Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Suspicious Behavior of Computer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Suspicious Behavior of Computer

Unread postby Ore » September 23rd, 2018, 12:08 am

Today, when I booted my computer up, I went through my normal process of opening up all of my programs that I use, and one of them is Avast Antivirus. When it opened, an error occured, stating that the Avast UI failed to load, so I tried to restart the service multiple times. Then, an Avast pop-up showed up, stating that a program is trying to turn off Avast's defenses. I got suspicious and tried to run an MBAM Chameleon scan, but the scan was too full of faults and was failing, and that is why I'm here right now. The reason I think this problem may be a virus is because I downloaded a sketchy program a couple of weeks ago. FRST scans files are attached below.
You do not have the required permissions to view the files attached to this post.
Ore
Active Member
 
Posts: 12
Joined: September 23rd, 2018, 12:02 am
Advertisement
Register to Remove

Re: Suspicious Behavior of Computer

Unread postby pgmigg » September 23rd, 2018, 12:27 am

Hello Ore,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Suspicious Behavior of Computer

Unread postby pgmigg » September 23rd, 2018, 12:43 am

Hello Ore,

Warning! License issue with Microsoft Office Enterprise 2007
The Microsoft Office Enterprise 2007 is not sold to individual home computer users and hence is not generally legal on a home computer.

Per our policy concerning illegally licensed software, I can offer you no further assistance as long as you have Microsoft Office Enterprise 2007 installed.

I strongly recommend that you uninstall Microsoft Office Enterprise 2007 however that choice is up to you.
  • If you choose NOT to remove this program, please indicate that in your next reply and ignore the remaining steps.
  • If you choose to remove this program then perform the following steps:
    1. Please press the Windows Key + R.
    2. Enter appwiz.cpl into the text box and click OK.
    3. Locate the following programs:
      MS Office Enterprise 2007
    4. Click on the Change/Remove button to uninstall it.
    5. When the program have been uninstalled, please close Control Panel
    6. Reboot (restart) your computer.

    Step 1.
    Run CKScanner
    1. Please download CKScanner from here and save it to your Desktop <----------------- Important!!!
    2. Double-click CKScanner.exe and click Search For Files.
    3. After a very short time, when the cursor hourglass disappears, click Save List To File.
    4. A message box will verify the file saved.
    5. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

    Step 2.
    TSG - SysInfo utility
    1. Please download SysInfo utility from here and save it to your Desktop.
    2. Right click on SysInfo.exe, select "Run As Administrator..." to run it... if UAC prompts, please allow it.
    3. Right click, select copy and then paste in your next post.

    Step 3.
    Run CodeCheck Scan
    1. Please download codecheck from here and save it to your Desktop.
    2. Make sure that codecheck.exe is on the your Desktop before running the application!
    3. Right-click on codecheck.exe and select "Run as administrator..." to run it.
    4. After a very short time a codecheck.txt icon will appear on your Desktop
    5. Double-click on the codecheck.txt icon on your Desktop and copy/paste the contents in your next reply.

    Then:
    Please tell me is this computer used for business purposes and connected to a business or educational network?
    I need to know it - so I can provide the proper instructions.

    Please post each log separately to prevent it being cut off by the forum post size limiter.
    Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

    Don't post anything as attachments unless I will ask you about it specifically!

    Please include in your next reply:
    1. Your decision about Microsoft Office Enterprise 2007
    2. Do you have any problems executing the instructions?
    3. Contents of CKFiles.txt log file
    4. Contents of SysInfo scan
    5. Contents of a log created by codecheck.txt
    6. Answers to my question related to type of using of your computer

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Suspicious Behavior of Computer

Unread postby Ore » September 23rd, 2018, 2:32 pm

Hi @pgmigg,

I have went through your set of procedures, and the logs will be posted below. This computer is for home use and nothing else.

----------------CKScanner
CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\steam\steamapps\common\blender\2.79\python\lib\site-packages\numpy\f2py\crackfortran.py
c:\program files (x86)\steam\steamapps\common\blender\2.79\scripts\addons\object_fracture_crack\crack_it.py
c:\program files (x86)\steam\steamapps\common\blender\2.79\scripts\addons\object_fracture_crack\operator.py
c:\program files (x86)\steam\steamapps\common\blender\2.79\scripts\addons\object_fracture_crack\__init__.py
c:\program files (x86)\steam\steamapps\common\blender\2.79\scripts\addons\object_fracture_crack\materials\materials1.blend
c:\program files (x86)\steam\steamapps\common\rocketleague\tagame\cookedpcconsole\antenna_nutcracker_sf.upk
c:\program files (x86)\steam\steamapps\common\rocketleague\tagame\cookedpcconsole\antenna_nutcracker_t_sf.upk
c:\program files (x86)\steam\steamapps\common\rocketleague\tagame\cookedpcconsole\paintfinish_cracked_sf.upk
c:\program files (x86)\steam\steamapps\common\rocketleague\tagame\cookedpcconsole\paintfinish_cracked_t_sf.upk
c:\program files (x86)\steam\steamapps\common\rocketleague\tagame\cookedpcconsole\playerbanner_crackedegg_sf.upk
c:\program files (x86)\steam\steamapps\common\rocketleague\tagame\cookedpcconsole\playerbanner_crackedegg_t_sf.upk
c:\programdata\genarts\sapphire\presets\genarts\s_glowedges_cheese_20and_20crackers.gp
c:\users\tam\mine-imator (community build)\minecraft sound pack - 1.10\block\furnace\fire_crackle1.ogg
c:\users\tam\mine-imator (community build)\minecraft sound pack - 1.10\block\furnace\fire_crackle2.ogg
c:\users\tam\mine-imator (community build)\minecraft sound pack - 1.10\block\furnace\fire_crackle3.ogg
c:\users\tam\mine-imator (community build)\minecraft sound pack - 1.10\block\furnace\fire_crackle4.ogg
c:\users\tam\mine-imator (community build)\minecraft sound pack - 1.10\block\furnace\fire_crackle5.ogg
scanner sequence 3.GJ.11.CIAPV0
----- EOF -----


----------------SysInfo
Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 8142 Mb
Graphics Card: NVIDIA Quadro 3000M, -2048 Mb
Hard Drives: C: 445 GB (134 GB Free); D: 15 GB (2 GB Free); E: 4 GB (2 GB Free);
Motherboard: Hewlett-Packard, 1630
Antivirus: Avast Antivirus, Enabled and Updated


----------------CodeCheck
Codecheck Version 1.0

09023
Ore
Active Member
 
Posts: 12
Joined: September 23rd, 2018, 12:02 am

Re: Suspicious Behavior of Computer

Unread postby pgmigg » September 24th, 2018, 12:25 am

Hi Ore,

You never answered my question about the fate of the MS Office Enterprise 2007 on your computer - please do it.

Thank you,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Suspicious Behavior of Computer

Unread postby Ore » September 24th, 2018, 12:41 am

Hello ppmigg,

My apologies, I ended up uninstalling it.
Ore
Active Member
 
Posts: 12
Joined: September 23rd, 2018, 12:02 am

Re: Suspicious Behavior of Computer

Unread postby pgmigg » September 24th, 2018, 11:40 am

Hi Ore,

Another question is, for what purposes on your computer are installed TellerScan 32-bit and 64-bit Combined Driver and ScanLite2 version 12.10?

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Suspicious Behavior of Computer

Unread postby Ore » September 24th, 2018, 6:16 pm

Hi ppmigg,

I don't know what those are, this computer was handed down to me, the previous owner used it for business activities.
Ore
Active Member
 
Posts: 12
Joined: September 23rd, 2018, 12:02 am

Re: Suspicious Behavior of Computer

Unread postby pgmigg » September 24th, 2018, 9:42 pm

Hi Ore,

Step 1.
LicDiag Command
  • Press the Windows Key + R.
  • Type notepad.exe into the text box and click OK.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: Select all.
    • (Click the Select all button next to Code: to select the entire script).
    Code: Select all
    @Echo off
    Licensingdiag.exe -report %userprofile%\desktop\report.txt -log %userprofile%\desktop\repfiles.cab
    Notepad.exe %userprofile%\desktop\report.txt
    del %0
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Licdiag.bat to your Desktop.
  • Save as file type All Files or it won't work.
  • Now right click on Licdiag.bat and select Run as administrator.
  • A file report.txt will open on your Desktop, please post the contents in your next reply.
  • A file repfiles.cab will be produced on your Desktop. This is a backup and can be ignored for the time being.

Step 2.
Run a new scan with FRST and post me your new Frst.txt and Addition.txt logs.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of report.txt created by LicDiag Command
  3. Contents of Frst.txt and Addition.txt logs created by FRST scan.

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Suspicious Behavior of Computer

Unread postby Ore » September 26th, 2018, 8:22 pm

Hi pgmigg,

I am having trouble running the "Licdiag.bat file, the console says that 'Licensingdiag.exe' is not recognized as an internal or external command, operable program or batch file."
Ore
Active Member
 
Posts: 12
Joined: September 23rd, 2018, 12:02 am

Re: Suspicious Behavior of Computer

Unread postby pgmigg » September 26th, 2018, 11:43 pm

Hi Ore,

I appreciate that you inform me about this problem - don't worry, it was my fault. Let's do the same thing in another way:

Step 1.
MGA Diagnostics
I need you to run a tool which will aid in determining what additional steps we'll need to perform.
  1. Please download this tool from Microsoft and save it to your Desktop.
  2. Right click on MGADiag.exe and select "Run As Administrator..." to run it.
  3. Click "Run" again and then click "Continue".
  4. The program will run. It takes a while to finish the diagnosis, please be patient.
  5. Once done, click on Copy.
  6. Open Notepad and paste the contents in. Save this file and post it in your next reply.

Step 2.
Run a new scan with FRST and post me your new Frst.txt and Addition.txt logs.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of a log created by MGADiag.exe
  3. Contents of Frst.txt and Addition.txt logs created by FRST scan.

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Suspicious Behavior of Computer

Unread postby Ore » September 27th, 2018, 7:08 pm

Hi ppmigg,
Ore
Active Member
 
Posts: 12
Joined: September 23rd, 2018, 12:02 am

Re: Suspicious Behavior of Computer

Unread postby Ore » September 27th, 2018, 7:12 pm

Hi ppmigg,

I did not have any problem executing your instructions. The logs will be posted below.

