Sophos Virus Removal Tool\engine\ , LongSubPath: program files\Sophos\Sophos Virus Removal Tool\engine\ , ShortSubPath: PROGRA~1\Sophos\SOPHOS~1\engine\
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: ISYourDataBaseDir , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\program files\Sophos\Sophos Virus Removal Tool\Database\ , LongSubPath: program files\Sophos\Sophos Virus Removal Tool\Database\ , ShortSubPath: PROGRA~1\Sophos\SOPHOS~1\Database\
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: DATABASEDIR , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\program files\Sophos\Sophos Virus Removal Tool\Database\ , LongSubPath: program files\Sophos\Sophos Virus Removal Tool\Database\ , ShortSubPath: PROGRA~1\Sophos\SOPHOS~1\Database\
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: CommonFilesFolder , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\Common\ , LongSubPath: Common\ , ShortSubPath:
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: ISCommonFilesFolder , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\Common\InstallShield\ , LongSubPath: Common\InstallShield\ , ShortSubPath: Common\Instal~1\
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: ISUpdateServiceFolder , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\Common\InstallShield\UpdateService\ , LongSubPath: Common\InstallShield\UpdateService\ , ShortSubPath: Common\Instal~1\UPDATE~1\
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: CommonFiles64Folder , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\Common64\ , LongSubPath: Common64\ , ShortSubPath:
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: CommonAppDataFolder , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\CommonAppData\ , LongSubPath: CommonAppData\ , ShortSubPath: Common~1\
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: CommonAppSophos , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\CommonAppData\Sophos\ , LongSubPath: CommonAppData\Sophos\ , ShortSubPath: Common~1\Sophos\
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: CommonAppSVRT , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\CommonAppData\Sophos\Sophos Virus Removal Tool\ , LongSubPath: CommonAppData\Sophos\Sophos Virus Removal Tool\ , ShortSubPath: Common~1\Sophos\SOPHOS~1\
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: LocalRepDir , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\CommonAppData\Sophos\Sophos Virus Removal Tool\LocalRep\ , LongSubPath: CommonAppData\Sophos\Sophos Virus Removal Tool\LocalRep\ , ShortSubPath: Common~1\Sophos\SOPHOS~1\LocalRep\
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: AppDataFolder , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\Application Data\ , LongSubPath: Application Data\ , ShortSubPath: APPLIC~1\
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: AdminToolsFolder , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\AdminTools\ , LongSubPath: AdminTools\ , ShortSubPath: Admint~1\
MSI (c) (A4:8C) [21:01:30:727]: Dir (source): Key: ALLUSERSPROFILE , Object: C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\All Users\ , LongSubPath: All Users\ , ShortSubPath: ALLUSE~1\
Action ended 21:01:30: ResolveSource. Return value 1.
MSI (c) (A4:8C) [21:01:30:727]: Doing action: CostFinalize
Action 21:01:30: CostFinalize. Computing space requirements
Action start 21:01:30: CostFinalize.
MSI (c) (A4:8C) [21:01:30:780]: PROPERTY CHANGE: Adding OutOfDiskSpace property. Its value is '0'.
MSI (c) (A4:8C) [21:01:30:780]: PROPERTY CHANGE: Adding OutOfNoRbDiskSpace property. Its value is '0'.
MSI (c) (A4:8C) [21:01:30:780]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceAvailable property. Its value is '0'.
MSI (c) (A4:8C) [21:01:30:780]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRequired property. Its value is '0'.
MSI (c) (A4:8C) [21:01:30:780]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRemaining property. Its value is '0'.
MSI (c) (A4:8C) [21:01:30:780]: Note: 1: 2205 2: 3: Patch
MSI (c) (A4:8C) [21:01:30:811]: PROPERTY CHANGE: Adding TARGETDIR property. Its value is 'C:\'.
MSI (c) (A4:8C) [21:01:30:811]: PROPERTY CHANGE: Modifying USERPROFILE property. Its current value is 'C:\Users\Gary'. Its new value: 'C:\Users\Gary\'.
