Malware/Virus - Ads - Windows 8.1 x64

[jcgriff2]

​

Go to Additional.txt log



FRST.txt log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-06-2019
Ran by PalmDesert (administrator) on SYSNATIVEFORUMS (Hewlett-Packard HP ENVY TS 17 Notebook PC) (26-06-2019 13:30:21)
Running from C:\Users\PalmDesert\Desktop
Loaded Profiles: PalmDesert & Administrator (Available Profiles: John & PalmDesert & Administrator)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: IE
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\stacsv64.exe
(IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) Driver & Support Assistant -> Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSATray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Validity Sensors, Inc.) [File not signed] C:\Windows\System32\valWBFPolicyService.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (IDT, Inc.) [File not signed]
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\ecmdS.exe [177928 2019-04-12] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [126712 2018-09-26] (Intel(R) Driver & Support Assistant -> Intel)
HKU\S-1-5-21-1461392579-4181801996-906341333-1004\...\Run: [com.squirrel.Teams.Teams] => C:\Users\PalmDesert\AppData\Local\Microsoft\Teams\Update.exe [1777776 2019-06-25] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-1461392579-4181801996-906341333-1004\...\MountPoints2: {0caa05ea-c0b1-11e4-8288-a01d48c2bd4c} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-1461392579-4181801996-906341333-1004\...\MountPoints2: {2d3518a2-c34c-11e4-828a-a01d48c2bd4c} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-1461392579-4181801996-906341333-1004\...\MountPoints2: {32a1445a-5783-11e8-82e1-a01d48c2bd4c} - "F:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-1461392579-4181801996-906341333-1004\...\MountPoints2: {3f87e65b-0312-11e9-82ea-a01d48c2bd4c} - "F:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-1461392579-4181801996-906341333-1004\...\MountPoints2: {9494b24c-dfc9-11e3-8263-a0886915d40b} - "F:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
HKLM\Software\...\AppCompatFlags\Custom\iisexpress.exe: [{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb] -> IIS Express Application Compatibility Database for x64
HKLM\Software\...\AppCompatFlags\Custom\iisexpress.exe: [{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb] -> IIS Express Application Compatibility Database for x86
HKLM\Software\...\AppCompatFlags\InstalledSDB\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}: [DatabasePath] -> C:\Windows\AppPatch\Custom\Custom64\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb [2012-05-29]
HKLM\Software\...\AppCompatFlags\InstalledSDB\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}: [DatabasePath] -> C:\Windows\AppPatch\Custom\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb [2012-05-29]
HKLM\Software\...\Authentication\Credential Providers: [AutorunsDisabled] ->
HKLM\Software\...\Authentication\Credential Providers: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2014-03-28] (Softex Inc..) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2014-03-28] (Softex Inc..) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2017-02-11] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-07-29]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass (Marvasol Inc) -> LastPass)
Startup: C:\Users\PalmDesert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2018-09-06] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01E87B61-25FE-4272-801B-851BE25FC7DF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-26] (Google Inc -> Google Inc.)
Task: {04AB8580-EE4D-49FD-A8FB-315813F670E8} - System32\Tasks\Opera scheduled Autoupdate 1475457497 => C:\Program Files (x86)\Opera\launcher.exe [1493592 2019-06-14] (Opera Software AS -> Opera Software)
Task: {1A4FDA62-6898-45CD-A979-8CA64401752B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [28472 2013-08-29] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {1E580660-95FF-4253-8A15-0387C4D512C1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [652664 2019-01-31] (HP Inc. -> HP Inc.)
Task: {20A5FA5A-C2FF-4FB3-8100-C56804240C5C} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {25FFBFC5-A675-4EF3-B1F6-1DA2F857ECB6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1461392579-4181801996-906341333-1004UA => C:\Users\PalmDesert\AppData\Local\Google\Update\GoogleUpdate.exe [153752 2017-04-15] (Google Inc -> Google Inc.)
Task: {27336AB6-2060-4FA2-99C0-EC625F1C44A6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [630584 2014-05-12] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {29904C5F-FD3C-4D2E-9642-9235B117CED5} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [56704 2014-05-30] (TechSmith Corporation -> TechSmith Corporation)
Task: {39BDC308-691E-4120-9B0C-D44D86040A7A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [974648 2015-01-21] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {44EF8524-1D2E-453F-A9A5-574CD0A29689} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [910024 2015-04-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {45F7152A-58E5-40D5-9C3D-8672A0D89CB5} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_108_pepper.exe [1454592 2018-09-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {4C256593-E1A7-421C-82BF-DAAAFBC52A53} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1461392579-4181801996-906341333-1004Core => C:\Users\PalmDesert\AppData\Local\Google\Update\GoogleUpdate.exe [153752 2017-04-15] (Google Inc -> Google Inc.)
Task: {4FAAEEE1-4480-4967-ADF5-3828A7F45F30} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {5121EC35-F40F-4AFB-9712-FBDC76F6AFA2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16494464 2019-03-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {52E877E3-91ED-4EA8-917F-E0F760654723} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [910024 2015-04-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {5B7B8BA7-6F1D-472D-B32F-9A6CFE5401D2} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {63666F3C-476E-4A0D-B5DF-1F1F50E60350} - System32\Tasks\{09942B19-4DF9-4CE5-BE33-16AB875C27E2} => C:\Windows\system32\pcalua.exe -a C:\Users\PalmDesert\_jcgriff2_\dbug\__Kernel__\CmdHerePowertoySetup.exe -d C:\Users\PalmDesert\Desktop
Task: {677E2792-0E75-46BA-8FBF-01E86FAB47BA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {67B4EE09-5EAF-4397-9641-2B602AC7FB18} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {889026A9-FEDE-48B7-B282-CD07FA76553E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {97EB79F1-D48C-43A0-AC07-F5D8D750F0A5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [541496 2013-08-29] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {AD7278EA-CD33-46D7-AE4F-60523885CF54} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-03-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {B33A8D87-733A-41FF-B663-357A74CA28DD} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2013-06-07] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
Task: {B5A3299E-3050-49DF-9B82-BF665E4A0588} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {BC474247-4F1F-4E3F-B492-7EE991D5E8E4} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-01] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {C6FE6C2D-A93F-447E-A05C-F3E8C21E13F2} - System32\Tasks\eM Client Database Backup (S-1-5-21-1461392579-4181801996-906341333-1004) => C:\Program Files (x86)\eM Client\DbBackup.exe
Task: {D74EA3CB-5B20-400F-873F-492CEDD4540F} - System32\Tasks\HPCeeScheduleForPalmDesert => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [91704 2010-09-14] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {DE162FFB-1416-4E66-A6C2-9ACC1E45D9B3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [24888 2013-08-29] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {E59D465A-00E5-42DD-A6F1-CADB6ABDF327} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [541496 2013-08-29] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {F167E532-254A-4C2F-8962-DDB91167FD6F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-26] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleForPalmDesert.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{313A666F-B3E9-430F-8E74-4F5BD5A183FE}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EEB2BD5A-055E-49AD-86A8-CC361E7248D7}: [DhcpNameServer] 192.168.1.1
HKLM\System\...\Parameters\PersistentRoutes: [169.254.0.0,255.255.0.0,192.168.1.4,1]
HKLM\System\...\Parameters\PersistentRoutes: [169.254.0.0,255.255.0.0,192.168.56.1,1]

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-1461392579-4181801996-906341333-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-1461392579-4181801996-906341333-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://www.google.com
HKU\S-1-5-21-1461392579-4181801996-906341333-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL--jcgriff2 = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-1461392579-4181801996-906341333-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-1461392579-4181801996-906341333-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM -> {E605DCC0-EE53-4428-9DF6-8405C7CB53CC} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {E605DCC0-EE53-4428-9DF6-8405C7CB53CC} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1461392579-4181801996-906341333-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1461392579-4181801996-906341333-1004 -> {513D7703-C1B1-45B1-A914-1B92DED4F81B} URL = hxxp://www.youtube.com/results?search_query={searchTerms}
SearchScopes: HKU\S-1-5-21-1461392579-4181801996-906341333-1004 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKU\S-1-5-21-1461392579-4181801996-906341333-1004 -> {E605DCC0-EE53-4428-9DF6-8405C7CB53CC} URL =
SearchScopes: HKU\S-1-5-21-1461392579-4181801996-906341333-500 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1461392579-4181801996-906341333-500 -> {E605DCC0-EE53-4428-9DF6-8405C7CB53CC} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-12-25] (LastPass (Marvasol Inc) -> LastPass)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH -> Eyeo GmbH)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-12-25] (LastPass (Marvasol Inc) -> LastPass)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH -> Eyeo GmbH)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-12-25] (LastPass (Marvasol Inc) -> LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-12-25] (LastPass (Marvasol Inc) -> LastPass)
Toolbar: HKU\S-1-5-21-1461392579-4181801996-906341333-1004 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1500180946189
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2019-01-25] (Belarc, Inc. -> Belarc, Inc.)