MGADiag----------------------------
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-788W3-H689G-6P6GT
Windows Product Key Hash: yr8OHoeXhbT4dc6MxGYjdAStSPY=
Windows Product ID: 00371-OEM-8992671-00008
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {EE0C800D-7231-4AE1-966F-00A7B01777AC}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_ldr.170810-1615
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{EE0C800D-7231-4AE1-966F-00A7B01777AC}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-6P6GT</PKey><PID>00371-OEM-8992671-00008</PID><PIDType>2</PIDType><SID>S-1-5-21-2257169433-888997055-2771706037</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP EliteBook 8760w</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>68SAD Ver. F.01</Version><SMBIOSVersion major="2" minor="6"/><Date>20110414000000.000000+000</Date></BIOS><HWID>8AD23907018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>US Mountain Standard Time(GMT-07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00178-926-700008-02-1033-7600.0000-3242014
Installation ID: 009852240346196876644544832141903122983711316165993163
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 6P6GT
License Status: Licensed
Remaining Windows rearm count: 2
Trusted time: 9/27/2018 3:53:51 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 9:14:2018 17:20
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: MgAAAAEAAQABAAEAAAABAAAABQABAAEAln0Oo3og0hqmN9KcLKyOGw6ylGo2NjBkLnM=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC HPQOEM 1630
FACP HPQOEM 1630
HPET HPQOEM 1630
MCFG HPQOEM 1630
TCPA HPQOEM 1630
SSDT HPQOEM SataAhci
SSDT HPQOEM SataAhci
SLIC HPQOEM SLIC-MPC
SSDT HPQOEM SataAhci
SSDT HPQOEM SataAhci
SSDT HPQOEM SataAhci
ASF! HPQOEM 1630


FRST----------------------------
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.09.2018
Ran by Tam (administrator) on TAM-HP (27-09-2018 15:58:33)
Running from C:\Users\Tam\Desktop\Antiviruses
Loaded Profiles: Tam (Available Profiles: Tam)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro X476dw MFP\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(ShareX Team) C:\Program Files\ShareX\ShareX.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(NCR Corporation) C:\Program Files (x86)\NCR\Passport Web Edition\pwecsrvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe
(Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Tam\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Spotify Ltd) C:\Users\Tam\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Tam\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Discord Inc.) C:\Users\Tam\AppData\Local\Discord\app-0.0.301\Discord.exe
(Spotify Ltd) C:\Users\Tam\AppData\Roaming\Spotify\Spotify.exe
(Discord Inc.) C:\Users\Tam\AppData\Local\Discord\app-0.0.301\Discord.exe
(Discord Inc.) C:\Users\Tam\AppData\Local\Discord\app-0.0.301\Discord.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Discord Inc.) C:\Users\Tam\AppData\Local\Discord\app-0.0.301\Discord.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro X476dw MFP\Bin\HPNetworkCommunicatorCom.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2941496 2011-03-17] (Hewlett-Packard Company)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2710824 2011-03-29] (Synaptics Incorporated)
HKLM\...\Run: [MfeEpePcMonitor] => C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2011-03-29] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-08-30] (AVAST Software)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-04] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2670056 2018-09-10] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [312376 2011-03-21] (Hewlett-Packard Company)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12277760 2011-03-10] (Hewlett-Packard)
HKLM-x32\...\Run: [NUSB3MON] => c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-04-05] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPQuickWebProxy] => c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [76344 2011-03-30] (Hewlett-Packard Company)
HKLM-x32\...\Run: [IFXSPMGTx] => c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1125728 2011-01-19] (Infineon Technologies AG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Passport Web Edition Client] => C:\Program Files (x86)\NCR\Passport Web Edition\pwecsrvc.exe [24675 2013-04-24] (NCR Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [1194048 2018-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409944 2018-06-22] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\DeviceNP: C:\Windows\SysWOW64\DeviceNP.dll [2011-03-07] (Hewlett-Packard Company)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2257169433-888997055-2771706037-1001\...\Run: [HP Officejet Pro X476dw MFP (NET)] => C:\Program Files\HP\HP Officejet Pro X476dw MFP\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-2257169433-888997055-2771706037-1001\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2257169433-888997055-2771706037-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33002896 2018-09-24] (Epic Games, Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
Lsa: [Notification Packages] EpePcNp64 DPPassFilter scecli
Startup: C:\Users\Tam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2018-06-26]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F401344E-7C27-47D3-8034-E27465C3058D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{FADA2F14-0E44-4874-828E-FF293601D6AE}: [DhcpNameServer] 168.94.0.14 168.94.0.15