MSI (c) (A4:8C) [21:01:30:811]: WIN64DUALFOLDERS: 'C:\WINDOWS\SysWOW64\' will substitute 20 characters in 'C:\WINDOWS\system32\' folder path. (mask argument = 0, the folder pair's iSwapAttrib member = 1).
MSI (c) (A4:8C) [21:01:30:811]: PROPERTY CHANGE: Modifying System64Folder property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'C:\WINDOWS\SysWOW64\'.
MSI (c) (A4:8C) [21:01:30:827]: PROPERTY CHANGE: Adding System16Folder property. Its value is 'C:\'.
MSI (c) (A4:8C) [21:01:30:827]: PROPERTY CHANGE: Adding sophos_1_sophos_plc property. Its value is 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos\'.
MSI (c) (A4:8C) [21:01:30:827]: PROPERTY CHANGE: Adding sophos_1_sophos_cleanup_tool property. Its value is 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos\Sophos Virus Removal Tool\'.
MSI (c) (A4:8C) [21:01:30:827]: WIN64DUALFOLDERS: 'C:\Program Files (x86)\' will substitute 17 characters in 'C:\Program Files\' folder path. (mask argument = 0, the folder pair's iSwapAttrib member = 0).
MSI (c) (A4:8C) [21:01:30:827]: PROPERTY CHANGE: Modifying ProgramFiles64Folder property. Its current value is 'C:\Program Files\'. Its new value: 'C:\Program Files (x86)\'.
MSI (c) (A4:8C) [21:01:30:827]: PROPERTY CHANGE: Adding PrimaryVolumePath property. Its value is 'C:\'.
MSI (c) (A4:8C) [21:01:30:827]: PROPERTY CHANGE: Adding GlobalAssemblyCache property. Its value is 'C:\'.
MSI (c) (A4:8C) [21:01:30:827]: PROPERTY CHANGE: Adding ISMyCompanyDir property. Its value is 'C:\Program Files (x86)\My Company Name\'.
MSI (c) (A4:8C) [21:01:30:827]: PROPERTY CHANGE: Adding ISMyProductDir property. Its value is 'C:\Program Files (x86)\My Company Name\My Product Name\'.
MSI (c) (A4:8C) [21:01:30:827]: PROPERTY CHANGE: Adding SOPHOS_PLC property. Its value is 'C:\Program Files (x86)\Sophos\'.
MSI (c) (A4:8C) [21:01:30:827]: PROPERTY CHANGE: Adding MY_PRODUCT_NAME property. Its value is 'C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\'.
MSI (c) (A4:8C) [21:01:30:827]: PROPERTY CHANGE: Adding INSTALLDIR property. Its value is 'C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\'.
MSI (c) (A4:8C) [21:01:30:827]: PROPERTY CHANGE: Adding SKMSCAN property. Its value is 'C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\skmscan\'.
MSI (c) (A4:8C) [21:01:30:827]: PROPERTY CHANGE: Adding SCTBootDriver property. Its value is 'C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SCTBootDriver\'.
MSI (c) (A4:8C) [21:01:30:827]: PROPERTY CHANGE: Adding IDEFOLDER property. Its value is 'C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\data\'.
MSI (c) (A4:8C) [21:01:30:827]: PROPERTY CHANGE: Adding ENGINE property. Its value is 'C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\engine\'.
MSI (c) (A4:8C) [21:01:30:827]: PROPERTY CHANGE: Adding ISYourDataBaseDir property. Its value is 'C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\Database\'.
MSI (c) (A4:8C) [21:01:30:827]: PROPERTY CHANGE: Adding DATABASEDIR property. Its value is 'C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\Database\'.
MSI (c) (A4:8C) [21:01:30:827]: PROPERTY CHANGE: Adding ISCommonFilesFolder property. Its value is 'C:\Program Files (x86)\Common Files\InstallShield\'.