FireFox:
========
FF DefaultProfile: 0j1kkhgr.default
FF DefaultProfile: wgfeo89h.default
FF DefaultProfile: g6ylr5yj.default
FF ProfilePath: C:\Users\PalmDesert\AppData\Roaming\Waterfox\Profiles\0j1kkhgr.default [2019-02-24]
FF SearchPlugin: C:\Users\PalmDesert\AppData\Roaming\Waterfox\Profiles\0j1kkhgr.default\searchplugins\avg-secure-search.xml [2014-12-12]
FF ProfilePath: C:\Users\PalmDesert\AppData\Roaming\Mozilla\SeaMonkey\Profiles\y4ghwpdm.default [2019-03-25]
FF Extension: (DOM Inspector) - C:\Users\PalmDesert\AppData\Roaming\Mozilla\SeaMonkey\Profiles\y4ghwpdm.default\Extensions\inspector@mozilla.org [2017-07-04] [Legacy]
FF Extension: (ChatZilla) - C:\Users\PalmDesert\AppData\Roaming\Mozilla\SeaMonkey\Profiles\y4ghwpdm.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2017-07-04] [Legacy]
FF Extension: (JavaScript Debugger) - C:\Users\PalmDesert\AppData\Roaming\Mozilla\SeaMonkey\Profiles\y4ghwpdm.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2017-07-04] [Legacy]
FF ProfilePath: C:\Users\PalmDesert\AppData\Roaming\Mozilla\Firefox\Profiles\wgfeo89h.default [2019-06-25]
FF Homepage: Mozilla\Firefox\Profiles\wgfeo89h.default -> hxxps://www.google.com/
FF Extension: (LastPass: Free Password Manager) - C:\Users\PalmDesert\AppData\Roaming\Mozilla\Firefox\Profiles\wgfeo89h.default\Extensions\support@lastpass.com.xpi [2019-06-06]
FF Extension: (Tab Auto Refresh) - C:\Users\PalmDesert\AppData\Roaming\Mozilla\Firefox\Profiles\wgfeo89h.default\Extensions\{7fee47a1-8299-4576-90bf-5fd88d756926}.xpi [2019-06-14]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\PalmDesert\AppData\Roaming\Mozilla\Firefox\Profiles\wgfeo89h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-04-20]
FF ProfilePath: C:\Users\PalmDesert\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\g6ylr5yj.default [2019-04-06]
FF Homepage: Moonchild Productions\Pale Moon\Profiles\g6ylr5yj.default -> hxxps://www.google.com/
FF Extension: (DarkPitch) - C:\Users\PalmDesert\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\g6ylr5yj.default\Extensions\{4b13c0da-55d5-44ce-b98e-98e62085837f}.xpi [2018-07-30] [Legacy] [not signed]
FF SearchPlugin: C:\Users\PalmDesert\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\g6ylr5yj.default\searchplugins\dictionarycom.xml [2019-04-06]
FF SearchPlugin: C:\Users\PalmDesert\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\g6ylr5yj.default\searchplugins\merriam-webster.xml [2019-04-06]
FF SearchPlugin: C:\Users\PalmDesert\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\g6ylr5yj.default\searchplugins\openstreetmap.xml [2019-04-06]
FF SearchPlugin: C:\Users\PalmDesert\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\g6ylr5yj.default\searchplugins\referencecom.xml [2019-04-06]
FF SearchPlugin: C:\Users\PalmDesert\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\g6ylr5yj.default\searchplugins\the-weather-channel.xml [2019-04-06]
FF SearchPlugin: C:\Users\PalmDesert\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\g6ylr5yj.default\searchplugins\webopedia.xml [2019-04-06]
FF SearchPlugin: C:\Users\PalmDesert\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\g6ylr5yj.default\searchplugins\youtube.xml [2019-04-06]
FF ProfilePath: C:\Users\PalmDesert\AppData\Roaming\KompoZer\Profiles\7mglok1p.default [2014-12-06]
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: (FiddlerHook) - C:\Program Files (x86)\Fiddler2\FiddlerHook [2015-08-17] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-24] (Adobe Systems Incorporated -> )
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC -> DivX, LLC.)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-07-29] (LastPass (Marvasol Inc) -> LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-24] (Adobe Systems Incorporated -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1235205.dll [2019-03-15] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2015-10-29] (CANON INC.) [File not signed]
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC -> DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-06-02] (DivX, LLC -> DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-09] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-09] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-07-29] (LastPass (Marvasol Inc) -> LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-11-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc -> Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1461392579-4181801996-906341333-1004: @tools.google.com/Google Update;version=3 -> C:\Users\PalmDesert\AppData\Local\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-15] (Google Inc -> Google Inc.)
FF Plugin HKU\S-1-5-21-1461392579-4181801996-906341333-1004: @tools.google.com/Google Update;version=9 -> C:\Users\PalmDesert\AppData\Local\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-15] (Google Inc -> Google Inc.)
StartMenuInternet: Firefox-CAA81BCFEDD8FDC2 - C:\Program Files\Mozilla\Waterfox\waterfox.exe

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\PalmDesert\AppData\Local\Google\Chrome\User Data\Default [2019-06-26]
CHR Extension: (Google Drive) - C:\Users\PalmDesert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-26]
CHR Extension: (YouTube) - C:\Users\PalmDesert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-26]
CHR Extension: (Honey) - C:\Users\PalmDesert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2019-06-15]
CHR Extension: (sound on click) - C:\Users\PalmDesert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejchjkneplcffgcopialnjofdhhggjik [2019-05-15]
CHR Extension: (AdBlock) - C:\Users\PalmDesert\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-06-13]
CHR Extension: (Morpheon Dark) - C:\Users\PalmDesert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2018-09-23]
CHR Extension: (No Name) - C:\Users\PalmDesert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2019-06-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\PalmDesert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-26]
CHR Extension: (Accurate Ruler) - C:\Users\PalmDesert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemefhlbiinkcopbapnfghcnjhlgceof [2018-11-23]
CHR Extension: (Gmail) - C:\Users\PalmDesert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-01]
CHR Extension: (Chrome Media Router) - C:\Users\PalmDesert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-15]
CHR Profile: C:\Users\PalmDesert\AppData\Local\Google\Chrome\User Data\System Profile [2019-06-25]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [462704 2018-12-07] (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2019-03-15] (Microsoft Windows -> Microsoft Corporation)
S4 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation -> Microsoft Corporation)
S4 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [23800 2018-09-26] (Intel(R) Driver & Support Assistant -> Intel)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2359312 2019-04-12] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2359312 2019-04-12] (ESET, spol. s r.o. -> ESET)
S4 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-08-29] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
S4 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-07-23] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [181512 2016-07-12] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] (Canon Inc. -> )
S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Trusted Connect Service -> Intel(R) Corporation)
S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-09] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
S4 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-07-01] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
S4 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-12] (Intel(R) Smart Connect software -> )
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S4 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3894760 2017-06-26] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-09-05] (Intel Corporation -> )
S3 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
S4 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation -> Microsoft Corporation)
S4 sesvc; C:\Program Files (x86)\ShadowExplorer_SystemRostore_ShadowCopyFiles\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed]
S4 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
S4 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2015-04-28] (Microsoft Corporation) [File not signed]
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH -> TeamViewer GmbH)
S4 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3408384 2015-01-26] (TechSmith Corporation) [File not signed]
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [32768 2013-08-01] (Validity Sensors, Inc.) [File not signed]
S4 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation -> Microsoft Corporation)
S4 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4059744 2018-09-05] (Intel Corporation -> Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [53424 2015-06-29] (Hewlett-Packard Company -> Hewlett-Packard)
R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [51120 2016-12-21] (CHENGDU AOMEI Tech Co., Ltd. -> )
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [171952 2016-12-21] (CHENGDU AOMEI Tech Co., Ltd. -> )
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [38320 2017-09-01] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Broadcom Corporation -> Windows (R) Win 7 DDK provider)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1385784 2013-06-27] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
S3 cpuz136; C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [25320 2013-08-24] (CPUID -> CPUID)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [145600 2019-03-14] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [251632 2015-07-13] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15800 2019-06-05] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [188240 2019-03-14] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [110000 2019-03-14] (ESET, spol. s r.o. -> ESET)
R0 hpdskflt; C:\Windows\System32\DRIVERS\hpdskflt.sys [40624 2015-06-29] (Hewlett-Packard Company -> Hewlett-Packard)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [357648 2016-07-12] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] (Intel(R) Smart Connect software -> )
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] (Intel(R) Smart Connect software -> )
S3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-07] (Intel(R) Smart Connect software -> )
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] (Intel(R) Smart Connect software -> )
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-06-13] (Malwarebytes Corporation -> Malwarebytes)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3595832 2018-12-10] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2013-08-21] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [43008 2018-04-06] (Intel Corporation -> )
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-28] (Microsoft Windows -> Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-01] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-01] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 STHDA; C:\Windows\system32\DRIVERS\stwrt64.sys [551936 2013-08-16] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [31840 2016-03-23] (Hewlett-Packard Company -> HP)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [31840 2016-03-23] (Hewlett-Packard Company -> HP)
S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-26 13:30 - 2019-06-26 13:30 - 000000000 ____D C:\Users\PalmDesert\Desktop\FRST-OlderVersion
2019-06-25 19:52 - 2019-06-25 19:52 - 000000985 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Altap Salamander (x64).lnk
2019-06-25 19:52 - 2019-06-25 19:52 - 000000973 _____ C:\Users\Public\Desktop\Salamander (x64).lnk
2019-06-25 19:51 - 2019-06-25 19:51 - 007297504 _____ (ALTAP) C:\Users\PalmDesert\Downloads\Altap_as308x64.exe
2019-06-25 19:41 - 2019-06-25 19:43 - 000000000 ____D C:\AdwCleaner
2019-06-25 11:42 - 2019-06-25 11:42 - 000002377 _____ C:\Users\PalmDesert\Desktop\Microsoft Teams.lnk
2019-06-25 11:42 - 2019-06-25 11:42 - 000000000 ____D C:\Users\PalmDesert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation
2019-06-25 11:42 - 2019-06-25 11:42 - 000000000 ____D C:\Users\PalmDesert\AppData\Roaming\Microsoft Teams
2019-06-25 11:41 - 2019-06-25 11:42 - 000000000 ____D C:\Users\PalmDesert\AppData\Local\SquirrelTemp
2019-06-25 09:20 - 2019-06-25 09:30 - 000008079 _____ C:\Users\PalmDesert\Desktop\Fixlog.txt
2019-06-17 14:47 - 2019-06-17 14:47 - 000000000 ____D C:\Users\PalmDesert\Documents\_______________WUNoAutoReboot
2019-06-17 14:23 - 2019-06-17 14:23 - 000001376 _____ C:\Users\PalmDesert\Documents\____________11a.reg
2019-06-13 10:44 - 2019-06-13 10:44 - 000001524 _____ C:\Users\PalmDesert\Desktop\mbam_06-13-2019.txt
2019-06-13 10:28 - 2019-06-13 10:28 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-06-13 10:28 - 2019-06-13 10:28 - 000001858 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-06-13 10:28 - 2019-06-13 10:28 - 000000000 ____D C:\Users\PalmDesert\AppData\Local\mbamtray
2019-06-13 10:28 - 2019-06-13 10:28 - 000000000 ____D C:\Users\PalmDesert\AppData\Local\mbam
2019-06-13 10:28 - 2019-06-13 10:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-06-13 10:28 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-06-13 10:27 - 2019-06-13 10:27 - 063182216 _____ (Malwarebytes ) C:\Users\PalmDesert\Desktop\mb3-setup-37469.37469-3.7.1.2839-1.0.586-1.0.10430.exe
2019-06-12 11:16 - 2019-06-26 13:30 - 002418688 _____ (Farbar) C:\Users\PalmDesert\Desktop\FRST64.exe
2019-06-11 15:12 - 2019-06-11 15:12 - 013126832 _____ (Adobe Inc.) C:\Users\PalmDesert\Downloads\adobe_shockwae_installer_12.3__sw_lic_full_installer.exe
2019-06-08 15:32 - 2019-06-08 15:32 - 001239752 _____ (Microsoft Corporation) C:\Users\PalmDesert\Downloads\WindowsLiveWriter2_wlsetup-web.exe
2019-06-08 15:20 - 2019-06-08 15:20 - 001146184 _____ (Microsoft Corporation) C:\Users\PalmDesert\Downloads\WindowsLiveWriter_wlsetup-web.exe
2019-06-03 14:20 - 2019-06-03 14:20 - 018352528 _____ (Corel Corporation) C:\Users\PalmDesert\Downloads\safari_browser_wzdu53.exe