Internet Explorer:
==================
HKU\S-1-5-21-2257169433-888997055-2771706037-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM/1
HKU\S-1-5-21-2257169433-888997055-2771706037-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2257169433-888997055-2771706037-1001 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2257169433-888997055-2771706037-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKU\S-1-5-21-2257169433-888997055-2771706037-1001 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-04-29] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-29] (Oracle Corporation)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2011-03-10] (Hewlett-Packard)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: (DigitalPersona Extension) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2011-05-06] [Legacy] [not signed]
FF HKU\S-1-5-21-2257169433-888997055-2771706037-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-29] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-06-22] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @DVR/npmedia,version=3.1.0.4 -> C:\Program Files (x86)\webrec\WEB30\WebPlugin\npmedia.dll [2015-03-09] ()
FF Plugin-x32: @DVR/npTimeGrid,version=3.1.0.4 -> C:\Program Files (x86)\webrec\WEB30\WebPlugin\npTimeGrid.dll [2015-03-09] (Unauthorized copy)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-08-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-08-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-06-22] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Users\Tam\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-05-04] (Cisco WebEx LLC)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-11-03]
CHR Profile: C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-09-27]
CHR Extension: (Slides) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-02]
CHR Extension: (YouTube) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-02]
CHR Extension: (Avast Passwords) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2018-08-17]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-09-20]
CHR Extension: (Sheets) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-24]
CHR Extension: (AdBlock) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-09-18]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2018-09-27]
CHR Extension: (Avast Online Security) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-09-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-11]
CHR Extension: (Material Dark) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\npadhaijchjemiifipabpmeebeelbmpd [2017-08-02]
CHR Extension: (Gmail) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-02]
CHR Extension: (Chrome Media Router) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-14]
CHR Profile: C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-11-03]
CHR Profile: C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 3 [2018-09-26]
CHR Extension: (Slides) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-04]
CHR Extension: (DocHub - Edit and Sign PDF Documents) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\adgncicbhbjfpijkdmbijninnhnmiblj [2018-04-11]
CHR Extension: (Share to Classroom) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\adokjfanaflbkibffcbhihgihpgijcei [2018-08-28]
CHR Extension: (Docs) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-04]
CHR Extension: (Google Drive) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-04]
CHR Extension: (YouTube) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-04]
CHR Extension: (Chromium License) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\egebdhfpiokhoiflhfpfcafldnljfjhi [2018-09-14] [UpdateUrl: hxxp://goguardian.com/licenses/update.php] <==== ATTENTION
CHR Extension: (Duolingo) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ekajaiihjemkjldcienbdonodmbiklnb [2017-12-04]
CHR Extension: (Sheets) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-04]
CHR Extension: (Google Docs Offline) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-28]
CHR Extension: (Avast Online Security) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-09-25]
CHR Extension: (Chromium M) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\haldlgldplgnggkjaafhelgiaglafanh [2018-09-21] [UpdateUrl: hxxps://ext.goguardian.com/stable.xml] <==== ATTENTION
CHR Extension: (Dictionary) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\hpgblgbmcleigbahedfgempmpnlkhhpk [2018-08-28]
CHR Extension: (Cloud Browser) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kmomimblkpkjeilfbkinoonalgiejlcl [2018-08-28]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2018-08-28]
CHR Extension: (Minecraft Temple) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nfejgbpkichfijkfakkalfhlcngamele [2018-08-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-12]
CHR Extension: (WeVideo - Video Editor and Maker) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb [2018-04-11]
CHR Extension: (Gmail) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-04]
CHR Extension: (Chrome Media Router) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-20]
CHR Profile: C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4 [2018-09-26]
CHR Extension: (Slides) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-24]
CHR Extension: (Cloudy Calculator) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\acgimceffoceigocablmjdpebeodphgc [2018-09-24]
CHR Extension: (DocHub - Edit and Sign PDF Documents) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\adgncicbhbjfpijkdmbijninnhnmiblj [2018-09-24]
CHR Extension: (Docs) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-24]
CHR Extension: (Google Drive) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-09-24]
CHR Extension: (AdGuard AdBlocker) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2018-09-24]
CHR Extension: (YouTube) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-24]
CHR Extension: (Which Is English) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\dcchdoioelfngpopjinloojjhkkobhdi [2018-09-24]
CHR Extension: (BuzzMath) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\dekgplobenhhgdanccadonnejajokmbf [2018-09-24]
CHR Extension: (Chromium License) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\egebdhfpiokhoiflhfpfcafldnljfjhi [2018-09-24] [UpdateUrl: hxxp://goguardian.com/licenses/update.php] <==== ATTENTION
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-09-24]
CHR Extension: (Sheets) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-24]
CHR Extension: (Google Docs Offline) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-24]
CHR Extension: (AdBlock) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-09-24]
CHR Extension: (Avast Online Security) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-09-25]
CHR Extension: (Chromium M) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\haldlgldplgnggkjaafhelgiaglafanh [2018-09-24] [UpdateUrl: hxxps://ext.goguardian.com/stable.xml] <==== ATTENTION
CHR Extension: (Calculator) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\hcpbdjanfepobbkbnhmalalmfdmikmbe [2018-09-24]
CHR Extension: (MLP Main 6 ) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\higmcdfmhfgdhakoahglokidcogbgkhj [2018-09-24]
CHR Extension: (Gynzy) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\jhpccgpiobbhpdafbjiflbfcdlklhkeh [2018-09-24]
CHR Extension: (Cloud Browser) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\kmomimblkpkjeilfbkinoonalgiejlcl [2018-09-24]
CHR Extension: (Lightshot (screenshot tool)) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2018-09-24]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2018-09-24]
CHR Extension: (Storyboard That) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nlflnngknijojboglnnkonkcenocjepa [2018-09-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-09-24]
CHR Extension: (Dictionarist - Instant Dictionary) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\npggnghnhkgioladlpfehafajnghlklc [2018-09-24]
CHR Extension: (YouiDraw Painter) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\okddffkjomolkknapbdjidajkgmehkco [2018-09-24]
CHR Extension: (DOGOnews) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pcolnnhmiknpeonnnmoadeficjagocgf [2018-09-24]
CHR Extension: (Gmail) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-09-24]
CHR Extension: (Chrome Media Router) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-24]
CHR Profile: C:\Users\Tam\AppData\Local\Google\Chrome\User Data\System Profile [2018-09-24]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-06-22] (Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2910696 2018-09-10] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2704872 2018-09-10] (Adobe Systems, Incorporated)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7994520 2018-08-30] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-08-30] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5745672 2018-04-26] ()
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [485712 2011-04-01] (DigitalPersona, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [529056 2018-07-19] (EasyAntiCheat Ltd)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [464512 2011-03-07] (Hewlett-Packard Company)
S3 HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [30776 2011-04-04] (Hewlett-Packard Development Company, L.P)
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [320512 2011-03-10] (Hewlett-Packard) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [293944 2011-03-21] (Hewlett-Packard Company)
R2 IFXSpMgtSrv; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1125728 2011-01-19] (Infineon Technologies AG)
R2 IFXTCS; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [980320 2011-01-19] (Infineon Technologies AG)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1318912 2011-03-29] () [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2017-04-10] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R2 NVWMI; C:\windows\system32\nvwmi64.exe [4165568 2017-08-14] (NVIDIA Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1793600 2018-02-01] (PDF Complete Inc)
R2 PersonalSecureDriveService; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [203104 2011-01-19] (Infineon Technologies AG)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [120440 2018-09-11] ()
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3750304 2017-04-10] (Intel® Corporation)
S2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ARCVCAM; C:\windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [199712 2018-08-30] (AVAST Software)
R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdrivera.sys [229384 2018-08-30] (AVAST Software)
R0 aswbidsh; C:\windows\System32\drivers\aswbidsha.sys [201320 2018-08-30] (AVAST Software)
R0 aswblog; C:\windows\System32\drivers\aswbloga.sys [346664 2018-08-30] (AVAST Software)
R0 aswbuniv; C:\windows\System32\drivers\aswbuniva.sys [59568 2018-08-30] (AVAST Software)
R1 aswHdsKe; C:\windows\System32\drivers\aswHdsKe.sys [249016 2018-08-30] (AVAST Software)
S3 aswHwid; C:\windows\System32\drivers\aswHwid.sys [46968 2018-08-30] (AVAST Software)
R2 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [163392 2018-09-12] (AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [111864 2018-08-30] (AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [87904 2018-08-30] (AVAST Software)
R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [1027720 2018-08-30] (AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [467320 2018-09-04] (AVAST Software)
R2 aswStm; C:\windows\System32\drivers\aswStm.sys [215920 2018-09-12] (AVAST Software)
R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [381560 2018-08-30] (AVAST Software)
S3 DAMDrv; C:\windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-03-03] (Hewlett-Packard Company)
R3 johci; C:\windows\System32\DRIVERS\johci.sys [26712 2011-02-09] (JMicron Technology Corp.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [168008 2011-03-29] (McAfee, Inc.)
R3 NETwNs64; C:\windows\System32\DRIVERS\NETwsw01.sys [11534096 2015-05-04] (Intel Corporation)
R1 PersonalSecureDrive; C:\windows\System32\drivers\psd.sys [44576 2010-01-25] (Infineon Technologies AG)
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [1826048 2010-12-21] ()
S3 SWDUMon; C:\windows\System32\DRIVERS\SWDUMon.sys [25608 2018-08-05] (SlimWare Utilities, Inc.)
R3 tap-tb-0901; C:\windows\System32\DRIVERS\tap-tb-0901.sys [38656 2018-07-31] (The OpenVPN Project)
S3 TsUsb2; C:\windows\System32\Drivers\TSUSB2.sys [53760 2007-05-25] (HTL)
S3 USBAAPL64; C:\windows\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
U1 aswbdisk; no ImagePath
S3 btwampfl; system32\drivers\btwampfl.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-27 15:54 - 2018-09-27 15:54 - 000004949 _____ C:\Users\Tam\Desktop\MGADiag Log.txt
2018-09-27 15:54 - 2018-09-27 15:54 - 000000000 ____D C:\MGADiagToolOutput
2018-09-27 15:53 - 2018-09-27 15:53 - 000000000 ____D C:\ProgramData\Office Genuine Advantage
2018-09-27 15:51 - 2018-09-27 15:51 - 002031992 _____ (Microsoft Corporation) C:\Users\Tam\Desktop\MGADiag.exe
2018-09-26 17:20 - 2018-09-26 17:20 - 000000163 _____ C:\Users\Tam\Desktop\Licdiag.bat
2018-09-24 11:52 - 2018-09-24 15:13 - 000002395 _____ C:\Users\Tam\Desktop\Jonathan - Chrome.lnk
2018-09-23 19:45 - 2018-09-23 19:45 - 000001959 _____ C:\Users\Public\Desktop\TunnelBear.lnk
2018-09-23 19:45 - 2018-09-23 19:45 - 000000000 ____D C:\Users\Tam\AppData\Roaming\TunnelBear
2018-09-23 19:45 - 2018-09-23 19:45 - 000000000 ____D C:\Users\Tam\AppData\Local\IsolatedStorage
2018-09-23 19:44 - 2018-09-27 15:48 - 000000000 ____D C:\Program Files (x86)\TunnelBear
2018-09-23 19:44 - 2018-09-23 19:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunnelBear
2018-09-23 11:27 - 2018-09-23 11:27 - 000025088 _____ C:\Users\Tam\Desktop\codecheck.exe
2018-09-23 11:27 - 2018-09-23 11:27 - 000000460 _____ C:\Users\Tam\Desktop\Syslog.txt
2018-09-23 11:27 - 2018-09-23 11:27 - 000000033 _____ C:\Users\Tam\Desktop\codecheck.txt
2018-09-23 11:26 - 2018-09-23 11:26 - 000748192 _____ (TechGuy, Inc.) C:\Users\Tam\Desktop\SysInfo.exe
2018-09-23 11:26 - 2018-09-23 11:26 - 000001970 _____ C:\Users\Tam\Desktop\ckfiles.txt
2018-09-23 09:53 - 2018-09-23 09:53 - 000468480 _____ () C:\Users\Tam\Desktop\CKScanner.exe
2018-09-23 09:29 - 2018-09-23 09:29 - 000002912 _____ C:\Users\Tam\Desktop\beep.txt
2018-09-22 21:10 - 2018-09-22 21:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-09-22 20:40 - 2018-09-22 20:40 - 000000000 ____D C:\ProgramData\MB2Migration
2018-09-22 20:21 - 2018-09-22 20:21 - 000000000 ____D C:\Users\Tam\AppData\Local\mbam
2018-09-16 14:57 - 2018-09-18 20:45 - 000715284 _____ C:\Users\Tam\Documents\Float Diagram.blend
2018-09-16 14:57 - 2018-09-18 20:44 - 000715284 _____ C:\Users\Tam\Documents\Float Diagram.blend1
2018-09-15 22:01 - 2018-09-16 15:03 - 000526868 _____ C:\Users\Tam\Documents\Panther Float Head.blend
2018-09-15 22:01 - 2018-09-15 22:01 - 000577164 _____ C:\Users\Tam\Documents\Panther Float Head.blend1
2018-08-30 17:20 - 2018-08-30 17:20 - 000379608 _____ (AVAST Software) C:\windows\system32\aswBoot.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-27 16:02 - 2009-07-13 21:45 - 000025648 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-09-27 16:02 - 2009-07-13 21:45 - 000025648 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-09-27 16:01 - 2017-08-02 20:14 - 000000000 ____D C:\Users\Tam\AppData\Local\Spotify
2018-09-27 16:00 - 2017-08-04 09:56 - 000001344 _____ C:\Users\Tam\Desktop\Roblox Player.lnk
2018-09-27 16:00 - 2017-08-04 09:54 - 000001163 _____ C:\Users\Tam\Desktop\Roblox Studio.lnk
2018-09-27 16:00 - 2017-08-04 09:54 - 000000000 ____D C:\Users\Tam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2018-09-27 15:58 - 2017-08-03 11:11 - 000000000 ____D C:\FRST
2018-09-27 15:55 - 2017-08-02 20:05 - 000000000 ____D C:\Program Files (x86)\Steam
2018-09-27 15:55 - 2017-08-02 19:38 - 000000000 ____D C:\Users\Tam\Desktop\Antiviruses
2018-09-27 15:53 - 2017-08-02 20:05 - 000000000 ____D C:\Users\Tam\AppData\Roaming\Spotify
2018-09-27 15:48 - 2011-05-06 21:49 - 000000000 ____D C:\ProgramData\PDFC
2018-09-27 15:47 - 2009-07-13 22:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-09-27 15:46 - 2014-11-20 09:53 - 000000000 ____D C:\ProgramData\NVIDIA
2018-09-26 15:49 - 2017-08-17 16:40 - 000000000 _____ C:\windows\SysWOW64\last.dump
2018-09-26 14:07 - 2017-08-06 15:22 - 000000000 ____D C:\Users\Tam\AppData\Roaming\Mine_imator__Community_Build_
2018-09-25 14:12 - 2018-04-27 21:39 - 000001272 _____ C:\Users\Tam\Desktop\nativelog.txt
2018-09-25 14:12 - 2018-04-27 21:30 - 000000000 ____D C:\Users\Tam\AppData\Roaming\.minecraft
2018-09-25 14:07 - 2017-11-15 16:40 - 000004168 _____ C:\windows\System32\Tasks\Avast Emergency Update
2018-09-24 17:02 - 2017-09-23 19:21 - 000000000 ____D C:\Users\Tam\AppData\Local\AVAST Software
2018-09-24 16:22 - 2018-07-31 21:14 - 000003494 _____ C:\windows\System32\Tasks\AdobeAAMUpdater-1.0-Tam-HP-Tam
2018-09-24 16:22 - 2018-07-31 21:14 - 000003450 _____ C:\windows\System32\Tasks\AdobeGCInvoker-1.0-Tam-HP-Tam
2018-09-24 16:22 - 2018-06-04 10:33 - 000003198 _____ C:\windows\System32\Tasks\Get Yeeted on Boi
2018-09-24 16:22 - 2014-11-20 09:58 - 000003332 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-09-24 16:22 - 2014-11-20 09:58 - 000003204 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-09-24 16:21 - 2017-11-17 17:02 - 000000000 ____D C:\windows\System32\Tasks\AVAST Software
2018-09-24 15:14 - 2017-08-02 19:31 - 000000000 ____D C:\Users\Tam\Downloads\Fin
2018-09-23 19:48 - 2009-07-13 20:20 - 000000000 ____D C:\windows\inf
2018-09-23 19:45 - 2017-09-24 18:43 - 000000000 ____D C:\ProgramData\Package Cache
2018-09-23 19:44 - 2014-11-20 09:24 - 000001413 _____ C:\Users\Tam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-09-23 18:50 - 2018-05-12 21:35 - 000000000 ____D C:\Users\Tam\BrawlhallaReplays
2018-09-23 09:58 - 2009-07-13 22:13 - 000782470 _____ C:\windows\system32\PerfStringBackup.INI
2018-09-23 09:49 - 2014-11-20 09:23 - 000123912 _____ C:\Users\Tam\AppData\Local\GDIPFONTCACHEV1.DAT
2018-09-23 09:48 - 2009-07-13 21:45 - 000454520 _____ C:\windows\system32\FNTCACHE.DAT
2018-09-23 09:33 - 2009-07-13 22:32 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-09-23 09:32 - 2009-07-27 07:36 - 000000000 ____D C:\windows\ShellNew
2018-09-23 09:32 - 2009-07-13 19:34 - 000000387 _____ C:\windows\win.ini
2018-09-23 09:30 - 2009-07-13 20:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-09-22 21:15 - 2017-11-18 15:10 - 000000000 ____D C:\Users\Tam\AppData\Local\Warframe
2018-09-22 21:12 - 2017-11-12 17:48 - 000000000 ____D C:\Users\Tam\AppData\Local\CrashDumps
2018-09-22 21:10 - 2017-08-02 19:41 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-09-22 21:01 - 2018-08-03 17:33 - 000000000 ____D C:\Program Files (x86)\Adobe Photoshop CS6
2018-09-21 19:45 - 2017-11-03 22:25 - 000000000 ____D C:\Users\Tam\Documents\ShareX
2018-09-18 20:25 - 2017-08-03 11:14 - 000000000 ____D C:\Program Files\paint.net
2018-09-18 19:35 - 2018-03-19 20:06 - 000000000 ____D C:\tmp
2018-09-17 18:19 - 2014-11-20 09:59 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-16 18:16 - 2009-07-13 22:08 - 000032594 _____ C:\windows\Tasks\SCHEDLGU.TXT
2018-09-12 15:46 - 2017-11-15 16:39 - 000215920 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2018-09-12 15:46 - 2017-11-15 16:39 - 000163392 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2018-09-12 15:46 - 2014-11-20 09:57 - 000000000 ____D C:\Users\Tam\AppData\Roaming\Adobe
2018-09-10 16:07 - 2018-07-31 20:34 - 000000000 ____D C:\ProgramData\Adobe
2018-09-09 20:57 - 2018-02-19 09:52 - 000000000 ____D C:\Users\Tam\Desktop\AutoM8
2018-09-09 19:48 - 2018-08-03 17:09 - 000000000 ____D C:\Users\Tam\AppData\LocalLow\Adobe
2018-09-09 19:48 - 2018-07-31 20:28 - 000000000 ____D C:\Users\Tam\AppData\Local\Adobe
2018-09-09 17:28 - 2018-07-31 21:16 - 000000000 ___RD C:\Users\Tam\Creative Cloud Files
2018-09-04 16:42 - 2017-11-15 16:39 - 000467320 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2018-08-30 17:22 - 2017-11-15 16:39 - 000087904 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2018-08-30 17:20 - 2017-11-15 16:39 - 000381560 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2018-08-30 17:20 - 2017-11-15 16:39 - 000199712 _____ (AVAST Software) C:\windows\system32\Drivers\aswArPot.sys
2018-08-30 17:20 - 2017-11-15 16:39 - 000111864 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2018-08-30 17:20 - 2017-11-15 16:39 - 000046968 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2018-08-30 17:19 - 2017-12-21 12:09 - 000249016 _____ (AVAST Software) C:\windows\system32\Drivers\aswHdsKe.sys
2018-08-30 17:19 - 2017-11-15 16:39 - 001027720 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2018-08-30 17:19 - 2017-11-15 16:39 - 000346664 _____ (AVAST Software) C:\windows\system32\Drivers\aswbloga.sys
2018-08-30 17:19 - 2017-11-15 16:39 - 000229384 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsdrivera.sys
2018-08-30 17:19 - 2017-11-15 16:39 - 000201320 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsha.sys
2018-08-30 17:19 - 2017-11-15 16:39 - 000059568 _____ (AVAST Software) C:\windows\system32\Drivers\aswbuniva.sys
2018-08-28 16:25 - 2018-03-17 11:14 - 000000000 ____D C:\Users\Tam\Documents\ROBLOX