MSI (c) (A4:8C) [21:01:30:827]: PROPERTY CHANGE: Adding ISUpdateServiceFolder property. Its value is 'C:\Program Files (x86)\Common Files\InstallShield\UpdateService\'.
MSI (c) (A4:8C) [21:01:30:827]: WIN64DUALFOLDERS: 'C:\Program Files (x86)\' will substitute 17 characters in 'C:\Program Files\Common Files\' folder path. (mask argument = 0, the folder pair's iSwapAttrib member = 0).
MSI (c) (A4:8C) [21:01:30:827]: PROPERTY CHANGE: Modifying CommonFiles64Folder property. Its current value is 'C:\Program Files\Common Files\'. Its new value: 'C:\Program Files (x86)\Common Files\'.
MSI (c) (A4:8C) [21:01:30:827]: PROPERTY CHANGE: Adding CommonAppSophos property. Its value is 'C:\ProgramData\Sophos\'.
MSI (c) (A4:8C) [21:01:30:827]: PROPERTY CHANGE: Adding CommonAppSVRT property. Its value is 'C:\ProgramData\Sophos\Sophos Virus Removal Tool\'.
MSI (c) (A4:8C) [21:01:30:827]: PROPERTY CHANGE: Adding LocalRepDir property. Its value is 'C:\ProgramData\Sophos\Sophos Virus Removal Tool\LocalRep\'.
MSI (c) (A4:8C) [21:01:30:827]: PROPERTY CHANGE: Modifying ALLUSERSPROFILE property. Its current value is 'C:\ProgramData'. Its new value: 'C:\ProgramData\'.
MSI (c) (A4:8C) [21:01:30:827]: Target path resolution complete. Dumping Directory table...
MSI (c) (A4:8C) [21:01:30:827]: Note: target paths subject to change (via custom actions or browsing)
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: TARGETDIR , Object: C:\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: sophos_1_sophos_cleanup_tool1 , Object: NULL
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: sophos_1_sophos_plc1 , Object: NULL
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: WindowsVolume , Object: C:\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: WindowsFolder , Object: C:\WINDOWS\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: USERPROFILE , Object: C:\Users\Gary\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: TemplateFolder , Object: C:\ProgramData\Microsoft\Windows\Templates\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: TempFolder , Object: C:\Users\Gary\AppData\Local\Temp\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: SystemFolder , Object: C:\WINDOWS\SysWOW64\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: System64Folder , Object: C:\WINDOWS\SysWOW64\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: System16Folder , Object: C:\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: StartupFolder , Object: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: StartMenuFolder , Object: C:\ProgramData\Microsoft\Windows\Start Menu\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: SendToFolder , Object: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\SendTo\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: ProgramMenuFolder , Object: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: sophos_1_sophos_plc , Object: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: sophos_1_sophos_cleanup_tool , Object: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos\Sophos Virus Removal Tool\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: ProgramFiles64Folder , Object: C:\Program Files (x86)\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: PrimaryVolumePath , Object: C:\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: PersonalFolder , Object: C:\Users\Gary\Documents\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: MyPicturesFolder , Object: C:\Users\Gary\Pictures\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: LocalAppDataFolder , Object: C:\Users\Gary\AppData\Local\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: GlobalAssemblyCache , Object: C:\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: FontsFolder , Object: C:\WINDOWS\Fonts\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: FavoritesFolder , Object: C:\Users\Gary\Favorites\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: DesktopFolder , Object: C:\Users\Public\Desktop\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: ProgramFilesFolder , Object: C:\Program Files (x86)\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: ISMyCompanyDir , Object: C:\Program Files (x86)\My Company Name\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: ISMyProductDir , Object: C:\Program Files (x86)\My Company Name\My Product