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-26 13:31 - 2015-04-15 03:10 - 000038658 _____ C:\Users\PalmDesert\Desktop\FRST.txt
2019-06-26 13:30 - 2017-09-30 02:12 - 000000000 ____D C:\FRST
2019-06-26 13:28 - 2014-11-13 08:40 - 005760434 _____ C:\Windows\ntbtlog.txt
2019-06-26 12:21 - 2014-09-19 01:04 - 000000000 ____D C:\Users\PalmDesert\AppData\LocalLow\Adblock Plus for IE
2019-06-26 10:37 - 2016-01-24 00:34 - 000003974 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{14885DA5-717C-413A-9054-BDC34AB446AA}
2019-06-25 19:59 - 2014-03-15 08:26 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1461392579-4181801996-906341333-1004
2019-06-25 19:52 - 2017-07-03 14:14 - 000000000 ____D C:\Program Files\a3.08
2019-06-25 19:45 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-06-25 19:44 - 2015-05-23 21:27 - 000000000 ____D C:\Program Files\a3.06
2019-06-25 19:44 - 2015-01-12 01:04 - 000000000 ____D C:\Program Files\a3.05
2019-06-25 19:44 - 2014-06-04 04:23 - 000000000 ____D C:\Program Files\a3.2
2019-06-25 19:44 - 2013-08-22 09:25 - 000524288 ___SH C:\Windows\system32\config\BBI
2019-06-25 18:07 - 2017-06-17 23:06 - 000000000 ____D C:\Program Files\Mozilla
2019-06-25 17:32 - 2014-06-12 23:10 - 000000000 ____D C:\Users\PalmDesert\AppData\Local\CrashDumps
2019-06-25 17:23 - 2014-09-22 10:03 - 000104448 ___SH C:\Users\PalmDesert\Desktop\Thumbs.db
2019-06-25 17:06 - 2014-06-04 07:36 - 000000000 ____D C:\symbols
2019-06-25 16:55 - 2016-03-20 11:45 - 000000000 ____D C:\_jcgriff2_
2019-06-25 16:41 - 2014-09-23 12:13 - 000000000 ____D C:\Program Files\a3.03
2019-06-25 15:57 - 2014-07-26 02:19 - 000000000 ____D C:\Users\PalmDesert\AppData\Roaming\vlc
2019-06-25 12:27 - 2019-03-31 18:52 - 000000000 ____D C:\Users\PalmDesert\Desktop\minidump
2019-06-25 09:48 - 2014-05-19 22:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-06-25 09:47 - 2014-03-15 08:21 - 000000000 ____D C:\Users\PalmDesert
2019-06-25 09:26 - 2014-11-11 02:24 - 000000000 ____D C:\Users\PalmDesert\AppData\LocalLow\Temp
2019-06-25 09:20 - 2018-12-20 21:02 - 000000208 _____ C:\Windows\SysWOW64\AbBakConfig.dat
2019-06-25 09:20 - 2018-12-20 21:02 - 000000150 _____ C:\Windows\SysWOW64\winsevr.dat
2019-06-25 09:14 - 2016-08-13 15:10 - 000001196 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2019-06-25 09:14 - 2016-08-13 15:10 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2019-06-23 09:42 - 2017-01-07 01:28 - 000000000 ____D C:\Users\PalmDesert\AppData\LocalLow\Mozilla
2019-06-19 16:40 - 2014-03-15 08:22 - 000000000 ____D C:\Users\PalmDesert\Documents\Youcam
2019-06-18 15:31 - 2017-07-01 01:32 - 000001067 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2019-06-18 15:31 - 2016-10-02 21:18 - 000003860 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1475457497
2019-06-18 15:31 - 2016-10-02 21:18 - 000000000 ____D C:\Program Files (x86)\Opera
2019-06-16 13:08 - 2017-07-25 06:43 - 000003198 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1461392579-4181801996-906341333-1004
2019-06-16 13:07 - 2016-04-23 18:23 - 000002374 _____ C:\Users\PalmDesert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2019-06-15 12:52 - 2014-03-15 18:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2019-06-15 12:50 - 2017-04-13 21:07 - 000001025 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2019-06-15 12:50 - 2017-04-13 21:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2019-06-14 22:58 - 2017-12-27 22:49 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-06-13 10:45 - 2014-03-18 16:10 - 000000000 ____D C:\Users\Administrator
2019-06-13 10:28 - 2014-09-15 14:14 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-06-13 00:19 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf
2019-06-12 11:27 - 2015-04-15 03:11 - 000066536 _____ C:\Users\PalmDesert\Desktop\Addition.txt
2019-06-12 06:19 - 2013-08-22 11:20 - 000000000 ____D C:\Windows\CbsTemp
2019-06-10 20:11 - 2018-12-11 21:41 - 000000384 _____ C:\Windows\Tasks\HPCeeScheduleForPalmDesert.job
2019-06-10 20:11 - 2013-08-22 10:44 - 000497280 _____ C:\Windows\system32\FNTCACHE.DAT
2019-06-10 20:10 - 2017-08-25 15:23 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-06-08 11:26 - 2017-02-09 21:45 - 000000000 ____D C:\ProgramData\CanonIJPLM
2019-06-05 09:28 - 2016-05-12 10:48 - 000015800 _____ (ESET) C:\Windows\system32\Drivers\eelam.sys
2019-06-04 14:30 - 2017-04-23 22:32 - 000000000 ____D C:\Users\PalmDesert\AppData\Textpad File Backups - installed 04-23-2017
2019-05-31 12:40 - 2014-05-19 22:30 - 000000963 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk

==================== Files in the root of some directories ================

2015-07-29 19:35 - 2015-07-29 19:35 - 016790552 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2016-10-10 16:11 - 2016-10-10 16:11 - 000026991 _____ () C:\Users\PalmDesert\AppData\Roaming\Comma Separated Values.ADR
2015-07-04 18:08 - 2015-07-04 18:08 - 000265023 _____ () C:\Users\PalmDesert\AppData\Roaming\Windows Live Writer.zip
2017-05-03 21:52 - 2017-05-03 21:52 - 000000600 _____ () C:\Users\PalmDesert\AppData\Roaming\winscp.rnd
2014-07-24 03:12 - 2014-07-24 03:12 - 000039839 _____ () C:\Users\PalmDesert\AppData\Local\Perfmon.PerfmonCfg
2017-05-08 15:40 - 2017-05-08 15:40 - 000004636 _____ () C:\Users\PalmDesert\AppData\Local\recently-used.xbel
2014-04-01 20:33 - 2018-10-09 16:10 - 000007694 _____ () C:\Users\PalmDesert\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-06-22 03:35
==================== End of FRST.txt ============================

---

Addition.txt log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-06-2019
Ran by PalmDesert (26-06-2019 13:31:38)
Running from C:\Users\PalmDesert\Desktop
Windows 8.1 (Update) (X64) (2014-03-06 02:01:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1461392579-4181801996-906341333-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-1461392579-4181801996-906341333-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1461392579-4181801996-906341333-1003 - Limited - Enabled)
John (S-1-5-21-1461392579-4181801996-906341333-1001 - Administrator - Enabled) => C:\Users\John
PalmDesert (S-1-5-21-1461392579-4181801996-906341333-1004 - Administrator - Enabled) => C:\Users\PalmDesert

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{5F4E8D94-3947-4019-9239-D2541C9A35F2}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{7A5E4942-A527-42E6-A5FC-95109B756CA8}) (Version: 3.5.1.7 - Intel) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Active@ KillDisk 9.1 (HKLM\...\{81B939C1-0219-42B6-A352-D5E43F2BDFAE}_is1) (Version: 9.1 - LSoft Technologies Inc)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.5.205 - Adobe, Inc.)
Altap Salamander 3.08 (x64) (HKLM\...\Altap Salamander 3.08 (x64)) (Version: 3.08 - ALTAP)
AOMEI Backupper Standard (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version: - AOMEI Technology Co., Ltd.)
Application Verifier x64 External Package (HKLM\...\{77F3D72C-465F-BD51-890E-CC3914B1365F}) (Version: 8.100.25984 - Microsoft) Hidden
Application Verifier x64 External Package (HKLM\...\{A562D95E-887E-DACA-57C2-F39B08C58CCA}) (Version: 10.0.10075 - Microsoft) Hidden
Ashampoo Burning Studio 16 (HKLM-x32\...\{91B33C97-A730-69CE-7A4F-4ADF378BB993}_is1) (Version: 16.0.7 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio FREE (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)
Belarc Advisor 9.0 (HKLM-x32\...\Belarc Advisor) (Version: 9.0.0.0 - Belarc Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bullzip PDF Printer 10.6.0.2267 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.6.0.2267 - Bullzip)
Camtasia Studio 8 (HKLM-x32\...\{45F34E54-DAD9-405B-A4F6-B12B0A46B984}) (Version: 8.4.1.1745 - TechSmith Corporation)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.1.4 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.4.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.5.14 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.2.0 - Canon Inc.)
Canon MX470 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX470_series) (Version: 1.01 - Canon Inc.)
Canon MX470 series On-screen Manual (HKLM-x32\...\Canon MX470 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MX470 series User Registration (HKLM-x32\...\Canon MX470 series User Registration) (Version: - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.5.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.5.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.7.1 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.6.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.55 - Piriform)
CmdHere Powertoy For Windows XP (HKLM-x32\...\{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}) (Version: 1.00.0001 - Microsoft Corporation)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
ESET Security (HKLM\...\{BEFBE0CD-6723-4D98-8263-9A2C376BC6CD}) (Version: 12.1.34.0 - ESET, spol. s r.o.)
Event Log Explorer 4.3 (HKLM-x32\...\Event Log Explorer_is1) (Version: 4.3 - FSPro Labs)
Everything 1.4.1.877 (x86) (HKLM-x32\...\Everything) (Version: 1.4.1.877 (x86) - David Carpenter)
Far Manager 3 x64 (HKLM\...\{28851AE6-C23D-4596-8D70-3692B778EDA1}) (Version: 3.0.4949 - Eugene Roshal & Far Group)
Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.6.0.1 - Telerik)
Free Clipboard Viewer 3.0.1.0 (HKLM-x32\...\{FCDB66CF-06A8-46A1-8A5A-C2C4F7FB5223}_is1) (Version: 3.0 - Comfort Software Group)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-1461392579-4181801996-906341333-1004\...\HPConnectedMusic) (Version: 1.1 (build 112) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{1154543C-D5D0-49BE-A004-82EE0A3746AE}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7045.4591 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A}) (Version: 7.3.35.20 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{930B5F2B-8DB9-42F4-90E4-5D3DC30541C3}) (Version: 12.10.49.21 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{23EF407B-E7D0-4CB6-8916-43E5B9EEFDED}) (Version: 1.0.9 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{D2CC454E-69D8-4640-B9EE-5A272DF3404C}) (Version: 2.4.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HxD Hex Editor 2.0 (HKLM\...\HxD_is1) (Version: 2.0 - Maël Hörz)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.01.11 - Softex Inc.) Hidden
Intel(R) Computing Improvement Program (HKLM\...\{2C895850-899F-4E06-ADB6-28A654FFCF9D}) (Version: 2.2.04036 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1327.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{9B5FD763-5074-474C-B898-24567E6450C8}) (Version: 4.2.40.2439 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{ef2ad7ab-dd41-48ed-ae53-f7fe3cd903d8}) (Version: 3.5.1.7 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
Intellisense Language Pack for UAPMobile 10 (HKLM-x32\...\{89985358-4BB5-4EEE-84A9-DC2EA9EA1F47}) (Version: 10.0.12558 - Microsoft Corporation) Hidden
Kits Configuration Installer (HKLM-x32\...\{29B915AE-013F-151F-3E61-67F7363C3A09}) (Version: 10.1.17763.132 - Microsoft) Hidden
Kits Configuration Installer (HKLM-x32\...\{B74E65FD-CC47-41C5-4B89-791A3F61942D}) (Version: 8.100.25984 - Microsoft) Hidden
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Macrium Reflect Free Edition (HKLM\...\{6085136C-5E0B-4516-BA48-2B909062778A}) (Version: 6.3.1835 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.13 - Magical Jelly Bean)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.6 RC Multi-Targeting Pack (HKLM-x32\...\{F1052F45-79C1-48D6-979F-CC5B6F864615}) (Version: 4.6.00057 - Microsoft Corporation)
Microsoft .NET Framework 4.6 RC SDK (HKLM-x32\...\{7318F8D8-AFC9-499C-9909-1CA56E7E7FB4}) (Version: 4.6.00057 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Expression Blend 3 SDK (HKLM-x32\...\{256E7DAC-9BE8-494E-8DE7-7857BF96B774}) (Version: 1.0.1343.0 - Microsoft Corporation)
Microsoft Expression Blend 4 (HKLM-x32\...\Blend_4.0.20525.0) (Version: 4.0.20525.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for Silverlight 4 (HKLM-x32\...\{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}) (Version: 2.0.20525.0 - Microsoft Corporation)
Microsoft Expression Design 4 (HKLM-x32\...\Design_7.0.20516.0) (Version: 7.0.20516.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Pro (HKLM-x32\...\Encoder_4.0.1639.0) (Version: 4.0.1639.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{BF127B80-CFD5-4379-9752-E8AF1A5D0141}) (Version: 4.0.1639.0 - Microsoft Corporation)
Microsoft Expression Studio 4 (HKLM-x32\...\ExpressionStudio_4.0.20525.0) (Version: 4.0.20525.0 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1303.0) (Version: 4.0.1303.0 - Microsoft Corporation)
Microsoft Expression Web 4 Service Pack 2 (HKLM-x32\...\{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}) (Version: - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1461392579-4181801996-906341333-1004\...\OneDriveSetup.exe) (Version: 19.086.0502.0006 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1461392579-4181801996-906341333-1004\...\Teams) (Version: 1.2.00.13765 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1096.130 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Mozilla Firefox 67.0 (x64 en-US) (HKLM\...\Mozilla Firefox 67.0 (x64 en-US)) (Version: 67.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.5.1 - Mozilla)
Mozilla Thunderbird 60.7.2 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 60.7.2 (x86 en-US)) (Version: 60.7.2 - Mozilla)
MSI Development Tools (HKLM-x32\...\{369EB3E3-3C92-95AF-FC08-EE8768CE2D04}) (Version: 10.0.10075 - Microsoft Corporation) Hidden
MSI Development Tools (HKLM-x32\...\{CF3A1CA6-5E5E-B4BD-6CF1-363056816CA2}) (Version: 8.100.25984 - Microsoft Corporation) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden
Opera Mail 1.0 (HKU\S-1-5-21-1461392579-4181801996-906341333-1004\...\Opera 1.0.1044) (Version: 1.0.1044 - Opera Software ASA)
Opera Stable 60.0.3255.170 (HKLM-x32\...\Opera 60.0.3255.170) (Version: 60.0.3255.170 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pale Moon 28.4.0 (x64 en-US) (HKLM\...\Pale Moon 28.4.0 (x64 en-US)) (Version: 28.4.0 - Moonchild Productions)
PC Wizard 2013.2.12 (HKLM-x32\...\PC Wizard 2013_is1) (Version: - CPUID)
Pegasus Mail v4.72 (HKLM-x32\...\{6998396E-6D20-48FE-9200-4C9DFAFCED54}_is1) (Version: 4.72 - David Harris)
PhraseExpress Server v10.0.6 (HKLM-x32\...\PhraseExpress Server_is1) (Version: 10.0.6 - Bartels Media GmbH)
PhraseExpress v12.0.145 (HKLM-x32\...\PhraseExpress_is1) (Version: 12.0.145 - Bartels Media GmbH)
Pinger (HKLM-x32\...\{9B56B031-A6C0-4BB7-8F61-938548C1B759}) (Version: 1.1.1.2 - Pinger Inc.) Hidden
Pinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Recover Keys (HKLM-x32\...\Recover Keys_is1) (Version: 10.0.4.198 - Recover Keys)
Registry Backup and Restore (HKLM\...\Registry Backup and Restore_is1) (Version: - Acelogix)
Reko Decompiler (HKLM-x32\...\{6D695ECB-4E1B-41D7-AA99-FC9721183A93}) (Version: 0.7.1.0 - jklSoft)
Revo Uninstaller 2.1.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.0 - VS Revo Group, Ltd.)
Revo Uninstaller Pro 3.2.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.2.1 - VS Revo Group, Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
Screaming Frog SEO Spider (HKLM-x32\...\Screaming Frog SEO Spider) (Version: 2.55 - Screaming Frog Ltd)
SDK Debuggers (HKLM-x32\...\{9274C832-3D8A-A294-FDE8-8B9272357098}) (Version: 8.100.25984 - Microsoft Corporation) Hidden
SDK Debuggers (HKLM-x32\...\{A9F06890-9892-817F-EAD3-3E457AAC40B5}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
SeaMonkey 2.29.1 (x86 en-US) (HKLM-x32\...\SeaMonkey 2.29.1 (x86 en-US)) (Version: 2.29.1 - Mozilla)
SeaTools for Windows 1.4.0.5 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.5 - Seagate Technology)
ShadowExplorer 0.9 (HKLM-x32\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com)
SharePoint Client Components (HKLM\...\{95150002-1163-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SharePoint Client Components (HKLM\...\{95160001-1163-0409-1000-0000000FF1CE}) (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype version 8.42 (HKLM-x32\...\Skype_is1) (Version: 8.42 - Skype Technologies S.A.)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17042.12 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17042.12 - Samsung Electronics Co., Ltd.)
Snagit 12 (HKLM-x32\...\{588591F5-74D7-4646-87C5-6A07E526F303}) (Version: 12.3.2 - TechSmith Corporation)
Snagit Stamps Green-Letters (HKLM-x32\...\{018BD7C8-4113-11E1-A9E6-C0BD4724019B}) (Version: 1.0.0.0 - TechSmith Corporation) Hidden
Snagit Stamps Green-Numbers (HKLM-x32\...\{FBEC8682-4112-11E1-92F9-ABBD4724019B}) (Version: 1.0.0.0 - TechSmith Corporation) Hidden
Snagit Stamps Orange-Letters (HKLM-x32\...\{26E5FC52-4117-11E1-9874-03C34724019B}) (Version: 1.0.0.0 - TechSmith Corporation) Hidden
Snagit Stamps Orange-Numbers (HKLM-x32\...\{22EDAC30-4117-11E1-BA47-02C34724019B}) (Version: 1.0.0.0 - TechSmith Corporation) Hidden
Snagit Stamps Purple-Letters (HKLM-x32\...\{483B10D6-4117-11E1-925B-27C34724019B}) (Version: 1.0.0.0 - TechSmith Corporation) Hidden
Snagit Stamps Purple-Numbers (HKLM-x32\...\{4B777136-4117-11E1-AE24-28C34724019B}) (Version: 1.0.0.0 - TechSmith Corporation) Hidden
Snagit Stamps Windows-Interface (HKLM-x32\...\{39375D14-42D0-11E1-8E6B-27824824019B}) (Version: 1.0.0.0 - TechSmith Corporation) Hidden
Snagit Stamps Windows-Keyboard (HKLM-x32\...\{F26248F2-4146-11E1-8A7A-88034824019B}) (Version: 1.0.0.0 - TechSmith Corporation) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
SUABnR (HKLM-x32\...\{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.0 - Synaptics Incorporated)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)
TextPad 8 (HKLM\...\{6437A18A-5868-4510-8057-62EBEA5231D8}) (Version: 8.1.2 - Helios)
TreeSize Free V4.3.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.3.1 - JAM Software)
UAP 10 SDK AddOn - x86 (HKLM-x32\...\{2A97F7F6-5F89-4F06-AB5E-2243168DD687}) (Version: 10.0.12558 - Microsoft Corporation) Hidden
UAPMobile 10 SDK - ARM (HKLM-x32\...\{95CAFA00-1C46-4E92-9C7D-255B7ACEF4D5}) (Version: 10.0.12558 - Microsoft Corporation) Hidden
UAPMobile 10 SDK - x86 (HKLM-x32\...\{AC9ED7AA-DD0D-493C-A79F-E76E598EEB35}) (Version: 10.0.12558 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{19A474B2-0CE5-9F34-85C9-E2FE94E89DDB}) (Version: 10.0.10075 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{5FFE555C-8CD3-FDF0-5327-A99B30D17720}) (Version: 10.0.10075 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{DF34AAAE-5C9E-782F-38D0-E9BDB71CED3C}) (Version: 10.0.10075 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{DDA0961C-8FAD-2EB3-8F77-3DC643587DC7}) (Version: 10.0.10075 - Microsoft Corporation) Hidden
Universal Extractor 1.6.1 (HKLM-x32\...\Universal Extractor_is1) (Version: 1.6.1 - Jared Breland)
Update for Skype for Business 2015 (KB4464547) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{9D5BB171-BCE3-4C47-96AC-F062BD5BB7F6}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4464547) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{9D5BB171-BCE3-4C47-96AC-F062BD5BB7F6}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4464547) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{9D5BB171-BCE3-4C47-96AC-F062BD5BB7F6}) (Version: - Microsoft)
Validity WBF DDK (HKLM\...\{21498212-1146-4540-8A81-6A1328BA19F2}) (Version: 4.5.228.0 - Validity Sensors, Inc.)
Vbsedit (HKLM\...\Vbsedit) (Version: 7.117.0.0 - Adersoft)
Vbsedit 32-bit (HKLM-x32\...\Vbsedit 32-bit) (Version: 7.117.0.0 - Adersoft)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{465A6063-6A4F-4290-B3F2-E71A83E0274A}) (Version: 3.18.0301 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{98329023-0924-4F0B-8856-EC3D5D18404D}) (Version: 3.17.0701 - Samsung Electronics Co., Ltd.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Watcher Web Security Tool (HKLM-x32\...\Watcher Web Security Tool) (Version: 1.5.8 - Casaba Security, LLC.)
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
WildEdit (HKLM\...\{94969FCB-9079-4B2F-AC6A-E76FAF7DF673}) (Version: 2.2.0 - Helios Software Solutions)
WinAppDeploy (HKLM-x32\...\{D0DA7734-EA95-F227-FC21-54B88283E0FC}) (Version: 10.0.10075 - Microsoft Corporation) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-1461392579-4181801996-906341333-1004\...\WinDirStat) (Version: - )
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Intel (NETwNb64) net (07/21/2014 17.1.0.19) (HKLM\...\DFD77BC88FCDAB7756A7118A24652400028114C3) (Version: 07/21/2014 17.1.0.19 - Intel)
Windows Driver Package - Intel (NETwNe64) net (08/05/2014 15.14.0.2) (HKLM\...\9D60642D672AB76E4E30B4DD4DFF404F1F41E5C6) (Version: 08/05/2014 15.14.0.2 - Intel)
Windows Driver Package - Intel (NETwNs64) net (07/22/2014 15.13.0.2) (HKLM\...\CFFA790B2E30D10D1C999BCAE43FE5F95339385D) (Version: 07/22/2014 15.13.0.2 - Intel)
Windows Driver Package - Intel net (07/21/2014 17.1.0.19) (HKLM\...\C036D1587CC33B359A91124A86C4A2799F552A95) (Version: 07/21/2014 17.1.0.19 - Intel)
Windows Driver Package - Intel net (07/22/2014 15.13.0.2) (HKLM\...\EDEC77655623290152D5785E99A3C58B8BD2AEAF) (Version: 07/22/2014 15.13.0.2 - Intel)
Windows Driver Package - Intel net (08/05/2014 15.14.0.2) (HKLM\...\77A0846FECA67C4F25C7EA350ABDF2C8C9A7DBBE) (Version: 08/05/2014 15.14.0.2 - Intel)
Windows Software Development Kit - Windows 10.0.10075 (HKLM-x32\...\{d46d7f88-dc0a-4d24-b834-bbed388e3993}) (Version: 10.0.10075 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.17763.132 (HKLM-x32\...\{5fe95b9d-9219-4d8b-a031-71323ae48a81}) (Version: 10.1.17763.132 - Microsoft Corporation)
Windows Software Development Kit for Windows 8.1 (HKLM-x32\...\{2fc72c67-2837-46c2-b20a-9acb0d3cb2b2}) (Version: 8.100.25984 - Microsoft Corporation)
WinHTTrack Website Copier 3.49-1 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.49.1 - HTTrack)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{F4DCD55C-DE1F-6BA0-40E7-DE4DE4661164}) (Version: 10.0.10075 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{3F081A6A-C7F4-E87B-3CB3-1C6AE48A31CA}) (Version: 10.0.10075 - Microsoft Corporation) Hidden
WPF Toolkit February 2010 (Version 3.5.50211.1) (HKLM-x32\...\{5EE6E987-1B79-4A93-832B-27472C7D1579}) (Version: 3.5.50211.1 - Microsoft Corporation)
WPT Redistributables (HKLM-x32\...\{423AC12A-4BDA-58C0-99EF-DD7D7B3DBC5E}) (Version: 10.0.10075 - Microsoft) Hidden
WPT Redistributables (HKLM-x32\...\{64F3FB9A-9250-B2D6-00B4-50BE0358AEE8}) (Version: 8.100.25984 - Microsoft) Hidden
WPTx64 (HKLM-x32\...\{7070E1F9-639C-E346-EE20-E5EE1E48DB8B}) (Version: 10.0.10075 - Microsoft) Hidden
WPTx64 (HKLM-x32\...\{BFF81CB5-E8C7-4184-FBB4-74ADFBC6CCCB}) (Version: 8.100.25984 - Microsoft) Hidden

Packages:
=========
- Games App - -> C:\Program Files\WindowsApps\WildTangentGames.-GamesApp-_1.0.1.68_x86__qt5r5pa5dyg8m [2018-11-25] (WildTangent Games)
Bing Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.1.177_x64__8wekyb3d8bbwe [2018-11-25] (Microsoft Corporation) [MS Ad]
Bing Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.1.176_x64__8wekyb3d8bbwe [2018-11-25] (Microsoft Corporation) [MS Ad]
Box -> C:\Program Files\WindowsApps\134D4F5B.Box_1.6.3.1920_neutral__2qk4zy5s3qmee [2018-11-25] (Box, Inc.)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_2.7.0.1_neutral__6e5tt8cgb93ep [2019-03-17] (Canon Inc.)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.3.0.44_neutral__1618n3s9xq8tw [2018-11-25] (eBay, Inc)
Finance -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.1.174_x64__8wekyb3d8bbwe [2018-11-25] (Microsoft Corporation) [MS Ad]
Fresh Paint -> C:\Program Files\WindowsApps\Microsoft.FreshPaint_1.0.13109.1_x86__8wekyb3d8bbwe [2018-11-25] (Microsoft Corporation)
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.100.0_x64__8wekyb3d8bbwe [2018-11-25] (Microsoft Corporation) [MS Ad]
Getting Started with Windows 8 -> C:\Program Files\WindowsApps\AD2F1837.GettingStartedwithWindows8_1.2.4.35_neutral__v10z8vjag6ke6 [2018-11-25] (Hewlett-Packard Company)
HP Connected Photo powered by Snapfish -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedPhotopoweredbySnapfish_1.9.123.1118_neutral__v10z8vjag6ke6 [2018-11-25] (Hewlett-Packard Company)
HP File Viewer -> C:\Program Files\WindowsApps\AD2F1837.HPFileViewer_0.9.5.0_neutral__v10z8vjag6ke6 [2018-11-25] (Hewlett-Packard Company)
HP Registration -> C:\Program Files\WindowsApps\AD2F1837.HPRegistration_1.2.1.141_neutral__v10z8vjag6ke6 [2018-11-25] (Hewlett-Packard Company)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.0.0.0_neutral__stfe6vwa9jnbp [2018-11-25] (AMZN Mobile LLC)
McAfee® Central for HP -> C:\Program Files\WindowsApps\2703103D.McAfeeCentral_2.0.0.1_x64__4ehj4w4frejdr [2018-11-25] (.-McAfee Inc-.)
Microsoft PlayReady -> C:\Program Files\WindowsApps\Microsoft.Internal.Media.PlayReadyClient_2.3.1678.1_x64__8wekyb3d8bbwe [2018-11-25] (Microsoft Corporation)
Microsoft PlayReady -> C:\Program Files\WindowsApps\Microsoft.Internal.Media.PlayReadyClient_2.3.1678.1_x86__8wekyb3d8bbwe [2018-11-25] (Microsoft Corporation)
Microsoft Visual C++ Runtime Package -> C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00.Preview.Internal_12.0.20222.2_x64__8wekyb3d8bbwe [2018-11-25] (Microsoft Platform Extensions Internal)
Microsoft Visual C++ Runtime Package -> C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00.Preview.Internal_12.0.20222.2_x86__8wekyb3d8bbwe [2018-11-25] (Microsoft Platform Extensions Internal)
Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps\Microsoft.WinJS.2.0.Preview.Internal_1.0.9385.3_neutral__8wekyb3d8bbwe [2018-11-25] (Microsoft Platform Extensions)
Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps\Microsoft.WinJS.2.0.Preview_1.0.9431.0_neutral__8wekyb3d8bbwe [2018-11-25] (Microsoft Platform Extensions)
Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps\Microsoft.WinJS.Preview.1_1.0.9345.0_neutral__8wekyb3d8bbwe [2018-11-25] (Microsoft Platform Extensions)
Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.2.41.0_x64__8wekyb3d8bbwe [2018-11-25] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_1.10.0.56_x64__mcm4njqhnhss8 [2018-11-25] (Netflix, Inc.)
News -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.1.174_x64__8wekyb3d8bbwe [2018-11-25] (Microsoft Corporation) [MS Ad]
Savings Center Featured Offers -> C:\Program Files\WindowsApps\AD2F1837.SavingsCenterFeaturedOffers_1.5.0.8_neutral__v10z8vjag6ke6 [2018-11-25] (Hewlett-Packard Company)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_2.0.0.5012_x86__kzf8qxf38zg5c [2018-11-25] (Skype) [MS Ad]
sMedio 360 -> C:\Program Files\WindowsApps\sMedioforHP.sMedio360_1.0.0.88_neutral__6rpkpt94r6t1w [2018-11-25] (sMedio Inc.)
Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.1.174_x64__8wekyb3d8bbwe [2018-11-25] (Microsoft Corporation) [MS Ad]
Taptiles -> C:\Program Files\WindowsApps\Microsoft.Taptiles_1.6.4.30605_x86__8wekyb3d8bbwe [2018-11-25] (Microsoft Studios) [MS Ad]
Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.1.174_x64__8wekyb3d8bbwe [2018-11-25] (Microsoft Corporation) [MS Ad]
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.2.41.0_x64__8wekyb3d8bbwe [2018-11-25] (Microsoft Corporation) [MS Ad]
Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.1.174_x64__8wekyb3d8bbwe [2018-11-25] (Microsoft Corporation) [MS Ad]
Wordament -> C:\Program Files\WindowsApps\Microsoft.Studios.Wordament_1.0.1.41_x86__8wekyb3d8bbwe [2018-11-25] (Microsoft Studios) [MS Ad]
YouCam for HP -> C:\Program Files\WindowsApps\CyberLinkCorp.hs.YouCamforHP_1.0.2.26950_x86__06qsbagp91rvg [2018-11-25] (CYBERLINKCOM CORP)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1461392579-4181801996-906341333-1004_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\PalmDesert\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-1461392579-4181801996-906341333-1004_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\PalmDesert\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19106.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1461392579-4181801996-906341333-1004_Classes\CLSID\{5A9E21A2-851A-4BEB-B16F-DBBE7D648AF9}\InprocServer32 -> C:\Program Files\TextPad 8\System\ShellExt64.dll (Helios Software Solutions Ltd -> )
CustomCLSID: HKU\S-1-5-21-1461392579-4181801996-906341333-1004_Classes\CLSID\{8A791F0C-C63C-4EC5-B97F-FBCE74EDBC54}\InprocServer32 -> C:\Program Files\TextPad 7\System\shellext64.dll => No File
CustomCLSID: HKU\S-1-5-21-1461392579-4181801996-906341333-1004_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\PalmDesert\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll (Google Inc -> Google Inc.)
CustomCLSID: HKU\S-1-5-21-1461392579-4181801996-906341333-1004_Classes\CLSID\{C591CFEA-E432-495d-A0BE-58E4CCD87B17}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
CustomCLSID: HKU\S-1-5-21-1461392579-4181801996-906341333-1004_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\PalmDesert\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1461392579-4181801996-906341333-1004_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\PalmDesert\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19106.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1461392579-4181801996-906341333-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\PalmDesert\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll (Google Inc -> Google Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2014-05-12] () [File not signed]
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2019-04-12] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers1: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 12\DLLx64\SnagitShellExt64.dll [2015-04-06] (TechSmith Corporation -> TechSmith Corporation)
ContextMenuHandlers1: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org) [File not signed]
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2019-04-12] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers2: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 12\DLLx64\SnagitShellExt64.dll [2015-04-06] (TechSmith Corporation -> TechSmith Corporation)
ContextMenuHandlers4: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org) [File not signed]
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2019-04-12] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group -> VS Revo Group)
ContextMenuHandlers1_S-1-5-21-1461392579-4181801996-906341333-1004: [TextPad] -> {8A791F0C-C63C-4EC5-B97F-FBCE74EDBC54} => C:\Program Files\TextPad 7\System\shellext64.dll -> No File
ContextMenuHandlers1_S-1-5-21-1461392579-4181801996-906341333-1004: [TextPad8] -> {5A9E21A2-851A-4BEB-B16F-DBBE7D648AF9} => C:\Program Files\TextPad 8\System\ShellExt64.dll [2017-03-07] (Helios Software Solutions Ltd -> )

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2014-03-28 13:31 - 2014-03-28 13:31 - 002110464 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 13:36 - 2014-03-28 13:36 - 000065024 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-03-28 13:27 - 2014-03-28 13:27 - 000055296 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 000035328 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2019-06-25 19:52 - 2016-12-27 10:36 - 000013312 _____ (ALTAP) [File not signed] C:\Program Files\a3.08\utils\salextx64.dll
2014-06-12 23:22 - 2014-05-17 03:03 - 000219136 _____ (Bullzip) [File not signed] C:\Program Files\Common Files\Bullzip\PDF Printer\Ports\BULLZIP\bzpdf.dll
2017-02-09 21:44 - 2013-09-11 16:50 - 000360448 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMN6PPM.DLL
2014-03-28 13:29 - 2014-03-28 13:29 - 000692224 _____ (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\storeng.dll
2013-12-20 13:23 - 2013-08-16 09:21 - 000339456 ____N (IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\STacSV64.exe
2013-12-20 13:23 - 2013-08-16 09:21 - 001703424 ____N (IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\sttray64.exe
2013-08-22 15:08 - 2013-08-22 15:08 - 000517120 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2013-08-22 15:08 - 2013-08-22 15:08 - 000286720 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2013-08-01 12:03 - 2013-08-01 12:03 - 000032768 _____ (Validity Sensors, Inc.) [File not signed] C:\Windows\system32\valWBFPolicyService.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1461392579-4181801996-906341333-1004\...\youtube.com -> hxxps://www.youtube.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2017-09-27 19:48 - 000002195 _____ C:\Windows\system32\drivers\etc\hosts

104.247.78.250 dev.sysnative.com
127.0.0.1 http://img.stb.s-msn.com
127.0.0.1 http://img.stb.s-msn.com/usappex/tenant/amp/entityid/BB57ki9.jpg?h=150&w=310&m=6
127.0.0.1 img.stb.s-msn.com
127.0.0.1 http://b.scorecardresearch.com/b?c1=8&c2=17570528&c3=1&ns__t=1411394744813&ns_c=windows-1252&c8=Tech Support Forum&c7=http://www.techsupportforum.com/forums/&c9=http://www.techsupportforum.com/forums/members/jcgriff2-185203.html
127.0.0.1 b.scorecardresearch.com
127.0.0.1 www.scorecardresearch.com
127.0.0.1 as.chango.com
127.0.0.1 ds.serving-sys.com
127.0.0.1 cookthefood.com
127.0.0.1 gardengirly.com
127.0.0.1 fashionitch.com
127.0.0.1 startinghobbies.com
127.0.0.1 educationalgardens.com
127.0.0.1 easyrecipesite.com
127.0.0.1 thedailywardrobe.com
127.0.0.1 www.searchincognito.com
127.0.0.1 offer.alibaba.com
127.0.0.1 lp.legendsofhonor.com
127.0.0.1 workingupdate.preparedupdate.top
127.0.0.1 pqg9f254.tech
127.0.0.1 s0.2mdn.net

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Hewlett-Packard\SimplePass\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files (x86)\Universal Extractor;C:\Program Files (x86)\Universal Extractor\bin;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\AOMEI Backupper;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-1461392579-4181801996-906341333-1004\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-1461392579-4181801996-906341333-500\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: DSAService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: sesvc => 2
HKLM\...\StartupApproved\Run: => "Windows Mobile Device Center"
HKU\S-1-5-21-1461392579-4181801996-906341333-1004\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{FFC6D625-F3C9-4085-A52A-B241D521D6FF}C:\program files (x86)\phraseexpress\phraseexpress.exe] => (Allow) C:\program files (x86)\phraseexpress\phraseexpress.exe (Bartels Media GmbH -> Bartels Media GmbH)
FirewallRules: [UDP Query User{E2813BD6-0BCE-4086-9693-67FD90B9EC38}C:\program files (x86)\phraseexpress\phraseexpress.exe] => (Allow) C:\program files (x86)\phraseexpress\phraseexpress.exe (Bartels Media GmbH -> Bartels Media GmbH)
FirewallRules: [{9229A9B0-EABD-4795-AF05-207B51148F78}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1FD60CEA-FA4F-4302-981E-1CFEBCB306DA}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{035E2738-1976-4867-847C-809002079049}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6E904373-AB33-4115-B48F-8581EE31DCCF}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{C70283B7-7C78-4696-AB1C-74DC253EA93A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{11DF44AD-115D-458F-8C2A-36EF52836824}C:\users\palmdesert\downloads\microsoft-rogue-checker\roguechecker.exe] => (Allow) C:\users\palmdesert\downloads\microsoft-rogue-checker\roguechecker.exe (Microsoft) [File not signed]
FirewallRules: [UDP Query User{553D0E4E-107D-459A-A5D8-489ACA7D0435}C:\users\palmdesert\downloads\microsoft-rogue-checker\roguechecker.exe] => (Allow) C:\users\palmdesert\downloads\microsoft-rogue-checker\roguechecker.exe (Microsoft) [File not signed]
FirewallRules: [{38F572D0-078A-4963-BAB4-EDA806A5B423}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{878538DA-68E4-4D36-9B7E-B2F89E0A745A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{CB27E331-6C29-4735-916D-AE67E92A24B7}C:\program files\a3.08\salamand.exe] => (Allow) C:\program files\a3.08\salamand.exe (ALTAP, spol. s r.o. -> ALTAP)
FirewallRules: [UDP Query User{59AF56C2-F0CD-49D1-9C45-B82C90E7F34A}C:\program files\a3.08\salamand.exe] => (Allow) C:\program files\a3.08\salamand.exe (ALTAP, spol. s r.o. -> ALTAP)
FirewallRules: [TCP Query User{608614AC-891D-41C1-BFD6-C99F8F4C6A55}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{67322D88-14B8-4F91-9BA1-B0DF995297EB}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0DA33E38-3CE5-4416-9863-267A4067347D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{617514BF-7E38-41D0-A8B1-3DD9AE4B311F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{843A67E3-0436-4F2E-B438-D0263094B5C8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{82CBE5F5-E893-489B-9740-8BE6F0E75442}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{A678F53B-691E-47B8-ABE6-EDC24A15B279}] => (Allow) C:\Program Files\Mozilla\Waterfox\waterfox.exe No File
FirewallRules: [{CF3CA27B-C92E-4ED2-86E7-E2B7DB02CBE4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [TCP Query User{830CE8A1-04F4-429C-BC1F-170B1B8BD34B}C:\program files (x86)\microsoft office\office15\excel.exe] => (Allow) C:\program files (x86)\microsoft office\office15\excel.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{CB7E4A9A-4291-4189-8955-8235C2BDB1D3}C:\program files (x86)\microsoft office\office15\excel.exe] => (Allow) C:\program files (x86)\microsoft office\office15\excel.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AF41F297-9CEA-4B1F-BA76-35E3C4172438}] => (Allow) C:\Program Files (x86)\AOMEI Backupper\ABService.exe (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.)
FirewallRules: [{3CD0D85D-C324-4B91-9EDC-311FF3D90905}] => (Allow) C:\Program Files (x86)\AOMEI Backupper\ABService.exe (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.)
FirewallRules: [{C78B0635-367F-49BE-939F-F1BBBF9CDE35}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{31BC8155-ECA9-4B24-AEB6-D715B9F3BC55}] => (Allow) C:\Program Files\Pale Moon\palemoon.exe (Moonchild Productions) [File not signed]
FirewallRules: [{20951967-2EFB-416A-AC47-AC12997A233A}] => (Allow) C:\Program Files\Pale Moon\palemoon.exe (Moonchild Productions) [File not signed]
FirewallRules: [{8E48900B-0E34-4456-BDD5-02F31463B37E}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DE3EB276-E484-42F2-A928-AB9FC4007124}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9E6B932F-F601-436C-8D4E-C4F6173F4CD4}] => (Allow) C:\Program Files (x86)\Opera\60.0.3255.151\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{BA283666-8F75-4C13-8DC7-80DA40EF39CE}] => (Allow) C:\Program Files (x86)\Opera\60.0.3255.170\opera.exe (Opera Software AS -> Opera Software)

==================== Restore Points =========================

11-06-2019 15:13:43 b4 adobe shockwave installation - jcgriff2 - 06-11-2019
17-06-2019 14:44:21 jcgriff2 06-17-2019 - b4 regedits
25-06-2019 02:11:36 Scheduled Checkpoint
25-06-2019 09:20:15 Restore Point Created by FRST
25-06-2019 16:43:45 Removed Microsoft Silverlight 3 SDK
25-06-2019 18:11:00 Removed Microsoft Silverlight 4 SDK

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/25/2019 06:04:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5f3c

Start Time: 01d52b9fc752994d

Termination Time: 4294967295

Application Path: C:\Windows\system32\backgroundTaskHost.exe

Report Id: bb10be27-9793-11e9-82f4-a01d48c2bd4c

Faulting package full name: Microsoft.BingNews_3.0.1.174_x64__8wekyb3d8bbwe

Faulting package-relative application ID: AppexNews

Error: (06/25/2019 03:39:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 4e5c

Start Time: 01d52b8ceb2f44a6

Termination Time: 4294967295

Application Path: C:\Windows\syswow64\wwahost.exe

Report Id: e13331de-9780-11e9-82f4-a01d48c2bd4c

Faulting package full name: Microsoft.SkypeApp_2.0.0.5012_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (06/25/2019 03:24:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 47c4

Start Time: 01d52b8ad2d077e2

Termination Time: 4294967295

Application Path: C:\Windows\syswow64\wwahost.exe

Report Id: c937d9a5-977e-11e9-82f4-a01d48c2bd4c

Faulting package full name: Microsoft.SkypeApp_2.0.0.5012_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (06/25/2019 09:20:14 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {7432b08c-76b2-450f-88f1-9795bf396a85}

Error: (06/17/2019 12:51:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AdblockPlusEngine.exe, version: 1.5.0.0, time stamp: 0x56017eff
Faulting module name: AdblockPlusEngine.exe, version: 1.5.0.0, time stamp: 0x56017eff
Exception code: 0xc0000409
Fault offset: 0x00000000002cb73c
Faulting process id: 0x2604
Faulting application start time: 0x01d52087385bb800
Faulting application path: C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
Faulting module path: C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
Report Id: 36f79186-9120-11e9-82f3-a01d48c2bd4c
Faulting package full name:
Faulting package-relative application ID:

Error: (06/16/2019 04:39:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.18460 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 844

Start Time: 01d51fea567bf186

Termination Time: 769

Application Path: C:\Windows\Explorer.EXE

Report Id: 4dc20942-9012-11e9-82f3-a01d48c2bd4c

Faulting package full name:

Faulting package-relative application ID:

Error: (06/10/2019 01:30:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.18460 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 24568

Start Time: 01d51947c748787b

Termination Time: 12884

Application Path: C:\Windows\Explorer.EXE

Report Id: 5ad80a45-8ba5-11e9-82f2-a01d48c2bd4c

Faulting package full name:

Faulting package-relative application ID:

Error: (06/07/2019 07:30:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SYSNATIVEFORUMS)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (06/26/2019 11:15:25 AM) (Source: DCOM) (EventID: 10010) (User: SYSNATIVEFORUMS)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (06/26/2019 11:14:55 AM) (Source: DCOM) (EventID: 10010) (User: SYSNATIVEFORUMS)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (06/26/2019 03:53:56 AM) (Source: DCOM) (EventID: 10010) (User: SYSNATIVEFORUMS)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (06/26/2019 03:53:26 AM) (Source: DCOM) (EventID: 10010) (User: SYSNATIVEFORUMS)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (06/25/2019 07:43:46 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (06/25/2019 07:43:46 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (06/25/2019 07:43:40 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (06/25/2019 07:43:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).


Windows Defender:
===================================
Date: 2015-06-03 02:39:21.355
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {B602639D-C97F-4E39-A242-4E20D6B48A5E}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2015-06-03 02:15:48.456
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {C5519AD1-3D59-4595-976E-E0BB820394B4}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2015-06-03 01:41:05.808
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {696F6EA4-0BE3-4E93-A020-81C739A9F197}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2015-06-03 01:09:45.093
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {9F94B921-BF51-42A1-8678-08664DBB1AD3}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2015-06-03 00:11:56.887
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2015-06-03 00:11:16.847
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

Date: 2015-06-03 00:10:12.812
Description:
Windows Defender engine has been terminated due to an unexpected error.
Failure Type: Crash
Exception code: 0xc0000005
Resource:

Date: 2015-06-03 00:10:12.812
Description:
Windows Defender engine has been terminated due to an unexpected error.
Failure Type: Crash
Exception code: 0xc0000005
Resource:

Date: 2015-06-03 00:09:35.817
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

CodeIntegrity:
===================================

Date: 2017-07-08 21:46:35.076
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\SysInternals\PORTMSYS.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-06-03 02:39:21.393
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-06-03 02:39:21.244
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-06-03 02:39:21.048
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-06-03 02:39:20.908
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-06-03 02:39:20.762
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-06-03 02:39:20.620
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-06-03 02:39:20.473
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: Insyde F.70 10/20/2017
Motherboard: Hewlett-Packard 1965
Processor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 22%
Total physical RAM: 12220.02 MB
Available physical RAM: 9490.78 MB
Total Virtual: 18876.02 MB
Available Virtual: 16414.66 MB

==================== Drives ================================

Drive a: (sysnative + carrona sites) (Fixed) (Total:442.92 GB) (Free:142.96 GB) NTFS
Drive c: (Windows 8.1 x64) (Fixed) (Total:465.59 GB) (Free:54.39 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:22.22 GB) (Free:2.26 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{2499bc9f-9411-46a5-a1f0-e2f55f7e3a37}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1E1F4777)

Partition: GPT.

==================== End of Addition.txt ============================

 

[Corrine]

Let's start with a bit of "manual work".

1. The version of Flash Player for Firefox and Pale Moon needs to be updated. The direct download link is https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe.
2. Pale Moon is several updates behind. The current version is 28.5.2. To get the update, select "Help" from the Pale Moon menu at the upper left of the browser window. Click About Pale Moon and Check for Updates.
3. Adobe Shockwave Player reached EoL (End of Life) on April 9, 2019. Thus, since it is no longer supported and not updated, I strongly suggest you uninstall it.
4. HijackThis hasn't been supported for a very long time so you may want to uninstall it as well.
5. With Google Chrome, it is necessary to manually remove Chrome Extensions and then clean up any remnants. In Chrome’s address bar type chrome://extensions. Look for the following and select Remove for each:
   • CHR Extension: (No Name) - C:\Users\PalmDesert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2019-06-10]
   • CHR Extension: (Chrome Web Store Payments) - C:\Users\PalmDesert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-26]

Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

• Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ".

Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1461392579-4181801996-906341333-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL--jcgriff2 = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-1461392579-4181801996-906341333-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-1461392579-4181801996-906341333-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1 
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM -> {E605DCC0-EE53-4428-9DF6-8405C7CB53CC} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {E605DCC0-EE53-4428-9DF6-8405C7CB53CC} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1461392579-4181801996-906341333-500 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1461392579-4181801996-906341333-500 -> {E605DCC0-EE53-4428-9DF6-8405C7CB53CC} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]
FF SearchPlugin: C:\Users\PalmDesert\AppData\Roaming\Waterfox\Profiles\0j1kkhgr.default\searchplugins\avg-secure-search.xml [2014-12-12]
HKU\S-1-5-21-1461392579-4181801996-906341333-1004\...\MountPoints2: {0caa05ea-c0b1-11e4-8288-a01d48c2bd4c} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-1461392579-4181801996-906341333-1004\...\MountPoints2: {2d3518a2-c34c-11e4-828a-a01d48c2bd4c} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-1461392579-4181801996-906341333-1004\...\MountPoints2: {32a1445a-5783-11e8-82e1-a01d48c2bd4c} - "F:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-1461392579-4181801996-906341333-1004\...\MountPoints2: {3f87e65b-0312-11e9-82ea-a01d48c2bd4c} - "F:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-1461392579-4181801996-906341333-1004\...\MountPoints2: {9494b24c-dfc9-11e3-8263-a0886915d40b} - "F:\VZW_Software_upgrade_assistant.exe"
EmptyTemp:
End::

• Please right-click on FRST/FRST64 to run as administrator. When the tool opens, click "yes" to the disclaimer.
• Press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
• Please post the log in your next reply.

 

[jcgriff2]

Hi Corrine. . .

Thank you for your continued help and support on this.

Question, please - my Mom's laptop is infected with these ads too. Her ad problems started a few days before mine did, I learned. Is it possible that she got infected, then the infection/malware got into my system via our network (wifi)? We do not have a server here nor do we have file sharing turned on. Mom tends to go to sites that result in infections -- at least that's what has happened in the past. But prior infections have always been limited to her two laptops. I've NEVER been infected or had problems ever before this.

I successfully updated Flash Player and Pale Moon.

I uninstalled Adobe Shockwave Player and tried to uninstall HiJackThis, but got this error message for HJT:




I used my Altap File Manager to search files + the registry, locating pieces of HJT throughout my system and deleted them. I did find hijackthis.exe on my Desktop. No sign of HJT in \Program Files anywhere.

I did reinstall HJT hoping that it would fix the problem with the uninstaller, but it did not.

EDIT:

No sign of HJT in \Program Files anywhere.

That mystery (no HJT in \Program Files) has now been solved.

I found components of HJT in the Virtual Store folders in both the local file system and the registry. HJT would have ended up in the Virtual Store if a post-installation procedure (or perhaps even the installation program itself) tried to write items to \Program Files (local files) or the Wow6432Node (registry) after the installation (or again... during installation, but less likely).

RE: Chrome extensions - 6-10-2019 sounds just about right for the beginning date of the ads.

Would it be OK and easier if I were to just uninstall Chrome; re-boot; then reinstall Chrome? i.e., would it have the same net effect as manually ridding my system of the extensions? (and be much faster?).

I must say that I never had such problems with Internet Explorer!

With Google Chrome, it is necessary to manually remove Chrome Extensions and then clean up any remnants. In Chrome’s address bar type chrome://extensions. Look for the following and select Remove for each:

• CHR Extension: (No Name) - C:\Users\PalmDesert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2019-06-10]
• CHR Extension: (Chrome Web Store Payments) - C:\Users\PalmDesert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-26]

Only 3 extensions appeared:




Where else would I look for the other extensions?

I'll run FRST shortly and will post the logs.

Thanks,

John

 

[Corrine]

As to your Mom's machine, it would be best to consider that separately.

Yes, actually, John, considering the issues you've been having, that may be a good idea. However, it isn't merely uninstalling it. There are other folders to be removed as well. See How to Uninstall Chrome Completely and Remove Files and Folders (2019).

Edit Note: I'll likely be tied up the rest of the evening so probably won't take a close look at your log until after I've had sufficient coffee tomorrow.

 

[jcgriff2]

FRST Fix Log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-06-2019
Ran by PalmDesert (27-06-2019 17:22:25) Run:2
Running from C:\Users\PalmDesert\Desktop
Loaded Profiles: PalmDesert & Administrator (Available Profiles: John & PalmDesert & Administrator)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1461392579-4181801996-906341333-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL--jcgriff2 = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-1461392579-4181801996-906341333-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-1461392579-4181801996-906341333-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM -> {E605DCC0-EE53-4428-9DF6-8405C7CB53CC} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {E605DCC0-EE53-4428-9DF6-8405C7CB53CC} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1461392579-4181801996-906341333-500 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1461392579-4181801996-906341333-500 -> {E605DCC0-EE53-4428-9DF6-8405C7CB53CC} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]
FF SearchPlugin: C:\Users\PalmDesert\AppData\Roaming\Waterfox\Profiles\0j1kkhgr.default\searchplugins\avg-secure-search.xml [2014-12-12]
HKU\S-1-5-21-1461392579-4181801996-906341333-1004\...\MountPoints2: {0caa05ea-c0b1-11e4-8288-a01d48c2bd4c} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-1461392579-4181801996-906341333-1004\...\MountPoints2: {2d3518a2-c34c-11e4-828a-a01d48c2bd4c} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-1461392579-4181801996-906341333-1004\...\MountPoints2: {32a1445a-5783-11e8-82e1-a01d48c2bd4c} - "F:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-1461392579-4181801996-906341333-1004\...\MountPoints2: {3f87e65b-0312-11e9-82ea-a01d48c2bd4c} - "F:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-1461392579-4181801996-906341333-1004\...\MountPoints2: {9494b24c-dfc9-11e3-8263-a0886915d40b} - "F:\VZW_Software_upgrade_assistant.exe"
EmptyTemp:
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"HKU\S-1-5-21-1461392579-4181801996-906341333-1004\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL--jcgriff2" => removed successfully
HKU\S-1-5-21-1461392579-4181801996-906341333-500\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1461392579-4181801996-906341333-500\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => removed successfully
HKLM\Software\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E605DCC0-EE53-4428-9DF6-8405C7CB53CC} => removed successfully
HKLM\Software\Classes\CLSID\{E605DCC0-EE53-4428-9DF6-8405C7CB53CC} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E605DCC0-EE53-4428-9DF6-8405C7CB53CC} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{E605DCC0-EE53-4428-9DF6-8405C7CB53CC} => not found
HKU\S-1-5-21-1461392579-4181801996-906341333-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => removed successfully
HKLM\Software\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => not found
HKU\S-1-5-21-1461392579-4181801996-906341333-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E605DCC0-EE53-4428-9DF6-8405C7CB53CC} => removed successfully
HKLM\Software\Classes\CLSID\{E605DCC0-EE53-4428-9DF6-8405C7CB53CC} => not found
HKLM\System\CurrentControlSet\Services\clwvd => removed successfully
clwvd => service removed successfully
C:\Users\PalmDesert\AppData\Roaming\Waterfox\Profiles\0j1kkhgr.default\searchplugins\avg-secure-search.xml => moved successfully
HKU\S-1-5-21-1461392579-4181801996-906341333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0caa05ea-c0b1-11e4-8288-a01d48c2bd4c} => removed successfully
HKLM\Software\Classes\CLSID\{0caa05ea-c0b1-11e4-8288-a01d48c2bd4c} => not found
HKU\S-1-5-21-1461392579-4181801996-906341333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d3518a2-c34c-11e4-828a-a01d48c2bd4c} => removed successfully
HKLM\Software\Classes\CLSID\{2d3518a2-c34c-11e4-828a-a01d48c2bd4c} => not found
HKU\S-1-5-21-1461392579-4181801996-906341333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32a1445a-5783-11e8-82e1-a01d48c2bd4c} => removed successfully
HKLM\Software\Classes\CLSID\{32a1445a-5783-11e8-82e1-a01d48c2bd4c} => not found
HKU\S-1-5-21-1461392579-4181801996-906341333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f87e65b-0312-11e9-82ea-a01d48c2bd4c} => removed successfully
HKLM\Software\Classes\CLSID\{3f87e65b-0312-11e9-82ea-a01d48c2bd4c} => not found
HKU\S-1-5-21-1461392579-4181801996-906341333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9494b24c-dfc9-11e3-8263-a0886915d40b} => removed successfully
HKLM\Software\Classes\CLSID\{9494b24c-dfc9-11e3-8263-a0886915d40b} => not found
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 32719781 B
Java, Flash, Steam htmlcache => 524 B
Windows/system/drivers => 409925 B
Edge => 0 B
Chrome => 116653431 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 2480 B
NetworkService => 0 B
John => 0 B
PalmDesert => 13629840 B
Administrator => 0 B
RecycleBin => 4003538 B
EmptyTemp: => 167.7 MB temporary data Removed.
================================

The system needed a reboot.
==== End of Fixlog 17:23:24 ====

 

[jcgriff2]

I found out what infected me from my Google history on 13 June 2019.

A family member downloaded an app that installed "yourpdfpal"

yourpdfpal - Google Search

I don't see it anywhere in my files under that name.

 

[Corrine]

First and foremost, do not go to the "2-remove-virus"website listed on Google. @iMacg3 and I were discussing this and we both feel the best option is to uninstall Google Chrome (link from above: How to Uninstall Chrome Completely and Remove Files and Folders (2019)). However, if you would prefer, you can try the following first since does not show up in installed programs and you've already checked Chrome for the extension and didn't find it.

Scan with Malwarebytes:

• Launch Malwarebytes aclick on Scan Now and wait for the scan to complete.
• Malwarebytes will update its databases, then start scanning.
• If no threats are found, close the Malwarebytes window. If threats are detected, make sure they are all selected and click Quarantine selected.
• Click on Reports in the left pane, and check the box next to the latest report (at the top). Click on View Report.
• Select Export in the bottom left corner, and click Text File. Save the file to your desktop, with a name like MBAMLog.txt.
• Open the Malwarebytes log on your desktop, and copy and paste its contents into your next reply.

Scan with AdwCleaner:

• Right-click on AdwCleaner.exe and select Run As Administrator
• Click on the Scan button.
• Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. Please be patient as the scan may take some time to complete.
• After the scan has finished, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After the restart, a log will open when logging in. Please copy and paste the contents of that log into your next reply.

 

[jcgriff2]

I will be out for a few hours and will run scans when I get home.

And uninstall Chrome.

 

[iMacg3]

Hi,

Can you take a screenshot of the popups? Instructions to do so can be found here.

 

[jcgriff2]

Before reading the replies since my last post, I used my 3rd party file manager with a registry interface, Altap Salamander, to scan the registry for "yourpdfpal" and it found many entries - all in binary (Altap can convert binary to text on the fly). I then proceeded to delete all of those registry items and now the ads have stopped.

I'll see if they return over the next few days.

Thank you,

John

 

[jcgriff2]

I left my room/system for about 30 minutes and upon return found my system at the logon screen. I immediately suspected a BSOD and found that I was right.

The bugcheck -

BugCheck C2, {7, 1200, 4230017, ffffe00188de5de0}

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 0000000000000007, Attempt to free pool which was already freed
Arg2: 0000000000001200, Pool tag value from the pool header
Arg3: 0000000004230017, Contents of the first 4 bytes of the pool header
Arg4: ffffe00188de5de0, Address of the block of pool being deallocated

Probable cause bugcheck text: A driver attempted to free memory that was already freed.

The probable cause - ESET NOD32 anti-virus:

eamonm.sys   Thu Jan 10 22:18:47 2019 (5C383547)

Driver Reference Table (DRT) | eamonm.sys

Here is my BSOD thread - Windows 8.1 x64 BSOD - eamonm.sys - jcgriff2's system

I'm trying to check ESET version numbers to make sure that I have the most recent version installed.

The timing of being hit by a BSOD that names ESET during this period (while we're trying to disinfect me) comes off as uncanny to me. It just feels like the infection/virus/malware was somehow involved in the BSOD -- or perhaps my deletion of all of those registry keys maybe played a part; not sure.

My BSOD thread -

Thanks,

John

p.s. What I'm doing now is trying to verify that I do indeed have the most recent version of ESET NOD32 installed.

Obviously, there is nothing that you guys can help me with to further analyze the BSOD dump.

You'll see my attempts in the BSOD thread to try and figure out what version of ESET that I'm running.

Would any tools that you all use provide that information after scanning my system?

 

[Corrine]

Yes, you have the current version. At the time you ran FRST, the logs showed both the following about ESET:

AV: ESET Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
Version: 12.1.34.0 - ESET

From Which ESET product do I have and is it the latest version? (Home Users)—ESET Knowledgebase:

These are the latest version numbers available to download:

Latest version of ESET Smart Security Premium: 12.1.34.0
Latest version of ESET NOD32 Antivirus: 12.1.34.0
Latest version of ESET Internet Security: 12.1.34.0

 

[jcgriff2]

I don't know why ESET blue-screened my system then.

NO Ads for 24 hours now!

NO Ads on mom's laptop either for ~24 hours!

 

[Corrine]

In that case, it appears that you solved the problem yourself with the removal of "yourpdfpal". If you agree, please do the following to Uninstall FRST and mark your thread "Solved".

• Right-click on FRST/FRST64, and select Rename.
• Rename it to Uninstall.exe and press Enter on your keyboard.
• Double-click on Uninstall.exe. Your computer will restart, and allow it to do so. FRST will now uninstall.

 

[jcgriff2]

I hope it is gone!

I'd like to wait a few days though and see what happens.

Thanks again for everything.

John