==================== Files in the root of some directories =======

2011-02-24 00:10 - 2011-02-24 00:10 - 000020432 _____ (Intel Corporation) C:\Users\Tam\AppData\Roaming\JomCap.dll
2014-11-20 09:06 - 2014-11-20 09:07 - 000050964 _____ () C:\Users\Tam\AppData\Roaming\QWInstall.log
2018-09-27 15:52 - 2018-09-27 15:52 - 000000000 _____ () C:\Users\Tam\AppData\Local\oobelibMkey.log
2016-06-06 15:00 - 2016-06-06 15:00 - 000000000 _____ () C:\Users\Tam\AppData\Local\{887018FD-C5E6-4B09-9158-D77877341818}

Some files in TEMP:
====================
2014-11-20 08:55 - 2014-11-20 08:55 - 000426044 _____ (Hewlett-Packard Company) C:\Users\Tam\AppData\Local\Temp\CpqMC.dll
2016-03-09 15:20 - 2016-03-09 15:20 - 000000000 _____ () C:\Users\Tam\AppData\Local\Temp\etethdio.dll
2011-01-14 22:14 - 2011-01-14 22:14 - 003330232 _____ (Hewlett-Packard Company) C:\Users\Tam\AppData\Local\Temp\HPSWF.EXE
2018-07-13 10:30 - 2018-07-13 10:30 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-1010997884759045236.dll
2018-06-30 17:35 - 2018-06-30 17:35 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-114281658366092378.dll
2018-07-04 17:11 - 2018-07-04 17:11 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-1182409032652409725.dll
2018-07-03 10:57 - 2018-07-03 10:57 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-1247301502591679042.dll
2018-07-11 09:42 - 2018-07-11 09:42 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-1303097495445590414.dll
2018-07-06 13:33 - 2018-07-06 13:33 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-1603202929396162931.dll
2018-07-06 09:10 - 2018-07-06 09:10 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-1761239583132306730.dll
2018-06-27 20:37 - 2018-06-27 20:37 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-2047772158787543379.dll
2018-07-11 19:22 - 2018-07-11 19:22 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-2253401857238783313.dll
2018-07-09 17:27 - 2018-07-09 17:27 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-2337436248905988063.dll
2018-06-29 19:35 - 2018-06-29 19:35 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-2372963674945945934.dll
2018-07-08 19:34 - 2018-07-08 19:34 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-2521842757455238398.dll
2018-08-24 20:13 - 2018-08-24 20:13 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-2680262587391514660.dll
2018-08-11 10:25 - 2018-08-11 10:25 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-2707917457910123223.dll
2018-07-02 11:43 - 2018-07-02 11:43 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-2810650118798143401.dll
2018-07-03 10:27 - 2018-07-03 10:27 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-2870714046650673636.dll
2018-06-27 20:41 - 2018-06-27 20:41 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-3071523032528695610.dll
2018-07-11 14:25 - 2018-07-11 14:25 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-3385157986456784627.dll
2018-07-10 10:42 - 2018-07-10 10:42 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-3434624398456282948.dll
2018-07-01 14:23 - 2018-07-01 14:23 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-346477479070217186.dll
2018-07-04 09:29 - 2018-07-04 09:29 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-3631325410899275016.dll
2018-07-11 14:23 - 2018-07-11 14:23 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-373937473051150468.dll
2018-08-10 20:34 - 2018-08-10 20:34 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-3797971451813094983.dll
2018-07-12 18:28 - 2018-07-12 18:28 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-3926862313536065590.dll
2018-07-10 19:52 - 2018-07-10 19:52 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-4063391945295942949.dll
2018-07-08 10:06 - 2018-07-08 10:06 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-4066721505298895358.dll
2018-07-10 18:30 - 2018-07-10 18:30 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-4132040846415239579.dll
2018-07-12 11:35 - 2018-07-12 11:35 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-4144250482012100336.dll
2018-07-15 19:00 - 2018-07-15 19:00 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-437531092008481158.dll
2018-07-02 19:14 - 2018-07-02 19:14 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-4394814674473502463.dll
2018-07-08 19:31 - 2018-07-08 19:31 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-4600155326625628712.dll
2018-08-25 10:12 - 2018-08-25 10:12 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-4602828893507657241.dll
2018-07-06 13:19 - 2018-07-06 13:19 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-4905352235190754591.dll
2018-06-30 09:05 - 2018-06-30 09:05 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-5169747604384495880.dll
2018-07-06 13:32 - 2018-07-06 13:32 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-534242042647039370.dll
2018-07-13 18:31 - 2018-07-13 18:31 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-564741236961404434.dll
2018-07-11 11:59 - 2018-07-11 11:59 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-5669251281504923559.dll
2018-07-05 18:20 - 2018-07-05 18:20 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-5834296964424461125.dll
2018-07-02 19:11 - 2018-07-02 19:11 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-5948494479327703099.dll
2018-09-21 20:01 - 2018-09-21 20:01 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-6158942759581855103.dll
2018-07-05 20:55 - 2018-07-05 20:55 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-6403095216103572520.dll
2018-07-01 15:47 - 2018-07-01 15:47 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-6482936984306456604.dll
2018-07-06 11:22 - 2018-07-06 11:22 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-6502465683142607067.dll
2018-07-03 19:19 - 2018-07-03 19:19 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-6602546209477100510.dll
2018-07-08 12:14 - 2018-07-08 12:14 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-661082329947620103.dll
2018-06-28 10:14 - 2018-06-28 10:14 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-6989482188008190806.dll
2018-06-27 21:10 - 2018-06-27 21:10 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7041843333542640632.dll
2018-06-30 09:29 - 2018-06-30 09:29 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7108392836448466782.dll
2018-07-09 10:40 - 2018-07-09 10:40 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7111294482199110590.dll
2018-07-06 11:06 - 2018-07-06 11:06 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7275546105858303092.dll
2018-07-02 19:53 - 2018-07-02 19:53 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7529871326098192204.dll
2018-06-29 14:17 - 2018-06-29 14:17 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7546508394981004453.dll
2018-06-28 20:01 - 2018-06-28 20:01 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7676497325359457392.dll
2018-07-30 18:39 - 2018-07-30 18:39 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7697523056367623835.dll
2018-07-19 12:43 - 2018-07-19 12:43 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7710967688979411009.dll
2018-07-08 19:35 - 2018-07-08 19:35 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7731973479955226278.dll
2018-06-28 13:59 - 2018-06-28 13:59 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-8094715428981414831.dll
2018-07-05 10:33 - 2018-07-05 10:33 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-8151255613658643985.dll
2018-07-07 19:48 - 2018-07-07 19:48 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-8167974497104031064.dll
2018-06-29 09:39 - 2018-06-29 09:39 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-8284759178324540238.dll
2018-07-06 19:07 - 2018-07-06 19:07 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-8521551276089244759.dll
2018-07-02 21:16 - 2018-07-02 21:16 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-8645719817980766821.dll
2018-07-02 11:30 - 2018-07-02 11:30 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-8704415041380251485.dll
2018-07-11 11:55 - 2018-07-11 11:55 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-904380684433355865.dll
2018-08-26 20:45 - 2018-08-26 20:45 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-9102354454545170408.dll
2017-08-02 16:54 - 2010-08-13 18:19 - 000468232 _____ (Microsoft Corporation) C:\Users\Tam\AppData\Local\Temp\MSN59C5.exe
2011-02-16 14:17 - 2011-02-16 14:17 - 000103792 _____ () C:\Users\Tam\AppData\Local\Temp\SWHelperQueryW.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-09-26 12:30

==================== End of FRST.txt ============================
Ore
Active Member
 
Posts: 12
Joined: September 23rd, 2018, 12:02 am

Re: Suspicious Behavior of Computer

Unread postby Ore » September 27th, 2018, 7:14 pm

Hello ppmigg,

Addition did not fit, so I will include it here.