Name\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: SOPHOS_PLC , Object: C:\Program Files (x86)\Sophos\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: MY_PRODUCT_NAME , Object: C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: INSTALLDIR , Object: C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: SKMSCAN , Object: C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\skmscan\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: SCTBootDriver , Object: C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SCTBootDriver\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: IDEFOLDER , Object: C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\data\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: ENGINE , Object: C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\engine\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: ISYourDataBaseDir , Object: C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\Database\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: DATABASEDIR , Object: C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\Database\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: CommonFilesFolder , Object: C:\Program Files (x86)\Common Files\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: ISCommonFilesFolder , Object: C:\Program Files (x86)\Common Files\InstallShield\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: ISUpdateServiceFolder , Object: C:\Program Files (x86)\Common Files\InstallShield\UpdateService\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: CommonFiles64Folder , Object: C:\Program Files (x86)\Common Files\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: CommonAppDataFolder , Object: C:\ProgramData\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: CommonAppSophos , Object: C:\ProgramData\Sophos\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: CommonAppSVRT , Object: C:\ProgramData\Sophos\Sophos Virus Removal Tool\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: LocalRepDir , Object: C:\ProgramData\Sophos\Sophos Virus Removal Tool\LocalRep\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: AppDataFolder , Object: C:\Users\Gary\AppData\Roaming\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: AdminToolsFolder , Object: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
MSI (c) (A4:8C) [21:01:30:827]: Dir (target): Key: ALLUSERSPROFILE , Object: C:\ProgramData\
MSI (c) (A4:8C) [21:01:30:827]: Note: 1: 2205 2: 3: MsiAssembly
MSI (c) (A4:8C) [21:01:30:827]: Note: 1: 2228 2: 3: MsiAssembly 4: SELECT `MsiAssembly`.`Attributes`, `MsiAssembly`.`File_Application`, `MsiAssembly`.`File_Manifest`, `Component`.`KeyPath` FROM `MsiAssembly`, `Component` WHERE `MsiAssembly`.`Component_` = `Component`.`Component` AND `MsiAssembly`.`Component_` = ?
Action ended 21:01:30: CostFinalize. Return value 1.
MSI (c) (A4:8C) [21:01:30:827]: Doing action: SetIDEFOLDER
Action 21:01:30: SetIDEFOLDER.
Action start 21:01:30: SetIDEFOLDER.
MSI (c) (A4:8C) [21:01:30:827]: Note: 1: 2235 2: 3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'SetIDEFOLDER'
MSI (c) (A4:8C) [21:01:30:827]: PROPERTY CHANGE: Modifying IDEFOLDER property. Its current value is 'C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\data\'. Its new value: 'C:\Users\Gary\AppData\Local\Temp\nsf8B0.tmp.dir\data\'.
Action ended 21:01:30: SetIDEFOLDER. Return value 1.
MSI (c) (A4:8C) [21:01:30:827]: Doing action: MigrateFeatureStates
Action 21:01:30: MigrateFeatureStates. Migrating feature states from related applications
Action start 21:01:30: MigrateFeatureStates.
Action ended 21:01:30: MigrateFeatureStates. Return value 0.
MSI (c) (A4:8C) [21:01:30:843]: Skipping action: PatchWelcome (condition is false)
MSI (c) (A4:8C) [21:01:30:843]: Doing action: InstallWelcome
Action 21:01:30: InstallWelcome.
Action start 21:01:30: InstallWelcome.
MSI (c) (A4:8C) [21:01:30:843]: Note: 1: 2235 2: 3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'InstallWelcome'
Action 21:01:30: InstallWelcome. Dialog created
MSI (c) (A4:60) [21:01:31:827]: Note: 1: 2756 2: sophos_1_sophos_cleanup_tool1
MSI (c) (A4:60) [21:01:31:827]: Note: 1: 2756 2: sophos_1_sophos_plc1
MSI (c) (A4:60) [21:01:31:828]: Note: 1: 2205 2: 3: _RemoveFilePath
MSI (c) (A4:60) [21:01:32:804]: PROPERTY CHANGE: Modifying CostingComplete property. Its current value is '0'. Its new value: '1'.
MSI (c) (A4:60) [21:01:32:804]: Note: 1: 2205 2: 3: BindImage
MSI (c) (A4:60) [21:01:32:804]: Note: 1: 2205 2: 3: ProgId
MSI (c) (A4:60) [21:01:32:804]: Note: 1: 2205 2: 3: PublishComponent
MSI (c) (A4:60) [21:01:32:804]: Note: 1: 2205 2: 3: SelfReg
MSI (c) (A4:60) [21:01:32:804]: Note: 1: 2205 2: 3: Extension
MSI (c) (A4:60) [21:01:32:805]: Note: 1: 2205 2: 3: Font
MSI (c) (A4:60) [21:01:32:805]: Note: 1: 2205 2: 3: Class
MSI (c) (A4:60) [21:01:32:805]: Note: 1: 2205 2: 3: TypeLib
MSI (c) (A4:60) [21:01:32:805]: Note: 1: 2727 2:
Info 2898.For MSSansBold8 textstyle, the system created a 'Tahoma' font, in 0 character set.
Info 2898.For MSSWhiteSerif8 textstyle, the system created a 'Tahoma' font, in 0 character set.
Action 21:05:27: LicenseAgreement. Dialog created
MSI (c) (A4:28) [21:05:29:831]: PROPERTY CHANGE: Modifying AgreeToLicense property. Its current value is 'No'. Its new value: 'Yes'.
Action 21:05:31: DestinationFolder. Dialog created
Action 21:05:33: ReadyToInstall. Dialog created
MSI (c) (A4:28) [21:05:34:103]: Note: 1: 2727 2:
MSI (c) (A4:28) [21:05:34:604]: Note: 1: 2727 2:
MSI (c) (A4:28) [21:05:35:121]: Note: 1: 2727 2:
MSI (c) (A4:28) [21:05:35:621]: Note: 1: 2727 2:
MSI (c) (A4:28) [21:05:36:129]: Note: 1: 2727 2:
MSI (c) (A4:28) [21:05:36:652]: Note: 1: 2727 2:
MSI (c) (A4:28) [21:05:37:153]: Note: 1: 2727 2:
MSI (c) (A4:28) [21:05:37:671]: Note: 1: 2727 2:
Action ended 21:05:37: InstallWelcome. Return value 1.
MSI (c) (A4:8C) [21:05:37:907]: Skipping action: SetupResume (condition is false)
MSI (c) (A4:8C) [21:05:37:907]: Skipping action: MaintenanceWelcome (condition is false)
MSI (c) (A4:8C) [21:05:37:907]: Doing action: SetupProgress
Action 21:05:37: SetupProgress.
Action start 21:05:37: SetupProgress.
MSI (c) (A4:8C) [21:05:37:907]: Note: 1: 2235 2: 3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'SetupProgress'
Action 21:05:37: SetupProgress. Dialog created
Action ended 21:05:37: SetupProgress. Return value 1.
MSI (c) (A4:8C) [21:05:37:945]: Doing action: ExecuteAction
 
Hi. I rebooted and ran TFC. Same thing. I had to go into Task Manager and stop the process. Sophos is huge. If you want to give this a rest, that will be OK by me. I'll stay with you as long as you want.
 
Hi. I'm running Sophos at the moment. Once again I have no clue. There are Two Sophos on my desktop. One is messed up. One seems to be scanning at the moment? Will post results when Sophos finishes.desktop.JPG
 
Sophos seems to be hung up. It hasn't moved after several minutes?? I'm going to get me a drink. This is driving me crazy.
I'll let it run awhile longer. I know I'm thick headed, but it seems I'm having my share of problems completing things you ask for.:'(
 
You must log in or register to reply here.

Similar threads

midian182
Neuralink video shows quadriplegic patient who can play chess and video games with his...
Replies
15
Views
222
quadibloc
quadibloc
yRaz
Opinion: AI is a lot closer to being conscious than many people predict and we need to talk about that.
Replies
0
Views
1K
yRaz
yRaz
Cal Jeffrey
Google proposes Project Ellmann, a chatbot that intimately knows you
Replies
9
Views
298
Nobina
Nobina

Latest posts

Back