Addition----------------------------
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23.09.2018
Ran by Tam (27-09-2018 16:06:42)
Running from C:\Users\Tam\Desktop\Antiviruses
Windows 7 Professional Service Pack 1 (X64) (2014-11-20 15:55:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2257169433-888997055-2771706037-500 - Administrator - Disabled)
Guest (S-1-5-21-2257169433-888997055-2771706037-501 - Limited - Disabled)
Tam (S-1-5-21-2257169433-888997055-2771706037-1001 - Administrator - Enabled) => C:\Users\Tam

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{345F3F90-0505-4EDF-B7A9-5E3AC1AC6CE4}) (Version: 15.2.1 - Hewlett-Packard) Hidden
ActiveCheck component for HP Active Support Library (HKLM-x32\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.6.0.384 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\{F24F876B-7D71-4BD6-88E9-614D3BB84216}) (Version: 1.7.16.0 - Alcor Micro Corp.) Hidden
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.16.0 - Alcor Micro Corp.)
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.30 - ArcSoft)
Audacity 2.2.0 (HKLM-x32\...\Audacity_is1) (Version: 2.2.0 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.6.2349 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Cisco WebEx Meetings (HKU\S-1-5-21-2257169433-888997055-2771706037-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 6.0.0.10 - Hewlett-Packard Company)
DirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) Hidden
Discord (HKU\S-1-5-21-2257169433-888997055-2771706037-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
Drive Encryption For HP ProtectTools (HKLM\...\{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}) (Version: 6.0.46.25033 - Hewlett-Packard Company)
Embedded Security for HP ProtectTools (HKLM\...\{87821717-5688-4AE6-887A-6B11571D0CD7}) (Version: 6.0.100.2572 - Hewlett-Packard Company)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Epic Games Launcher (HKLM-x32\...\{9F55B4DA-23ED-44FA-910E-BDDBD6D942CF}) (Version: 1.1.123.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Face Recognition for HP ProtectTools (HKLM\...\{D3A775F2-2674-4452-8D80-1FC1446052EE}) (Version: 6.00.4321 - Hewlett-Packard Company)
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 6.0.0.9 - Hewlett-Packard Company)
FireAlpaca 1.8.1 (HKLM-x32\...\FireAlpaca_is1) (Version: 1.8.1 - firealpaca.com)
GenArts Sapphire Plug-ins 6.10 for OFX (HKLM\...\GenArts Sapphire Plug-ins for OFX_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Gyazo 3.3.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HP 3D DriveGuard (HKLM\...\{50928788-ED14-4B45-97FF-EC3C4EC7BBC1}) (Version: 4.1.7.1 - Hewlett-Packard Company)
HP Client Automation Agent Preload (HKLM-x32\...\{52B18ABC-AD5F-4C3C-B391-04F57B380449}) (Version: 7.5 - Hewlett-Packard)
HP Connection Manager (HKLM-x32\...\{4B21E4B2-89B8-499D-803A-34ABF929401E}) (Version: 4.1.10.1 - Hewlett-Packard Company)
HP DayStarter (HKLM\...\{483D5A49-A26B-4CB8-AA2D-0D1811322061}) (Version: 2.0.0.12 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{62272D4E-78E9-4BAD-B7AA-63072D06AAA9}) (Version: 1.1.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{EFCB119B-6A71-489F-A81A-61627969D35C}) (Version: 1.1.12.1 - Hewlett-Packard Company)
HP HotKey Support (HKLM\...\{E6F19F75-2802-4E60-B04B-B7151BBEE53F}) (Version: 4.0.14.1 - Hewlett-Packard Company)
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)
HP Officejet Pro X476dw MFP Basic Device Software (HKLM\...\{39A2D5AC-305A-4FAD-8845-4CC8C76C0BE2}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Officejet Pro X476dw MFP Help (HKLM-x32\...\{D99D6F87-451C-4BCF-8053-DC62C8E341B9}) (Version: 29.0.0 - Hewlett Packard)
HP Performance Advisor (HKLM-x32\...\{2799064B-FFEE-4D40-A400-907A90D653AB}) (Version: 1.2.2728 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{CF9ACC81-C8C3-4BD1-BD1F-FE13CF344E20}) (Version: 2.0.3.1 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 6.02.925 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{72CD20B8-55F3-4B4F-A44F-E381232E84ED}) (Version: 3.0.1.9258 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{344A1AA2-AC8E-4741-BDB0-65B68FDA883C}) (Version: 3.2.0.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}) (Version: 4.0.112.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{531000B3-DBEE-4115-BBF3-DA48B67C053F}) (Version: 8.2.1.1 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{954079D6-28E0-417D-AC43-F728E3CB7CE5}) (Version: 2.1.3 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 2.00 - Hewlett-Packard Company)
HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.26.3 - Roxio)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50058.0 - Sonix)
HPAsset component for HP Active Support Library (HKLM-x32\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 3.0.2.2 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6328.0 - IDT)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{227fd89d-2205-499a-8b73-9ec775789c4d}) (Version: 19.70.0 - Intel Corporation)
Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.21.00 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.58.0 - JMicron Technology Corp.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Mastercam X5 (HKLM-x32\...\{9910A499-33A8-4EF3-925F-726F2E16ED9E}) (Version: 14.0.4.33 - CNC Software, Inc.) Hidden
Mastercam X5 (HKLM-x32\...\InstallShield_{9910A499-33A8-4EF3-925F-726F2E16ED9E}) (Version: 14.0.4.33 - CNC Software, Inc.)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 377.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 377.61 - NVIDIA Corporation)
NVIDIA Graphics Driver 377.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 377.61 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA nView 148.47 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 148.47 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA WMI 2.29.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.29.0 - NVIDIA Corporation)
paint.net (HKLM\...\{02D89175-E08F-401B-BA30-8B7512B57724}) (Version: 4.0.17 - dotPDN LLC)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.2.32 - PDF Complete, Inc)
Privacy Manager for HP ProtectTools (HKLM\...\{ACA53F68-B003-4D0E-9C3D-0C4EE09D08A8}) (Version: 6.00.831 - Hewlett-Packard Company)
Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{D2064264-3162-4DB1-AFE0-167BEFBBCD9C}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Product Improvement Study for HP Officejet Pro X476dw MFP (HKLM\...\{3531419E-DA6B-45DD-BFF7-9105F1A67807}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
RemoteDepositWebClient (HKLM-x32\...\{6A26BCFD-3C93-423A-AA26-AEF9BAD83CA4}) (Version: 3.09.01.02 - NCR)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Roblox Player for Tam (HKU\S-1-5-21-2257169433-888997055-2771706037-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - Roblox Corporation)
Roblox Player for Tam (HKU\S-1-5-21-2257169433-888997055-2771706037-1001\...\roblox-player) (Version: - Roblox Corporation)
Roblox Studio for Tam (HKU\S-1-5-21-2257169433-888997055-2771706037-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - Roblox Corporation)
Roxio MyDVD Business 2010 (HKLM-x32\...\{9CB4FBA9-45C0-41AA-97CC-283B42E1A21E}) (Version: 12.1.74.5 - Roxio)
ScanLite2 version 12.10 (HKLM-x32\...\{63517E50-AB67-43B5-BB08-28210939CF66}_is1) (Version: 12.10 - Digital Check Corp)
SDK (HKLM-x32\...\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}) (Version: 2.26.012 - Portrait Displays, Inc.) Hidden
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 12.2.0 - ShareX Team)
Spotify (HKU\S-1-5-21-2257169433-888997055-2771706037-1001\...\Spotify) (Version: 1.0.89.313.g34a58dea - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.16.5 - Synaptics Incorporated)
TellerScan 32-bit and 64-bit Combined Driver version 12.66 (HKLM\...\{29E98AE7-A193-40A1-BF4A-5B84B435E2DB}_is1) (Version: 12.66 - Digital Check Corp.)
Theft Recovery for HP ProtectTools (HKLM-x32\...\{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.33 - Hewlett-Packard Company) Hidden
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.33 - Hewlett-Packard Company)
TunnelBear (HKLM-x32\...\{0d6e112b-ecd9-4b6a-92ed-6e708fb7de2f}) (Version: 3.6.3.0 - TunnelBear)
TunnelBear (HKLM-x32\...\{95EAEB10-FF80-47E1-BAF7-4B46C4D6A46C}) (Version: 3.6.3.0 - TunnelBear) Hidden
Validity Fingerprint Sensor Driver (HKLM\...\{61D3AB5C-02B5-47FC-906A-C49A0954C7C6}) (Version: 4.3.126.0 - Validity Sensors, Inc.)
VEGAS Pro 14.0 (64-bit) (HKLM\...\{4C79D80F-79F9-11E6-8402-BB95F5A309BD}) (Version: 14.0.161 - VEGAS)
VIP Access SDK (1.0.0.55) (HKLM-x32\...\VIP Access SDK) (Version: 1.0.0.55 - Symantec Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.50 beta 6 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.6 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2257169433-888997055-2771706037-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-08-30] (AVAST Software)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] ()
ContextMenuHandlers1: [APSDShExt] -> {E08BF9C5-191E-4B15-8F67-2622B4DB5580} => c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\x64\PSDShExt.dll [2011-01-19] (Infineon Technologies AG)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-08-30] (AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-02] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-02] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-08-30] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2017-08-14] ()
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\windows\system32\nvshext.dll [2017-08-14] (NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] ()
ContextMenuHandlers6: [APSDShExt] -> {E08BF9C5-191E-4B15-8F67-2622B4DB5580} => c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\x64\PSDShExt.dll [2011-01-19] (Infineon Technologies AG)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-08-30] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-02] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-02] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1479E408-CFA5-434B-B3F4-4A75BF8005A9} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-09-14] (AVAST Software)
Task: {213D64E2-4383-4AD4-9FF5-699DC20265CF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {3B4A0F97-6D7C-4B90-8650-7FCB180BBC1C} - System32\Tasks\3 Hour Shutdown => shutdown [Argument = /s /f /t 10800]
Task: {46C10257-9CDA-4E10-9809-FD8C92288ED2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {5334E2AE-4223-4CD1-9603-C4EC0C02251B} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-28] (Adobe Systems Incorporated)
Task: {56727B13-3A24-411A-91C6-EFC2345BFAF7} - \GyazoUpdateTaskMachine -> No File <==== ATTENTION
Task: {60CC65EA-B8E7-44CD-B2B9-1D627DFDC8B1} - System32\Tasks\AdobeGCInvoker-1.0-Tam-HP-Tam => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-09-10] (Adobe Systems, Incorporated)
Task: {61C573E6-30AF-43C1-9099-819B05725635} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2017-07-25] (Microsoft)
Task: {6AE66812-9410-41E0-B9EB-783B0A50E460} - System32\Tasks\nWizard_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2017-08-14] ()
Task: {7176BDDF-D43B-4F88-910F-7B4194B06893} - System32\Tasks\Get Yeeted on Boi => shutdown [Argument = /s /f /t 7800]
Task: {9A398686-900B-4A96-A87F-2A84B2145AF0} - \GyazoUpdateTaskMachineDaily -> No File <==== ATTENTION
Task: {A65F1849-F2E6-486E-BDA0-7C4708D963C1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {ABC1794A-0490-4F16-87B4-70E4EFA05EAF} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-08-30] (AVAST Software)
Task: {B90FAD2B-64A0-415E-B8CA-D7D01AE49374} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {C73B87EC-EC7B-441F-8E39-9F48F59FF492} - System32\Tasks\4 Hour Shutdown => shutdown [Argument = /s /f /t 12400]
Task: {D05A8752-9915-4DB3-A001-96BFDA15FC92} - System32\Tasks\HPCustParticipation HP Officejet Pro X476dw MFP => C:\Program Files\HP\HP Officejet Pro X476dw MFP\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {D7003354-A803-4EBE-A671-EE697A162A6F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {F20562FA-0066-49C0-B198-99578C2137E5} - System32\Tasks\AdobeAAMUpdater-1.0-Tam-HP-Tam => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {F5735708-FC94-4B27-89B1-E2119511AF8E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2017-07-25] (Microsoft)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Tam\Desktop\Chrome - Ore.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Tam\Desktop\Chrome - Shane.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3"
ShortcutWithArgument: C:\Users\Tam\Desktop\Jonathan - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 4"
ShortcutWithArgument: C:\Users\Tam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Shane - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3"
ShortcutWithArgument: C:\Users\Tam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2017-10-10 12:58 - 2017-08-14 07:00 - 000133240 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-04-01 18:42 - 2011-04-01 18:42 - 000156216 _____ () c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2011-03-29 15:37 - 2011-03-29 15:37 - 002905600 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2010-09-06 13:18 - 2010-09-06 13:18 - 001412608 _____ () C:\windows\system32\LIBEAY32.dll
2011-03-29 14:59 - 2011-03-29 14:59 - 000141824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface64.dll
2011-03-29 15:00 - 2011-03-29 15:00 - 001318912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2018-09-11 23:15 - 2018-09-11 23:15 - 000120440 _____ () C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe
2018-06-09 09:22 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-05 19:47 - 2018-03-05 19:47 - 000614848 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2014-11-20 09:50 - 2017-08-14 08:48 - 000785976 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll
2011-03-29 15:24 - 2011-03-29 15:24 - 000200704 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
2017-09-27 16:34 - 2017-09-27 16:36 - 098275328 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
2017-09-27 16:36 - 2017-09-27 16:36 - 003922432 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libGLESv2.dll
2017-09-27 16:36 - 2017-09-27 16:36 - 000092672 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll
2011-03-17 15:09 - 2011-03-17 15:09 - 000036408 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Remote.dll
2017-10-16 11:03 - 2014-08-19 12:12 - 001356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2018-08-30 17:20 - 2018-08-30 17:20 - 000703192 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2011-03-17 15:08 - 2011-03-17 15:08 - 000097336 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll
2011-03-17 15:08 - 2011-03-17 15:08 - 000046136 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\Graphs.dll
2011-05-06 21:50 - 2010-12-13 13:49 - 001083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2010-06-24 03:21 - 2010-06-24 03:21 - 001102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2018-09-17 18:19 - 2018-09-15 01:26 - 005110616 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libglesv2.dll
2018-09-17 18:19 - 2018-09-15 01:26 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libegl.dll
2018-08-30 17:21 - 2018-09-05 13:14 - 001055520 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\SDL2.dll
2018-08-30 17:20 - 2018-08-27 13:52 - 098006816 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libcef.dll
2018-08-30 17:20 - 2018-08-27 13:52 - 004443424 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libglesv2.dll
2018-08-30 17:20 - 2018-08-27 13:52 - 000100128 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libegl.dll
2018-08-30 17:20 - 2018-08-30 17:20 - 000575704 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-08-30 17:20 - 2018-08-30 17:20 - 000896216 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-08-30 17:19 - 2018-08-30 17:19 - 000986840 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-08-30 17:19 - 2018-08-30 17:19 - 000541400 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-08-30 17:19 - 2018-08-30 17:19 - 000151768 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-09-27 15:53 - 2018-09-27 15:53 - 005702288 _____ () C:\Program Files\AVAST Software\Avast\defs\18092704\algo.dll
2011-03-29 15:22 - 2011-03-29 15:22 - 002834432 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2011-03-29 14:59 - 2011-03-29 14:59 - 000126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2011-03-29 15:24 - 2011-03-29 15:24 - 002850816 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2011-03-29 15:01 - 2011-03-29 15:01 - 002035712 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2011-03-29 15:02 - 2011-03-29 15:02 - 001929216 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2018-09-11 23:15 - 2018-09-11 23:15 - 000167424 _____ () C:\Program Files (x86)\TunnelBear\TunnelBear.VigilantBear.Wrapper.dll
2018-03-02 19:47 - 2018-03-02 19:47 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-05-04 14:12 - 2013-04-24 00:04 - 000159841 _____ () C:\Program Files (x86)\NCR\Passport Web Edition\zipfiles.dll
2017-08-02 20:14 - 2018-09-15 08:40 - 085627280 _____ () C:\Users\Tam\AppData\Roaming\Spotify\libcef.dll
2017-08-02 20:13 - 2018-09-05 13:14 - 000876320 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-08-02 20:13 - 2016-08-31 18:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-08-02 20:13 - 2016-08-31 18:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-08-02 20:13 - 2016-08-31 18:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-08-02 20:13 - 2018-09-08 13:31 - 002646304 _____ () C:\Program Files (x86)\Steam\video.dll
2017-12-14 16:29 - 2017-12-19 18:43 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2017-12-14 16:29 - 2017-12-19 18:43 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2017-12-14 16:29 - 2017-12-19 18:43 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2017-12-14 16:29 - 2017-12-19 18:43 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2017-12-14 16:29 - 2017-12-19 18:43 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2017-08-02 20:13 - 2018-09-08 13:31 - 001015584 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-08-02 20:13 - 2016-07-04 15:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2010-06-24 03:19 - 2010-06-24 03:19 - 000514570 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2017-09-30 11:52 - 2017-09-30 11:52 - 000169984 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\e2b79cf5a34865688d688e0a44a2e96e\IsdiInterop.ni.dll
2014-11-20 09:00 - 2011-01-12 18:56 - 000058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2017-08-02 20:14 - 2018-09-15 08:40 - 003867536 _____ () C:\Users\Tam\AppData\Roaming\Spotify\libglesv2.dll
2017-08-02 20:14 - 2018-09-15 08:40 - 000088464 _____ () C:\Users\Tam\AppData\Roaming\Spotify\libegl.dll
2018-05-01 12:11 - 2018-04-30 23:01 - 001891672 _____ () C:\Users\Tam\AppData\Local\Discord\app-0.0.301\ffmpeg.dll
2018-05-01 12:11 - 2018-04-30 23:01 - 001937752 _____ () C:\Users\Tam\AppData\Local\Discord\app-0.0.301\libglesv2.dll
2018-05-01 12:11 - 2018-04-30 23:01 - 000095576 _____ () C:\Users\Tam\AppData\Local\Discord\app-0.0.301\libegl.dll
2018-05-01 12:12 - 2018-08-29 15:43 - 011321176 _____ () \\?\C:\Users\Tam\AppData\Roaming\discord\0.0.301\modules\discord_voice\discord_voice.node
2018-05-01 12:12 - 2018-09-13 16:32 - 001615704 _____ () \\?\C:\Users\Tam\AppData\Roaming\discord\0.0.301\modules\discord_utils\discord_utils.node
2018-05-01 12:12 - 2018-05-01 12:12 - 000512856 _____ () \\?\C:\Users\Tam\AppData\Roaming\discord\0.0.301\modules\discord_erlpack\discord_erlpack.node
2018-05-01 12:12 - 2018-08-10 19:04 - 001641304 _____ () \\?\C:\Users\Tam\AppData\Roaming\discord\0.0.301\modules\discord_game_utils\discord_game_utils.node
2018-05-01 12:12 - 2018-09-21 19:11 - 001743704 _____ () \\?\C:\Users\Tam\AppData\Roaming\discord\0.0.301\modules\discord_overlay2\discord_overlay2.node
2018-05-01 12:12 - 2018-05-01 12:12 - 002722648 _____ () \\?\C:\Users\Tam\AppData\Roaming\discord\0.0.301\modules\discord_rpc\discord_rpc.node
2018-08-10 19:05 - 2018-09-26 17:17 - 001258840 _____ () \\?\C:\Users\Tam\AppData\Roaming\discord\0.0.301\modules\discord_modules\discord_modules.node
2018-08-10 19:04 - 2018-09-27 15:53 - 022032728 _____ () \\?\C:\Users\Tam\AppData\Roaming\discord\0.0.301\modules\discord_dispatch\discord_dispatch.node
2018-05-01 12:12 - 2018-05-01 12:12 - 002760536 _____ () \\?\C:\Users\Tam\AppData\Roaming\discord\0.0.301\modules\discord_contact_import\discord_contact_import.node
2018-05-01 12:12 - 2018-05-01 12:12 - 001249112 _____ () \\?\C:\Users\Tam\AppData\Roaming\discord\0.0.301\modules\discord_vigilante\discord_vigilante.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\AppData:CSM [474]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [470]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2018-09-27 15:48 - 000000828 _____ C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2257169433-888997055-2771706037-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tam\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{7CCADBBA-A5C5-473B-87BE-43F50DBE81D2}] => (Allow) C:\Program Files\HP\HP Officejet Pro X476dw MFP\bin\FaxApplications.exe
FirewallRules: [{70E3CD04-CEDE-405B-9BEC-2EEDA1E70F9E}] => (Allow) C:\Program Files\HP\HP Officejet Pro X476dw MFP\bin\DigitalWizards.exe
FirewallRules: [{0FF63F8C-0A94-4F0A-A1F2-292EA9B07430}] => (Allow) C:\Program Files\HP\HP Officejet Pro X476dw MFP\bin\SendAFax.exe
FirewallRules: [{07603151-249C-4D2A-911C-939562EB9864}] => (Allow) C:\Program Files\HP\HP Officejet Pro X476dw MFP\Bin\DeviceSetup.exe
FirewallRules: [{78D5CB0E-2A86-417C-A36B-C2C67775AC6A}] => (Allow) LPort=5357
FirewallRules: [{51818D0E-8664-4568-91CB-A1A440391CED}] => (Allow) C:\Program Files\HP\HP Officejet Pro X476dw MFP\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{440A91B4-2F63-4B03-A50D-27246F9CE13B}] => (Allow) C:\Users\Tam\AppData\Local\Temp\7zS69EF\HPDiagnosticCoreUI.exe
FirewallRules: [{0C88CA54-1F6D-4567-A7F8-8A0D7823EFA0}] => (Allow) C:\Users\Tam\AppData\Local\Temp\7zS69EF\HPDiagnosticCoreUI.exe
FirewallRules: [{E71431B8-CBF4-4984-B01A-E674FA252C0E}] => (Allow) C:\Users\Tam\AppData\Local\Temp\7zS6BB2\HPDiagnosticCoreUI.exe
FirewallRules: [{9022B8B2-A496-4980-9428-FE3EF57DCD69}] => (Allow) C:\Users\Tam\AppData\Local\Temp\7zS6BB2\HPDiagnosticCoreUI.exe
FirewallRules: [{9E809738-86A0-4B10-819D-6E74350A7697}] => (Allow) C:\Users\Tam\AppData\Local\Temp\7zS39FA\HPDiagnosticCoreUI.exe
FirewallRules: [{D29DDDDC-3D52-4025-9D25-B31B970EB944}] => (Allow) C:\Users\Tam\AppData\Local\Temp\7zS39FA\HPDiagnosticCoreUI.exe
FirewallRules: [{51476AB7-94B6-4259-8AEE-9DB55610796C}] => (Allow) C:\Program Files (x86)\NCR\Passport Web Edition\pwecsrvc.exe
FirewallRules: [{6F9ADD80-4E93-491C-9955-5A54C857FAF6}] => (Allow) C:\Program Files (x86)\NCR\Passport Web Edition\pwecsrvc.exe
FirewallRules: [TCP Query User{C4A30AED-6EB8-40D8-A40A-18AAB30455AF}C:\program files (x86)\ncr\passport web edition\pwecsrvc.exe] => (Block) C:\program files (x86)\ncr\passport web edition\pwecsrvc.exe
FirewallRules: [UDP Query User{907C6295-F912-4F7E-9A8B-7519450AFE0B}C:\program files (x86)\ncr\passport web edition\pwecsrvc.exe] => (Block) C:\program files (x86)\ncr\passport web edition\pwecsrvc.exe
FirewallRules: [{2A4A5232-6DFB-48EC-8CFE-71626DA9D43B}] => (Allow) C:\Users\Tam\AppData\Local\Temp\7zS30FE\HPDiagnosticCoreUI.exe
FirewallRules: [{F0FCB80E-7768-46C0-B6AF-BE10E4139CDA}] => (Allow) C:\Users\Tam\AppData\Local\Temp\7zS30FE\HPDiagnosticCoreUI.exe
FirewallRules: [{03265C5A-E4DC-4D82-803C-C82404475B25}] => (Allow) C:\Users\Tam\AppData\Local\Temp\7zS785D\HPDiagnosticCoreUI.exe
FirewallRules: [{1097AF4A-18E3-4F55-82E8-15E01EE6B3A8}] => (Allow) C:\Users\Tam\AppData\Local\Temp\7zS785D\HPDiagnosticCoreUI.exe
FirewallRules: [{F5AF3A5F-623B-42D3-B32E-8A55E98D942D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe
FirewallRules: [{5B1049F4-5026-4EFD-8197-07F7FB3314E1}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe
FirewallRules: [{72AC97C5-D7B0-4A38-8EA2-CCDD9AF745EB}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe
FirewallRules: [{81EF91C8-03E3-4E79-B108-28CBCD2CEC8E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe
FirewallRules: [{866F8E4E-27D4-4B12-BC75-2009A637C3EE}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{B91F0816-A975-4984-B866-EEB12F567CA8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BE6D6D6E-6046-4E79-B03A-7D633AB03A8A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{690B2023-5F3A-4411-B3CF-E477ADFD46B8}C:\users\tam\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tam\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{503A5628-BD03-4DE2-B65F-979D6CC58ED3}C:\users\tam\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tam\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A5815728-3DB7-4A0D-A36B-CE5B0F19595B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B97790D4-A2F6-41D8-8633-EEA58F9A6DB5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F03DA23A-0148-45D2-9ACB-36E325D01270}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{ADE05187-BCEA-49F2-B351-ED04E46C7EF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{BAEA56CB-E5F6-4A4C-A02C-0251FD5A66AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{0ABA6553-A0A1-4592-8F7A-81725932626F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{8C21CB0E-E49F-421E-BF1B-9682BD8785BD}C:\users\tam\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tam\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{DF40C8D8-188A-4706-A9C9-BFC40921D778}C:\users\tam\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tam\appdata\roaming\spotify\spotify.exe
FirewallRules: [{9E491C2A-B72F-475B-8EF1-7D9698CA118E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{D014E380-979F-42FA-ADAB-8BB1D9ED167A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [TCP Query User{F249C9C9-5F32-4455-891C-E873593A3FD0}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{2D67527B-D8ED-40F2-88DB-06FCF464F418}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{4195C0BF-FA50-4350-A1EC-58FDF7341A03}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{BFCD4352-AD68-435F-8D99-38E529D4FAA7}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{0AF511D3-7440-4685-B4DD-64831059B8C3}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{8849F1CB-7CB2-47C1-AF11-06CDEA0D3E56}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{2E5E8D72-4797-4DB0-89FF-D8DA767AA3D6}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{020011A4-583B-4160-A594-632AADCD2513}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Town of Salem\TownOfSalem.exe
FirewallRules: [{732B8F98-66B5-4E77-9188-2730CC3FC182}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Town of Salem\TownOfSalem.exe
FirewallRules: [TCP Query User{B649506D-55D7-47AF-8928-D08FB696FFE6}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{A91591AD-FC2F-4F9B-B24A-42C50A57C5F3}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{13D139E6-E4DD-49ED-A6A4-DC01C76515FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{72022124-2113-4D02-AAAE-B617FF287633}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{C330EB0D-67C9-48D3-8762-E8FC0B60F922}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{015D341E-4C52-4682-8DB6-A5E80CEC386B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{95505B45-C4CB-418A-B12E-9B6385A6C7F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{49E3EE02-847F-4EDD-9D99-075B67CC34C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{083FD0B8-20E6-405E-817A-442ECB88FA02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{BC8ED6C6-9E91-4834-B208-73648FA0AEA7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{88648AB7-73D7-4AA0-9A4B-1CAA8D3094AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{189A4B69-3BA8-4801-8889-B5369E8A8832}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{D6E8DD90-EF68-4DD1-826D-A2095850923A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{E37EAC8F-6365-4377-A39C-A696CF6F54BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{A776D00D-1BDC-4B57-B645-EF5B30C8EC43}] => (Allow) C:\Users\Tam\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{9CECFFD7-64C5-452A-A3E3-615BE9BB1A9B}] => (Allow) C:\Users\Tam\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{A8BDC1B2-034F-456F-9D4D-EFA6D0843EC5}] => (Allow) C:\Users\Tam\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{95233E85-FFA9-4760-A2E7-2E92F5ED2403}] => (Allow) C:\Users\Tam\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{EB3DFABF-D1F3-4D5F-BD8F-038CE2DF5EBC}] => (Allow) C:\Users\Tam\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{5A9E559E-4C2B-4F5C-8E39-EFA8C3231426}] => (Allow) C:\Users\Tam\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{5D7225CA-1BD2-4A5B-969D-4BF699204159}] => (Allow) C:\Users\Tam\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{E91C458B-CCFA-4763-9A1B-0E77A42CE6BC}] => (Allow) C:\Users\Tam\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{A289501C-9D7A-49B4-8CFC-F5F7C69CAF9E}] => (Allow) C:\Users\Tam\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{9295A3A5-9AAC-4613-A788-C229A1236C90}] => (Allow) C:\Users\Tam\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{96938E64-72AD-46B8-AA9E-AE859C8A801A}] => (Allow) C:\Users\Tam\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{C0520E5B-E099-4727-A0AB-36730FA14D95}] => (Allow) C:\Users\Tam\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{9164CC30-B1D6-4B03-B1CC-C4FB37052959}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blender\blender.exe
FirewallRules: [{97B1785C-5303-4DAA-AF3F-D4EF86676C1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blender\blender.exe
FirewallRules: [TCP Query User{9FC02103-DBA5-4351-AAFD-E5A617FC5536}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{F8DA4790-60C4-4A18-90B3-03088247589F}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{294CAE50-1F07-4C81-92D8-6CC8EB31C96F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{0A1F885D-D211-494A-9E71-E277C53D842A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [TCP Query User{4610C18D-B098-42E6-A9FF-D62402EA96FD}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe
FirewallRules: [UDP Query User{A843AB4A-3F41-4830-86AA-892371E8C4AF}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe
FirewallRules: [TCP Query User{85BD7827-572E-4F8E-8B09-89A0243F09BB}C:\program files (x86)\steam\steamapps\common\skyforge\gamecenter\gamecenter.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\skyforge\gamecenter\gamecenter.exe
FirewallRules: [UDP Query User{EF15A1DE-AFE2-48A9-A03E-5B8B1750F769}C:\program files (x86)\steam\steamapps\common\skyforge\gamecenter\gamecenter.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\skyforge\gamecenter\gamecenter.exe
FirewallRules: [{8F6C4DF1-0AE0-4FEF-B11E-CD79FCEB1BD4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StickFightTheGame\StickFight.exe
FirewallRules: [{33E81729-47CD-4896-A013-7D330DCA3E69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StickFightTheGame\StickFight.exe
FirewallRules: [{77228FC8-20F8-45B9-AC82-62940D44828E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\DirtyBombLauncher.exe
FirewallRules: [{8538FC27-188C-41E0-82EA-C897D2A29131}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\DirtyBombLauncher.exe
FirewallRules: [TCP Query User{C75B9169-86C5-41F5-9FD8-E7A077CA4F50}C:\Program Files (x86)\Steam\steamapps\common\dirty bomb\Binaries\Win64\shootergame-win32-shipping.exe] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dirty bomb\Binaries\Win64\shootergame-win32-shipping.exe
FirewallRules: [UDP Query User{081D63B0-FBC1-4D76-884C-15589709FA30}C:\Program Files (x86)\Steam\steamapps\common\dirty bomb\Binaries\Win64\shootergame-win32-shipping.exe] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dirty bomb\Binaries\Win64\shootergame-win32-shipping.exe
FirewallRules: [TCP Query User{56A33ED3-5BA4-4A17-9B25-7FBBFE50C02F}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{9ED00435-9977-46B9-B69A-EF6F7907C076}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{83DE39F0-CAB4-4050-9900-830764007A09}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{B208BAE7-303D-482E-8E26-16F1703C067F}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{1E004FE9-8D43-4286-B017-E92CC5F59BBF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{1B3E4E79-BAF9-4EEB-89E3-F07198792C71}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{F5AC149A-907A-4A6C-9394-3D42D8912352}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B4E97783-DC30-4C63-889D-A2C7C46B92D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{BF90A9F0-7147-4E68-99D3-9A4DC239C316}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe

==================== Restore Points =========================

18-09-2018 20:24:18 paint.net 4.1.1
23-09-2018 09:29:41 Removed Microsoft Office Enterprise 2007
23-09-2018 09:56:05 Windows Backup
23-09-2018 19:44:07 TunnelBear
23-09-2018 19:48:27 Device Driver Package Install: TunnelBear Provider V9 Network adapters

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/27/2018 03:57:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (09/26/2018 08:10:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58eb9957
Faulting module name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58eb9957
Exception code: 0x40000015
Fault offset: 0x000000000022af96
Faulting process id: 0x1ee0
Faulting application start time: 0x01d45609884916a6
Faulting application path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Faulting module path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Report Id: e01b1de4-c202-11e8-8ca3-402cf486f020

Error: (09/26/2018 07:20:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58eb9957
Faulting module name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58eb9957
Exception code: 0x40000015
Fault offset: 0x000000000022af96
Faulting process id: 0x5d4
Faulting application start time: 0x01d455f6c85916ae
Faulting application path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Faulting module path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Report Id: f883a7eb-c1fb-11e8-af51-402cf486f020

Error: (09/26/2018 05:20:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (09/26/2018 05:20:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (09/26/2018 05:19:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (09/26/2018 05:19:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (09/26/2018 05:19:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.


System errors:
=============
Error: (09/27/2018 03:54:17 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (09/27/2018 03:51:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Health Check Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/27/2018 03:48:52 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The TunnelBear Maintenance service hung on starting.

Error: (09/26/2018 08:10:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) PROSet/Wireless Zero Configuration Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/26/2018 07:29:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Health Check Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/26/2018 07:28:25 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hpqwmiex service.

Error: (09/26/2018 07:24:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The hpHotkeyMonitor service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (09/26/2018 07:24:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the hpHotkeyMonitor service to connect.


Windows Defender:
===================================
Date: 2016-07-25 14:56:13.887
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{11707ADB-6682-495C-9E05-FDF64F2B364D}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2016-07-15 13:42:57.736
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{72D6BEE8-2B7A-4E13-B43E-50A852483A36}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2016-05-11 09:14:39.479
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{2E906847-EA11-4E5D-8D1A-C1057D80A8E0}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz
Percentage of memory in use: 69%
Total physical RAM: 8142.36 MB
Available physical RAM: 2512.93 MB
Total Virtual: 16282.9 MB
Available Virtual: 9591.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:445.11 GB) (Free:130.85 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:15.36 GB) (Free:2.28 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:4.99 GB) (Free:2.13 GB) FAT32

\\?\Volume{ce54d045-70d4-11e4-bbec-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 037064DD)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=445.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=0C)

==================== End of Addition.txt ============================
[/quote]
Ore
Active Member
 
Posts: 12
Joined: September 23rd, 2018, 12:02 am

Re: Suspicious Behavior of Computer

Unread postby pgmigg » September 28th, 2018, 6:11 pm

Hi Ore,

Thank you for all additional scans and now we will start to clean your computer based on scans...

Step 1.
Create a Backup With Tweaking.com Registry Backup (TCRB)
There is also a tutorial with pictures available HERE.
  1. I saw TCRB in the list of installed programs - if it is not so, please download TCRB from HERE and save it to your Desktop, then double-click on tweaking.com_registry_backup_setup.exe and follow the prompts to install TCRB.
  2. Launch TCRB.
  3. Click the Backup Registry tab and make sure all the boxes are checked.
  4. Click on Backup Now.
  5. Once the backup is finished you can now exit the program.
< STOP > Do not proceed any further if you were not able to create a registry backup. Post back with what happened so we can determine why it was unsuccessful.

Step 2.
Remove Program
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without into the open text entry box:
    (Click the Select all button next to Code: to select the entire script).
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click on the every Entrys in a row below, if it exists, choose Uninstall, and give permission to Continue:
    Gyazo 3.3.2
    Java 8 Update 171
  4. When all programs have been uninstalled, please close Control Panel
  5. Reboot (restart) your computer.

Step 3.
FRST Fix
  1. Close all your programs.
  2. You should still have FRST64.exe on your Desktop. If not please download it HERE and save it on your Desktop.
  3. Click Start and type notepad.exe in the search programs and files box and click Enter - a blank Notepad page should open.
    • Copy and Paste the following script into Notepad, but do not include the words Code: Select all.
    • (Click the Select all button next to Code: to select the entire script).
    Code: Select all
    CreateRestorePoint:
    
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
    SearchScopes: HKU\S-1-5-21-2257169433-888997055-2771706037-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
    FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-29] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-29] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    CHR Extension: (Chromium License) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\egebdhfpiokhoiflhfpfcafldnljfjhi [2018-09-14] [UpdateUrl: hxxp://goguardian.com/licenses/update.php] <==== ATTENTION
    CHR Extension: (Chromium M) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\haldlgldplgnggkjaafhelgiaglafanh [2018-09-21] [UpdateUrl: hxxps://ext.goguardian.com/stable.xml] <==== ATTENTION
    CHR Extension: (Chromium License) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\egebdhfpiokhoiflhfpfcafldnljfjhi [2018-09-24] [UpdateUrl: hxxp://goguardian.com/licenses/update.php] <==== ATTENTION
    CHR Extension: (Chromium M) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\haldlgldplgnggkjaafhelgiaglafanh [2018-09-24] [UpdateUrl: hxxps://ext.goguardian.com/stable.xml] <==== ATTENTION
    2018-07-13 10:30 - 2018-07-13 10:30 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-1010997884759045236.dll
    2018-06-30 17:35 - 2018-06-30 17:35 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-114281658366092378.dll
    2018-07-04 17:11 - 2018-07-04 17:11 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-1182409032652409725.dll
    2018-07-03 10:57 - 2018-07-03 10:57 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-1247301502591679042.dll
    2018-07-11 09:42 - 2018-07-11 09:42 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-1303097495445590414.dll
    2018-07-06 13:33 - 2018-07-06 13:33 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-1603202929396162931.dll
    2018-07-06 09:10 - 2018-07-06 09:10 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-1761239583132306730.dll
    2018-06-27 20:37 - 2018-06-27 20:37 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-2047772158787543379.dll
    2018-07-11 19:22 - 2018-07-11 19:22 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-2253401857238783313.dll
    2018-07-09 17:27 - 2018-07-09 17:27 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-2337436248905988063.dll
    2018-06-29 19:35 - 2018-06-29 19:35 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-2372963674945945934.dll
    2018-07-08 19:34 - 2018-07-08 19:34 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-2521842757455238398.dll
    2018-08-24 20:13 - 2018-08-24 20:13 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-2680262587391514660.dll
    2018-08-11 10:25 - 2018-08-11 10:25 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-2707917457910123223.dll
    2018-07-02 11:43 - 2018-07-02 11:43 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-2810650118798143401.dll
    2018-07-03 10:27 - 2018-07-03 10:27 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-2870714046650673636.dll
    2018-06-27 20:41 - 2018-06-27 20:41 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-3071523032528695610.dll
    2018-07-11 14:25 - 2018-07-11 14:25 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-3385157986456784627.dll
    2018-07-10 10:42 - 2018-07-10 10:42 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-3434624398456282948.dll
    2018-07-01 14:23 - 2018-07-01 14:23 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-346477479070217186.dll
    2018-07-04 09:29 - 2018-07-04 09:29 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-3631325410899275016.dll
    2018-07-11 14:23 - 2018-07-11 14:23 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-373937473051150468.dll
    2018-08-10 20:34 - 2018-08-10 20:34 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-3797971451813094983.dll
    2018-07-12 18:28 - 2018-07-12 18:28 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-3926862313536065590.dll
    2018-07-10 19:52 - 2018-07-10 19:52 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-4063391945295942949.dll
    2018-07-08 10:06 - 2018-07-08 10:06 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-4066721505298895358.dll
    2018-07-10 18:30 - 2018-07-10 18:30 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-4132040846415239579.dll
    2018-07-12 11:35 - 2018-07-12 11:35 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-4144250482012100336.dll
    2018-07-15 19:00 - 2018-07-15 19:00 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-437531092008481158.dll
    2018-07-02 19:14 - 2018-07-02 19:14 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-4394814674473502463.dll
    2018-07-08 19:31 - 2018-07-08 19:31 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-4600155326625628712.dll
    2018-08-25 10:12 - 2018-08-25 10:12 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-4602828893507657241.dll
    2018-07-06 13:19 - 2018-07-06 13:19 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-4905352235190754591.dll
    2018-06-30 09:05 - 2018-06-30 09:05 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-5169747604384495880.dll
    2018-07-06 13:32 - 2018-07-06 13:32 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-534242042647039370.dll
    2018-07-13 18:31 - 2018-07-13 18:31 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-564741236961404434.dll
    2018-07-11 11:59 - 2018-07-11 11:59 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-5669251281504923559.dll
    2018-07-05 18:20 - 2018-07-05 18:20 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-5834296964424461125.dll
    2018-07-02 19:11 - 2018-07-02 19:11 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-5948494479327703099.dll
    2018-09-21 20:01 - 2018-09-21 20:01 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-6158942759581855103.dll
    2018-07-05 20:55 - 2018-07-05 20:55 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-6403095216103572520.dll
    2018-07-01 15:47 - 2018-07-01 15:47 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-6482936984306456604.dll
    2018-07-06 11:22 - 2018-07-06 11:22 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-6502465683142607067.dll
    2018-07-03 19:19 - 2018-07-03 19:19 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-6602546209477100510.dll
    2018-07-08 12:14 - 2018-07-08 12:14 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-661082329947620103.dll
    2018-06-28 10:14 - 2018-06-28 10:14 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-6989482188008190806.dll
    2018-06-27 21:10 - 2018-06-27 21:10 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7041843333542640632.dll
    2018-06-30 09:29 - 2018-06-30 09:29 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7108392836448466782.dll
    2018-07-09 10:40 - 2018-07-09 10:40 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7111294482199110590.dll
    2018-07-06 11:06 - 2018-07-06 11:06 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7275546105858303092.dll
    2018-07-02 19:53 - 2018-07-02 19:53 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7529871326098192204.dll
    2018-06-29 14:17 - 2018-06-29 14:17 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7546508394981004453.dll
    2018-06-28 20:01 - 2018-06-28 20:01 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7676497325359457392.dll
    2018-07-30 18:39 - 2018-07-30 18:39 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7697523056367623835.dll
    2018-07-19 12:43 - 2018-07-19 12:43 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7710967688979411009.dll
    2018-07-08 19:35 - 2018-07-08 19:35 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7731973479955226278.dll
    2018-06-28 13:59 - 2018-06-28 13:59 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-8094715428981414831.dll
    2018-07-05 10:33 - 2018-07-05 10:33 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-8151255613658643985.dll
    2018-07-07 19:48 - 2018-07-07 19:48 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-8167974497104031064.dll
    2018-06-29 09:39 - 2018-06-29 09:39 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-8284759178324540238.dll
    2018-07-06 19:07 - 2018-07-06 19:07 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-8521551276089244759.dll
    2018-07-02 21:16 - 2018-07-02 21:16 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-8645719817980766821.dll
    2018-07-02 11:30 - 2018-07-02 11:30 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-8704415041380251485.dll
    2018-07-11 11:55 - 2018-07-11 11:55 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-904380684433355865.dll
    2018-08-26 20:45 - 2018-08-26 20:45 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-9102354454545170408.dll
    Task: {56727B13-3A24-411A-91C6-EFC2345BFAF7} - \GyazoUpdateTaskMachine -> No File <==== ATTENTION
    Task: {9A398686-900B-4A96-A87F-2A84B2145AF0} - \GyazoUpdateTaskMachineDaily -> No File <==== ATTENTION
    AlternateDataStreams: C:\Users\Public\AppData:CSM [474]
    AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [470]
    
    EmptyTemp:
    
  4. Save it next to FRST64.exe as fixlist.txt.
    Important! fixlist.txt must be saved in the same directory as FRST64.exe to work.
  5. Right click on FRST64.exe and select Run as administrator.
  6. Press the Fix button one time only and wait.
  7. When FRST finishes you will be prompted to reboot your computer. Click OK.
  8. Your computer should now restart. On reboot navigate to your Desktop where you should find Fixlog.txt. Copy and paste the contents in your reply.

Step 4.
Scan with AdwCleaner.
  1. Please download AdwCleaner and save it to your Desktop.
  2. Double click AdwCleaner.exe to run it.
  3. Click Yes on UAC question and I Agreeon Welcome window.
  4. Click Scan now button. If it will ask for update please decline it by click No.
  5. On Scan Results screen, please click View Scan Results Log button and the Notepad with a log file AdwCleaner[Sxx].txt will be opened.
  6. Close the AdwCleaner.
  7. Please post the contents of AdwCleaner[Sxx].txt log file with your next reply.
  8. You can also find the log file at C:\AdwCleaner[Sxx].txt.

AT THIS POINT, DO NOT ATTEMPT TO CLEAN ANYTHING THAT MAY BE FOUND

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the fixlog.txt log file
  3. Content of the C:\AdwCleaner[Sxx].txt
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 290 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware