12 replies to this topic

[sefnf]

• Please describe your problem in as much detail as possible. The more specific you are, the better we can diagnose the problem.

Computer and IE is acting sluggish and computer doesnt feel right, I have to turn Kaspersky off in order to use OUTLOOK Web Based Email.m ( used to be hotmail.)

• Do you have popups? If so, where are they from? What do they say? Are they advertising a particular product? none
• Has your browser been hijacked? If so, to what URL? not
• Does your antivirus detect an infected file? If so, what file, and what is the infection detected?  Kaspersky - no viruses- but IE seems to work allot faster when I disable the ANTIVIRUS
• Is your system sluggish? Is there a particular process using a lot of the CPU? If so, what is it? Does your firewall give alerts about a process trying to access the internet? If so, what is it? not sure about any firewall intrusions, but the system feels sluggish.
• Have you already tried certain steps to fix your problem? If so, what have you tried? none
• Please also mention that you have read this FAQ and followed the directions, or else someone is likely to ask you to come back here. trying to follow step by step

 

 

---> Full description of issues :

1. slow sluggish IE

2. on favorites ( in IE) something has added .url to the items in the favorite bar

3. when working on WORD and EXCEL the system lags and loses some information and sometimes creates duplicate files

4. when i Email Outlook it is slow and lags and unresponsive, ( i cant click on the items in the email to delete and it sometimes takes extended time for the processes to clear or stop. sometimes pressing the <esc> button seems to let the processes that was preventing me from using the email program to stop not sure....

 

 

 

 

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/2/18
Scan Time: 11:50 AM
Log File: 0d3a2898-aee1-11e8-9cf1-00fff474f90d.json

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.421
Update Package Version: 1.0.6613
License: Free

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: AZUZ1DESK\dannyid

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 403653
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 10 min, 49 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

 

 

 

FRST

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.09.2018 03
Ran by dannyid (administrator) on AZUZ1DESK (02-09-2018 14:56:31)
Running from C:\Users\dannyid\Downloads
Loaded Profiles: dannyid & QBDataServiceUser26 (Available Profiles: dannyid & DanielAzuz & QBDataServiceUser23 & QBDataServiceUser26 & Daniel Tech Support)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\avp.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
() C:\Windows\SysWOW64\AsHookDevice.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2016\QBDBMgrN.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe
(Microsoft) C:\Program Files (x86)\ASUS\ASUS Launcher\Launcher.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\avpui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHOA.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(SAMSUNG Electornics Co., Ltd.) C:\Users\dannyid\AppData\Roaming\VERIZON\UA_ar\UA.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Western Digital Corporation) C:\Program Files (x86)\Western Digital\Discovery\Current\WD Discovery.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe
(Western Digital Corporation) C:\Program Files (x86)\Western Digital\Discovery\Current\WD Discovery.exe
(Western Digital Corporation) C:\Program Files (x86)\Western Digital\Discovery\Current\WDDiscoveryMonitor.exe
(Western Digital Corporation) C:\Program Files (x86)\Western Digital\Discovery\Current\WD Discovery.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Western Digital Technologies, Inc.) C:\Program Files\WD Desktop App\kdd.exe
() C:\Program Files (x86)\Western Digital\Discovery\Current\Service\WDDiscoveryService.exe
() C:\Program Files\WD Desktop App\kdd
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe
() C:\Program Files\WD Desktop App\wdsync.exe
() C:\Program Files\WD Desktop App\wdsync-inotify.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Agent\WDDriveAgent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files\WD Desktop App\wdsync.exe
() C:\Program Files\WD Desktop App\wdsync.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\msdt.exe
(Microsoft Corporation) C:\Windows\System32\sdiagnhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9217024 2017-04-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1485312 2017-04-13] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [GoPro Tray App] => C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe [1088944 2016-05-12] ()
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-18] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [181208 2013-06-24] (cyberlink)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3792648 2015-10-22] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1278568 2018-02-02] (Carbonite, Inc.)
HKLM-x32\...\Run: [WDDiscovery] => C:\Program Files (x86)\Western Digital\Discovery\Current\WD Discovery.exe [56265192 2018-07-02] (Western Digital Corporation)
HKLM-x32\...\Run: [WDDriveAgent] => C:\Program Files (x86)\Western Digital\WD Drive Agent\WDDriveAgent.exe [2379552 2018-06-04] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21888 2018-06-06] (Western Digital Technologies, Inc.)
HKU\S-1-5-21-2358354011-981561540-3637120196-1002\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-2358354011-981561540-3637120196-1002\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
HKU\S-1-5-21-2358354011-981561540-3637120196-1002\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHOA.EXE [283232 2017-05-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2358354011-981561540-3637120196-1002\...\MountPoints2: {be32e01a-ddfc-11e5-8329-bcee7bd9cce4} - "L:\VZW_Software_upgrade_assistant.exe"
SSODL: WDFSMountNotificator-wdfsconnect2017 - {62582D6F-2615-4AF3-ACB6-12482A7E6BD7} - C:\Windows\system32\wdfsconnectMntNtf2017.dll (Western Digital Technologies, Inc.)
SSODL-x32: WDFSMountNotificator-wdfsconnect2017 - {62582D6F-2615-4AF3-ACB6-12482A7E6BD7} - C:\Windows\SysWOW64\wdfsconnectMntNtf2017.dll (Western Digital Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2016-02-15]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2016-02-15]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2016-02-15]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2016\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\dannyid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2017-03-30]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\dannyid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2015-03-18]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\dannyid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2018-08-02]
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\dannyid\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1236490B-DA5D-41E8-8F13-AC457124A458}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{330E5A1B-E392-48FE-9394-788C663F8101}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2358354011-981561540-3637120196-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
URLSearchHook: [S-1-5-21-2358354011-981561540-3637120196-1005] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2358354011-981561540-3637120196-1002 -> DefaultScope {B3F26710-5699-4AE1-BD54-8976C5B82E30} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2358354011-981561540-3637120196-1002 -> {B3F26710-5699-4AE1-BD54-8976C5B82E30} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2358354011-981561540-3637120196-1002 -> {CB602716-2E5F-48C2-9385-6A79ACDC1AF5} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\x64\IEExt\ie_plugin.dll [2016-12-10] (AO Kaspersky Lab)
BHO: No Name -> {62582D6F-2615-4AF3-ACB6-12482A7E6BD7}' -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\IEExt\ie_plugin.dll [2016-12-10] (AO Kaspersky Lab)
BHO-x32: No Name -> {62582D6F-2615-4AF3-ACB6-12482A7E6BD7}' -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-03-20] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\x64\IEExt\ie_plugin.dll [2016-12-10] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\IEExt\ie_plugin.dll [2016-12-10] (AO Kaspersky Lab)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
Handler-x32: intu-help-qb9 - {C1252096-0E63-4C06-A38B-03DF9A16AA12} - C:\Program Files (x86)\Intuit\QuickBooks 2016\HelpAsyncPluggableProtocol.dll [2018-05-21] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\dannyid\AppData\Roaming\Mozilla\Firefox\Profiles\kyac6rn3.default [2018-09-02]
FF Homepage: Mozilla\Firefox\Profiles\kyac6rn3.default -> hxxps://www.google.com/
FF HKLM\...\Firefox\Extensions: [light_plugin_F363A72DD7B6435783A76E5F612C9006@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\FFExt\light_plugin_firefox\addon.xpi [2018-04-22]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F363A72DD7B6435783A76E5F612C9006@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-12-06] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-12-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-19] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-19] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2358354011-981561540-3637120196-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\dannyid\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)

Chrome:
=======
CHR Profile: C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default [2018-08-13]
CHR Extension: (Google Translate) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2018-03-13]
CHR Extension: (Slides) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-13]
CHR Extension: (Docs) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-13]
CHR Extension: (Google Drive) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-09]
CHR Extension: (YouTube) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-09]
CHR Extension: (Translate Selected Text) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbimffnjoeobhjhochngikepgfejjmgj [2016-07-09]
CHR Extension: (Sheets) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-13]
CHR Extension: (Google Docs Offline) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-16]
CHR Extension: (Which Font Is This ?) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\obhkckbkndockmajpedihihnplcgchgh [2018-06-23]
CHR Extension: (Gmail) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-09]
CHR Extension: (Chrome Media Router) - C:\Users\dannyid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-12]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-08-28] ()
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-18] () [File not signed]
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [244696 2013-06-24] (CyberLink)
S2 CLKMSVC10_99E320F5; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe [303544 2015-08-12] (CyberLink)
R2 Device Handle Service; C:\Windows\SysWOW64\AsHookDevice.exe [207160 2013-08-08] ()
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2016-05-12] ()
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-19] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-03] (Malwarebytes)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)
R3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2015-10-22] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2015-10-22] (Intuit Inc.) [File not signed]
R3 QuickBooksDB26; C:\Program Files (x86)\Intuit\QuickBooks 2016\QBDBMgrN.exe [127792 2015-10-22] (Intuit, Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-15] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2018-03-01] (TeamViewer GmbH)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [528160 2018-06-04] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe [115976 2016-01-28] (Wondershare)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
S3 WD Backup Drive Helper; C:\Windows\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\Windows\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [98504 2013-09-25] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [67784 2013-09-25] (Infowatch)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2017-01-15] (Samsung Electronics Co., Ltd.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-08] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [92864 2018-04-22] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [78216 2016-06-01] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [197312 2018-05-27] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\drivers\klhk.sys [1191616 2018-05-27] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1023176 2018-05-27] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [57032 2018-02-25] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-06-01] (AO Kaspersky Lab)
R3 kltap; C:\Windows\system32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [139968 2018-04-22] (AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [199640 2017-09-17] (AO Kaspersky Lab)
S3 Linksys_adapter_H; C:\Windows\system32\DRIVERS\AE1200w764.sys [1254464 2011-03-30] (Broadcom Corporation)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [259360 2018-09-01] (Malwarebytes)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2017-01-15] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R1 wdfsconnect2017; C:\Windows\system32\drivers\wdfsconnect2017.sys [468096 2017-11-21] (Western Digital Technologies, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 wdvpnpbus; C:\Windows\System32\drivers\wdvpnpbus.sys [20608 2017-11-21] (Western Digital Technologies, Inc.)
U0 aswVmm; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-02 14:57 - 2018-09-02 14:57 - 000899584 _____ C:\Users\dannyid\Downloads\RGSA.exe
2018-09-02 14:56 - 2018-09-02 14:57 - 000030013 _____ C:\Users\dannyid\Downloads\FRST.txt
2018-09-02 14:49 - 2018-09-02 14:49 - 002413056 _____ (Farbar) C:\Users\dannyid\Downloads\FRST64.exe
2018-09-02 11:50 - 2018-09-02 11:50 - 000000000 ____D C:\Users\dannyid\AppData\Local\mbam
2018-09-01 20:38 - 2018-09-01 20:38 - 000001249 _____ C:\Users\dannyid\Desktop\Daniel's My Cloud Home.lnk
2018-08-31 19:12 - 2018-08-31 19:12 - 000127779 _____ C:\Users\dannyid\Downloads\כי תצא - One small step one giant leap.pdf
2018-08-31 19:12 - 2018-08-31 19:12 - 000106751 _____ C:\Users\dannyid\Downloads\כח הדמיון במלחמת היצר - כי תצא.pdf
2018-08-31 19:08 - 2018-08-31 19:08 - 000731408 _____ C:\Users\dannyid\Downloads\Parshah Points Ki Savo..pdf
2018-08-30 18:18 - 2018-08-30 18:18 - 000539503 _____ C:\Users\dannyid\Downloads\YSC Succos - 3.pdf
2018-08-29 08:07 - 2018-08-29 08:07 - 000000000 ___SD C:\Users\dannyid\Documents\My Data Sources
2018-08-27 17:14 - 2018-08-27 17:14 - 000068096 _____ C:\Users\dannyid\Downloads\PFS Daniel D.xls
2018-08-27 13:20 - 2018-08-27 13:20 - 000095583 _____ C:\Users\dannyid\Downloads\Loan Check List Multifamily and Commercial.pdf
2018-08-21 16:21 - 2018-08-21 16:21 - 008899917 _____ C:\Users\dannyid\Downloads\Davidsohn Discovery Decision-c.pdf
2018-08-19 17:43 - 2018-08-19 17:43 - 000000000 ____D C:\Users\dannyid\Intuit
2018-08-19 15:34 - 2018-08-19 15:34 - 001700570 _____ C:\Users\dannyid\Downloads\DavidsohnPetition.pdf
2018-08-18 20:58 - 2018-09-01 15:24 - 000259360 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-08-12 15:05 - 2018-08-12 15:05 - 000000000 ____D C:\Users\dannyid\AppData\Roaming\QuickBooks
2018-08-08 02:29 - 2018-08-08 02:29 - 000016583 _____ C:\Users\dannyid\Documents\~WRD2680.tmp
2018-08-08 02:22 - 2018-08-08 02:22 - 000016380 _____ C:\Users\dannyid\Documents\~WRD4044.tmp
2018-08-08 01:45 - 2018-08-08 01:45 - 000011356 _____ C:\Users\dannyid\Documents\~WRD1270.tmp
2018-08-08 00:29 - 2018-08-08 00:29 - 001259544 _____ C:\Users\dannyid\Documents\1112 11 RPRT PG 17.pdf
2018-08-07 21:15 - 2018-08-07 21:21 - 000011283 ____H C:\Users\dannyid\Documents\~WRL1304.tmp
2018-08-04 10:20 - 2018-08-04 10:20 - 000005120 _____ C:\Users\dannyid\Downloads\CPNI.xls

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-02 14:56 - 2016-12-09 21:08 - 000000000 ____D C:\FRST
2018-09-02 14:52 - 2017-05-26 00:10 - 000000000 ____D C:\Users\dannyid\AppData\LocalLow\Mozilla
2018-09-02 14:48 - 2016-12-06 18:25 - 000000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2018-09-02 14:43 - 2016-12-10 00:26 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-09-02 12:48 - 2018-05-06 17:15 - 000001271 _____ C:\Users\dannyid\Desktop\malwarebyte fille 2018.txt
2018-09-01 20:39 - 2017-10-02 16:11 - 000003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2018-09-01 20:39 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-09-01 20:38 - 2018-06-11 23:43 - 000000000 ____D C:\Users\dannyid\AppData\Roaming\WD Discovery
2018-09-01 20:38 - 2018-06-11 23:02 - 000000000 ____D C:\Users\dannyid\.wdc
2018-09-01 20:38 - 2014-08-30 14:43 - 000000000 ___DO C:\Users\dannyid\OneDrive
2018-09-01 15:23 - 2014-03-22 02:35 - 000000000 ____D C:\ProgramData\NVIDIA
2018-09-01 15:23 - 2013-11-29 02:06 - 000000025 ___SH C:\Windows\SysWOW64\ReadTag.ini
2018-09-01 15:23 - 2013-08-22 07:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-09-01 15:23 - 2013-08-22 06:25 - 000524288 ___SH C:\Windows\system32\config\BBI
2018-09-01 15:23 - 2013-08-22 06:25 - 000262144 ___SH C:\Windows\system32\config\ELAM
2018-08-31 12:34 - 2016-02-15 23:06 - 000000000 ____D C:\Users\QBDataServiceUser26
2018-08-31 12:34 - 2014-06-14 03:18 - 000000000 ____D C:\Users\dannyid
2018-08-30 15:12 - 2015-12-29 17:19 - 000000000 ____D C:\Users\dannyid\AppData\Local\CrashDumps
2018-08-30 15:11 - 2015-09-26 22:47 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-08-29 18:22 - 2015-01-05 13:54 - 000000060 _____ C:\Windows\wpd99.drv
2018-08-29 18:22 - 2015-01-05 13:54 - 000000000 ____D C:\ProgramData\pdf995
2018-08-23 18:27 - 2017-09-24 15:09 - 000000000 ____D C:\Users\dannyid\Documents\TOPS
2018-08-19 15:07 - 2016-09-08 11:09 - 000417986 _____ C:\Windows\system32\perfh00D.dat
2018-08-19 15:07 - 2016-09-08 11:09 - 000065428 _____ C:\Windows\system32\perfc00D.dat
2018-08-19 15:07 - 2013-11-29 01:58 - 001338816 _____ C:\Windows\system32\PerfStringBackup.INI
2018-08-19 15:07 - 2013-08-22 06:36 - 000000000 ____D C:\Windows\Inf
2018-08-18 20:57 - 2018-05-20 15:43 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-08-18 17:45 - 2014-06-14 00:25 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2358354011-981561540-3637120196-1002
2018-08-16 21:03 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\system32\NDF
2018-08-14 12:57 - 2015-11-18 11:48 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-08-12 15:09 - 2015-03-15 14:51 - 000000090 _____ C:\Windows\QBChanUtil_Trigger.ini
2018-08-12 15:03 - 2015-03-15 14:51 - 000000000 ____D C:\ProgramData\Intuit
2018-08-11 12:16 - 2013-08-22 08:20 - 000000000 ____D C:\Windows\CbsTemp
2018-08-09 21:18 - 2015-02-27 01:30 - 000000000 ____D C:\Users\dannyid\AppData\Local\Windows Live
2018-08-08 15:41 - 2016-06-17 20:27 - 000002251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-08 15:41 - 2016-06-17 20:27 - 000002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2016-02-15 23:07 - 2016-02-28 17:42 - 000003461 _____ () C:\Users\dannyid\AppData\Roaming\QBFileDrTool.log
2016-01-04 19:13 - 2017-01-03 14:20 - 000016384 _____ () C:\Users\dannyid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
2018-07-18 13:21 - 2018-07-18 13:21 - 000073728 _____ () C:\Users\Daniel Tech Support\AppData\Local\Temp\5510.tmp.exe
2018-07-18 12:24 - 2018-07-18 12:24 - 000103424 _____ () C:\Users\Daniel Tech Support\AppData\Local\Temp\629A.tmp.exe
2018-07-18 12:15 - 2018-07-18 12:15 - 000073728 _____ () C:\Users\Daniel Tech Support\AppData\Local\Temp\8EEB.tmp.exe
2018-07-18 12:16 - 2018-07-18 12:16 - 000651776 _____ (Igor Pavlov) C:\Users\Daniel Tech Support\AppData\Local\Temp\DED5.tmp.exe
2018-07-25 11:24 - 2018-07-25 11:24 - 000103424 _____ () C:\Users\DanielAzuz\AppData\Local\Temp\261C.tmp.exe
2018-07-25 11:24 - 2018-07-25 11:24 - 000058336 _____ (NirSoft) C:\Users\DanielAzuz\AppData\Local\Temp\2C18.tmp.exe
2018-07-25 11:24 - 2018-07-25 11:24 - 000651776 _____ (Igor Pavlov) C:\Users\DanielAzuz\AppData\Local\Temp\833.tmp.exe
2018-07-25 11:23 - 2018-07-25 11:23 - 000073728 _____ () C:\Users\DanielAzuz\AppData\Local\Temp\A8F8.tmp.exe
2018-06-12 00:07 - 2018-06-12 00:07 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\11B4.tmp.exe
2018-09-01 20:38 - 2018-09-01 20:38 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\1A45.tmp.exe
2018-07-21 14:26 - 2018-07-21 14:26 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\1C99.tmp.exe
2018-07-18 11:14 - 2018-07-18 11:14 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\1D57.tmp.exe
2018-07-18 11:11 - 2018-07-18 11:11 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\1E5.tmp.exe
2018-08-23 14:19 - 2018-08-23 14:19 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\2076.tmp.exe
2018-08-23 14:19 - 2018-08-23 14:19 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\221D.tmp.exe
2018-07-31 16:15 - 2018-07-31 16:15 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\253C.tmp.exe
2018-08-19 11:48 - 2018-08-19 11:48 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\2560.tmp.exe
2018-07-21 12:34 - 2018-07-21 12:34 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\311A.tmp.exe
2018-07-21 11:17 - 2018-07-21 11:17 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\3177.tmp.exe
2018-06-12 00:06 - 2018-06-12 00:06 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\32A7.tmp.exe
2018-07-23 12:01 - 2018-07-23 12:01 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\35A1.tmp.exe
2018-07-28 14:32 - 2018-07-28 14:32 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\371E.tmp.exe
2018-07-23 12:01 - 2018-07-23 12:01 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\3757.tmp.exe
2018-08-19 12:02 - 2018-08-19 12:02 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\3B00.tmp.exe
2018-08-19 12:02 - 2018-08-19 12:02 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\3C88.tmp.exe
2018-07-02 11:52 - 2018-07-02 11:52 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\3F9D.tmp.exe
2018-07-02 11:34 - 2018-07-02 11:34 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\4969.tmp.exe
2018-09-01 20:38 - 2018-09-01 20:38 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\4CE2.tmp.exe
2018-09-01 20:38 - 2018-09-01 20:38 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\509D.tmp.exe
2018-07-02 11:44 - 2018-07-02 11:44 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\50B8.tmp.exe
2018-06-12 00:06 - 2018-06-12 00:06 - 000651776 _____ (Igor Pavlov) C:\Users\dannyid\AppData\Local\Temp\542D.tmp.exe
2018-08-25 10:56 - 2018-08-25 10:56 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\59A6.tmp.exe
2018-07-23 10:32 - 2018-07-23 10:32 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\5AA6.tmp.exe
2018-08-30 15:12 - 2018-08-30 15:12 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\603C.tmp.exe
2018-07-28 14:34 - 2018-07-28 14:34 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\60CD.tmp.exe
2018-08-12 14:43 - 2018-08-12 14:43 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\6943.tmp.exe
2018-07-02 11:49 - 2018-07-02 11:49 - 000651776 _____ (Igor Pavlov) C:\Users\dannyid\AppData\Local\Temp\69EC.tmp.exe
2018-07-02 11:52 - 2018-07-02 11:52 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\6AE4.tmp.exe
2018-07-18 11:46 - 2018-07-18 11:46 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\6C2.tmp.exe
2018-08-25 10:59 - 2018-08-25 10:59 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\6CB6.tmp.exe
2018-07-22 17:34 - 2018-07-22 17:34 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\7BAE.tmp.exe
2018-07-23 11:32 - 2018-07-23 11:32 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\84D9.tmp.exe
2018-07-18 13:30 - 2018-07-18 13:30 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\8FF1.tmp.exe
2018-08-12 14:44 - 2018-08-12 14:44 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\91CE.tmp.exe
2018-08-12 14:44 - 2018-08-12 14:44 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\93A4.tmp.exe
2018-08-30 15:12 - 2018-08-30 15:12 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\9568.tmp.exe
2018-08-30 15:12 - 2018-08-30 15:12 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\97CA.tmp.exe
2018-08-09 23:07 - 2018-08-09 23:07 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\9C9F.tmp.exe
2018-08-18 14:53 - 2018-08-18 14:53 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\9FC.tmp.exe
2018-08-11 11:49 - 2018-08-11 11:49 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\A233.tmp.exe
2018-08-11 11:53 - 2018-08-11 11:53 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\A4D3.tmp.exe
2018-08-31 12:39 - 2018-08-31 12:39 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\A521.tmp.exe
2018-07-18 11:43 - 2018-07-18 11:43 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\A94B.tmp.exe
2018-07-22 04:43 - 2018-07-22 04:43 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\AC73.tmp.exe
2018-08-11 11:53 - 2018-08-11 11:53 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\ADEC.tmp.exe
2018-07-21 16:04 - 2018-07-21 16:04 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\B08A.tmp.exe
2018-07-15 21:20 - 2018-07-15 21:20 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\B2FB.tmp.exe
2018-08-16 19:01 - 2018-08-16 19:01 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\B383.tmp.exe
2018-06-12 00:06 - 2018-06-12 00:06 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\B460.tmp.exe
2018-07-15 21:20 - 2018-07-15 21:20 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\B50F.tmp.exe
2018-07-02 11:45 - 2018-07-02 11:45 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\B56E.tmp.exe
2018-08-18 14:53 - 2018-08-18 14:53 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\BC2.tmp.exe
2018-07-29 15:29 - 2018-07-29 15:29 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\BCA5.tmp.exe
2018-08-16 19:01 - 2018-08-16 19:01 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\BF5B.tmp.exe
2018-08-23 14:17 - 2018-08-23 14:17 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\C387.tmp.exe
2018-07-29 15:30 - 2018-07-29 15:30 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\C6B6.tmp.exe
2018-07-31 16:18 - 2018-07-31 16:18 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\CC73.tmp.exe
2018-08-18 14:53 - 2018-08-18 14:53 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\CD9B.tmp.exe
2018-07-21 16:02 - 2018-07-21 16:02 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\D425.tmp.exe
2018-08-06 06:55 - 2018-08-06 06:55 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\D54E.tmp.exe
2018-08-06 06:56 - 2018-08-06 06:56 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\D59B.tmp.exe
2018-08-06 06:56 - 2018-08-06 06:56 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\D6A6.tmp.exe
2018-07-22 04:38 - 2018-07-22 04:38 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\D702.tmp.exe
2018-08-09 23:09 - 2018-08-09 23:09 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\DCEE.tmp.exe
2018-08-09 23:09 - 2018-08-09 23:09 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\DD7C.tmp.exe
2018-07-18 13:32 - 2018-07-18 13:32 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\E237.tmp.exe
2018-08-06 06:49 - 2018-08-06 06:49 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\EB24.tmp.exe
2018-08-31 12:39 - 2018-08-31 12:39 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\EB36.tmp.exe
2018-08-31 12:39 - 2018-08-31 12:39 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\EBC4.tmp.exe
2018-07-15 21:16 - 2018-07-15 21:16 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\ED54.tmp.exe
2018-08-16 19:00 - 2018-08-16 19:00 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\EEB8.tmp.exe
2018-07-02 11:52 - 2018-07-02 11:52 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\EF64.tmp.exe
2018-08-29 08:57 - 2018-08-29 08:57 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\F07E.tmp.exe
2018-07-23 03:14 - 2018-07-23 03:14 - 000651776 _____ (Igor Pavlov) C:\Users\dannyid\AppData\Local\Temp\F8BD.tmp.exe
2018-07-21 12:36 - 2018-07-21 12:36 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\FBAD.tmp.exe
2018-07-22 17:29 - 2018-07-22 17:29 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\FD07.tmp.exe
2017-06-20 16:57 - 2017-06-20 16:57 - 097404904 _____ (Seagate) C:\Users\dannyid\AppData\Local\Temp\setup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-08-27 04:13

==================== End of FRST.txt ============================

Edited by sefnf, 02 September 2018 - 04:27 PM.

[sefnf]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.09.2018 03
Ran by dannyid (02-09-2018 14:58:22)
Running from C:\Users\dannyid\Downloads
Windows 8.1 (Update) (X64) (2014-06-14 10:18:47)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2358354011-981561540-3637120196-500 - Administrator - Disabled)
Daniel Tech Support (S-1-5-21-2358354011-981561540-3637120196-1006 - Administrator - Enabled) => C:\Users\Daniel Tech Support
DanielAzuz (S-1-5-21-2358354011-981561540-3637120196-1003 - Limited - Enabled) => C:\Users\DanielAzuz
dannyid (S-1-5-21-2358354011-981561540-3637120196-1002 - Administrator - Enabled) => C:\Users\dannyid
Guest (S-1-5-21-2358354011-981561540-3637120196-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2358354011-981561540-3637120196-1008 - Limited - Enabled)
QBDataServiceUser23 (S-1-5-21-2358354011-981561540-3637120196-1004 - Limited - Enabled) => C:\Users\QBDataServiceUser23
QBDataServiceUser26 (S-1-5-21-2358354011-981561540-3637120196-1005 - Limited - Enabled) => C:\Users\QBDataServiceUser26

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Malwarebytes (Disabled - Out of date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20058 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\{06BBCA29-E177-44BB-901E-BA318CF064FD}) (Version: 20.15.6362.54439 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.15.6362.54439 - Alcor Micro Corp.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASUS Launcher (HKLM-x32\...\{40376CD0-67E0-4190-86CA-8BD8CBAC331C}) (Version: 2.00.08 - ASUSTeK Computer Inc.)
ASUS Manager - PC Cleanup (HKLM-x32\...\{E22A19AE-7DDB-4959-B1DB-A0996294352A}) (Version: 2.00.03 - ASUSTeK Computer Inc.)
ASUS Manager - Power Manager (HKLM-x32\...\{DD248BEE-E925-4720-A775-9A42276BB6EA}) (Version: 2.01.02 - ASUSTeK Computer Inc.)
ASUS Manager - Recovery (HKLM-x32\...\{CF4A14CB-C4CB-4241-B659-7C58517515CF}) (Version: 2.00.08 - ASUSTeK Computer Inc.)
ASUS Manager - Update (HKLM-x32\...\{675BBE8A-0ED3-4048-8723-BA51EAB8E1A8}) (Version: 2.01.05 - ASUSTeK Computer Inc.)
ASUS Manager - USB Lock (HKLM-x32\...\{1931C916-6CB8-4E4D-8561-EA20C426AE19}) (Version: 2.00.10 - ASUSTeK Computer Inc.)
ASUS Manager (HKLM-x32\...\{F5E5AD85-4A90-4604-A887-464D3818D8FD}) (Version: 2.05.04 - ASUSTeK Computer Inc.)
ASUS Music Maker (HKLM\...\{AB515018-7F9D-4047-B0C0-F26BAC30F3E1}) (Version: 18.0.4.1 - MAGIX AG) Hidden
ASUS Music Maker (HKLM-x32\...\MAGIX_{AB515018-7F9D-4047-B0C0-F26BAC30F3E1}) (Version: 18.0.4.1 - MAGIX AG)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5424.52 - CyberLink Corp.) Hidden
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5424.52 - CyberLink Corp.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.310 - ASUSTEK)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Carbonite (HKLM-x32\...\{ADD4D4D2-4489-43A7-A141-7EDF2C5FB68E}) (Version: 6.3.3 build 7602 (Feb-02-2018) - Carbonite)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4428 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5611.55 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
eManual (HKLM-x32\...\{0C84E634-EB68-4A54-B21E-A05EC87A4CC5}) (Version: 1.00.06 - ASUSTeK Computer Inc.)
EPSON Artisan 837 Series Printer Uninstall (HKLM\...\EPSON Artisan 837 Series) (Version:  - SEIKO EPSON Corporation)
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.05.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
Evernote v. 6.5.4 (HKLM-x32\...\{D47E7D82-0D98-11E7-A6D6-005056951CAD}) (Version: 6.5.4.4720 - Evernote Corp.)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Fotogalerie (HKLM-x32\...\{0FD66C6F-4023-4C74-AF8E-9B8B2053868E}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free Rar Opener (HKLM-x32\...\{C4F94FD8-9CF5-40B5-9695-FC5BCD22F062}_is1) (Version: 1.0 - Media Freeware)
Galeria de Fotografias (HKLM-x32\...\{6DFF6F1B-F876-4007-AC82-42D5DDF0E090}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galería de fotos (HKLM-x32\...\{F7314CA2-F900-46D7-9EA1-FBDD9D73F765}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galerie de photos (HKLM-x32\...\{F4D99A13-F63A-4FC1-8799-CFFDB78DDFB3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{BF354C72-AC4C-4A87-8D42-B089862BAE58}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoPro (HKLM\...\{1E92618C-EB66-4C4C-9F45-93EC6EF53273}) (Version: 0.1.2733 - GoPro, Inc.) Hidden
GoPro for Desktop (HKLM-x32\...\{88734dc7-c200-4ad3-b29f-bb5e436cb30f}) (Version: 1.4.0.2733 - GoPro, Inc.)
GoPro Studio (HKLM-x32\...\{99502BF0-655A-425D-8754-9EEC557D3D73}) (Version: 5.9.2733 - GoPro, Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Kaspersky Secure Connection (HKLM-x32\...\{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Total Security (HKLM-x32\...\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM-x32\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{4cadd82e-f9f2-4f69-bcfd-a0b929d8e6e2}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{8a225685-3b19-4387-b61b-830061421071}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{0FD2B9C6-DB91-48EA-9518-AB5B68CA1E28}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{268F956D-2FE7-4D10-8070-A4AC3BEF54EF}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{3C5F91EF-5C0B-4D13-BCBE-0FC6FC3ED7F9}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{4FB56489-F34B-42AA-9437-FB9E0B0543F7}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{6066D3FE-3692-4449-A3C8-D1EAA2C0E9E7}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{7693587D-5D66-4208-ABEA-C370217D1D9B}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{B1865FCC-BE34-4800-AF2F-FB0120821B6A}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DE9C585C-8578-4A8A-B92A-BA8DF2540E21}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{E169436E-49D8-419B-A5C0-D245EAF99611}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{F25C8769-16B6-4B19-BB0B-76F213829AC6}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 61.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.1 (x64 en-US)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 61.0.1.6759 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Neat Smart Organization System (HKLM-x32\...\Neat Smart Organization System) (Version: 1.5.2.11 - The Neat Company)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Pdf995 (HKLM-x32\...\Pdf995) (Version:  - )
Personnel Forms on CD 2.0 (HKLM-x32\...\Personnel Forms on CD_is1) (Version: 1.0 - Adams, a division of TOPS)
Punch! Interior Design Suite (HKLM-x32\...\{9AEAA5D5-67C2-49A4-9D13-DDC20D074FA4}) (Version: 16.0.2 - Punch! Software)
QuickBooks (HKLM-x32\...\{2B0E1E07-2F3D-4E7D-AD0A-1C74A8881B9B}) (Version: 26.0.4014.2607 - Intuit Inc.) Hidden
QuickBooks Pro 2016 (HKLM-x32\...\{4338BDE2-0035-41BC-87BE-EE0AD5D48042}) (Version: 26.0.4014.2607 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Raccolta foto (HKLM-x32\...\{FA6BC7A5-85B3-4DC2-825C-D508E386151A}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8117 - Realtek Semiconductor Corp.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
StarCraft (HKLM-x32\...\StarCraft) (Version:  - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
SUABnR (HKLM-x32\...\{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.95388 - TeamViewer)
TEC-IT TBarCode Office 10 (HKLM\...\{B9C3D27C-D72A-4F48-A0A4-8E1758219735}) (Version: 10.6.0.13858 - TEC-IT Datenverarbeitung GmbH)
TECIT.TBarCode.ExcelAddIn (HKU\S-1-5-21-2358354011-981561540-3637120196-1002\...\29813F0DC48E97541FBED4F14E3701CDE7C4C491) (Version: 1.0.0.0 - TECIT.TBarCode.ExcelAddIn)
TECIT.TBarCode.WordAddIn (HKU\S-1-5-21-2358354011-981561540-3637120196-1002\...\71AE37307294CC1A34110ADBD07E07D1842629B9) (Version: 9.0.0.12803 - TECIT.TBarCode.WordAddIn)
Trelby (HKLM-x32\...\Trelby) (Version: 2.2.0.0 - Trelby.org)
Unity Web Player (HKU\S-1-5-21-2358354011-981561540-3637120196-1002\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{465A6063-6A4F-4290-B3F2-E71A83E0274A}) (Version: 3.18.0301 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{98329023-0924-4F0B-8856-EC3D5D18404D}) (Version: 3.17.0701 - Samsung Electronics Co., Ltd.)
VFW_Codec32 (HKLM-x32\...\{4275850F-4E2E-4F60-9E73-8BD8F70891D3}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (HKLM\...\{7010885D-3378-4C9B-B330-88271728EDE5}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WD Backup (HKLM-x32\...\{0a788274-32cc-4280-b02e-a8df90d8f73f}) (Version: 1.9.6731.39035 - Western Digital Technologies, Inc.)
WD Backup (HKLM-x32\...\{97FC345F-0D8B-4CF2-8207-AC8C79325495}) (Version: 1.9.6731.39035 - Western Digital Technologies, Inc) Hidden
WD Desktop App 1.5.0.84 (HKLM-x32\...\{2378282a-1564-4bf1-8d28-de7d945afd3e}) (Version: 1.5.0.84 - Western Digital Technologies, Inc.) Hidden
WD Desktop App 1.5.0.84 (x64) (HKLM\...\{CA7F7232-526E-41BD-971A-47BE28C18516}) (Version: 1.5.0.84 - Western Digital Technologies, Inc.) Hidden
WD Discovery (HKLM-x32\...\WDDiscovery) (Version: 3.0.377 - Western Digital Technologies, Inc.)
WD Drive Agent (HKLM-x32\...\{10BD0B99-6C39-4246-85DA-E4AA34B7707E}) (Version: 1.1.0.25 - Western Digital Technologies, Inc.) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Wondershare Dr.Fone for Android(Build 5.7.0.9) (HKLM-x32\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 5.7.0.9 - Wondershare Software Co.,Ltd.)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Συλλογή φωτογραφιών (HKLM-x32\...\{032CB0D7-FDBF-4CA9-901B-A4C1B01B1777}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
影像中心 (HKLM-x32\...\{7DB15F28-5E38-476A-A773-EA07EAEAB1B3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
照片库 (HKLM-x32\...\{25716F85-7DB7-4CB4-8BD3-1992DBA3F59C}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [     WDDesktopIconOverlay01] -> {4F8A325E-9DAF-44B8-A825-1A14DFA0FA78} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [     WDDesktopIconOverlay02] -> {0176BDDE-B59A-4A1E-808B-CAD461415CCA} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [     WDDesktopIconOverlay03] -> {B65909D1-57AF-41F5-AB94-BEB733F62B35} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [     WDDesktopIconOverlay04] -> {C6C2397D-8238-4332-8935-86C39C7C165F} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [     WDDesktopIconOverlay05] -> {E7B3BCF9-0386-4B5F-AE6A-91B9F1423973} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [     WDDesktopIconOverlay06] -> {564EA121-D9DA-485D-82C2-C2ED7BFCCEAD} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [    Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [    Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [    Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [    Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [    Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
ContextMenuHandlers1: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
ContextMenuHandlers1: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\x64\shellex.dll [2017-03-19] (AO Kaspersky Lab)
ContextMenuHandlers1: [WDDesktopContextMenu] -> {92d5c650-9500-31db-aa71-3bcca43428c8} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers2: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
ContextMenuHandlers2: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\x64\shellex.dll [2017-03-19] (AO Kaspersky Lab)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2325} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers4: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
ContextMenuHandlers4: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\x64\shellex.dll [2017-03-19] (AO Kaspersky Lab)
ContextMenuHandlers4: [WDDesktopContextMenu] -> {92d5c650-9500-31db-aa71-3bcca43428c8} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\x64\shellex.dll [2017-03-19] (AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03D17BDE-1421-4D2F-8D38-950EFF058B2E} - System32\Tasks\WD Discovery Service Task dannyid => C:\Program Files (x86)\Western Digital\Discovery\Current\Service\WDDiscoveryService.exe [2018-07-02] ()
Task: {1563C7C1-2917-479B-A427-43C437B61062} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-06] (Adobe Systems Incorporated)
Task: {28DA5F43-8412-4E6F-A477-8DFD04018093} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe [2013-08-08] ()
Task: {3770C0BD-BB37-4903-96D8-D4992D0BEF77} - System32\Tasks\{28DD34CB-B43D-46D0-A797-7140771CB961} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\epson\escndv\setup\setup.exe" -c /r
Task: {497FC956-1ABA-4B1C-B31B-E40563ECFF21} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-07-11] (AO Kaspersky Lab)
Task: {55E25A6D-F09A-459D-8E96-FB0CE4D6E974} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {7F960800-8DF3-4CBA-8C1D-106FA2CCCE91} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe
Task: {7FF82400-594C-4469-B786-9B895D04A8F2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {813F9325-D3DB-4844-B438-EC5E4FB19C40} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {88E3A74E-9081-4C35-B1B9-246D790CB5DA} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => Powershell -noexit -command "&{$carbProgramDataPath = $env:ProgramData + '\Carbonite\Carbonite Backup\';$upgradeExe = 'CarboniteUpgrade.exe';$upgradeFullPath =  $carbProgramDataPath + $upgradeExe;$logFile = 'CarboniteUpgrade.log';$logFileFullPath = $carbProgramDataPath + $logFile;$psversion = [string]$psversio (the data entry has 1818 more characters).
Task: {8C8EEA55-BF19-4567-988F-150D2DA2A61A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {A93DD916-B9D6-4CB1-A37B-EF25E1771924} - System32\Tasks\ASUS\ASUS Launcher Helper => C:\Program Files (x86)\ASUS\ASUS Launcher\Launcher.exe [2013-10-01] (Microsoft)
Task: {AACB9903-20CE-4563-9265-CDDD10B6E311} - System32\Tasks\ASUS\ASUS Manager HotKey Service => C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe [2013-09-18] (ASUSTeK Computer Inc.)
Task: {AE66EC69-9B5A-4673-9F0D-E134D3D2A73A} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe [2015-08-11] (CyberLink Corp.)
Task: {BCC2BC8D-0DD2-4634-96C0-F3530A3AB3AA} - System32\Tasks\ASUS\ASUS Manager BackgroundWindow => C:\Program Files (x86)\ASUS\ASUS Manager\BackgroundWindow.exe [2013-08-23] ()
Task: {C64CF921-C2F7-4D7A-91D4-0D11612A7BF9} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-07-09] ()
Task: {CB2D527A-8995-4153-94FD-7643A17FC37B} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\Overseer.exe [2018-08-17] (AVAST Software)
Task: {F8D83B15-869E-47D0-A9FA-8320462D1B0D} - System32\Tasks\ASUS\Power_Manager_background => C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe [2013-09-06] (ASUSTeK)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-01-05 13:54 - 2012-04-26 15:51 - 000040448 _____ () C:\Windows\System32\pdf995mon64.dll
2012-12-18 23:10 - 2012-12-18 23:10 - 000072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2013-11-29 02:03 - 2013-08-08 11:00 - 000207160 _____ () C:\Windows\SysWOW64\AsHookDevice.exe
2014-03-22 02:35 - 2016-12-29 06:16 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-11-29 02:18 - 2012-04-24 03:43 - 000390632 ____R () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2018-05-20 15:43 - 2018-08-18 20:57 - 002681424 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2013-11-29 02:02 - 2013-08-28 08:24 - 000920736 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2016-05-12 00:39 - 2016-05-12 00:39 - 000037808 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
2013-11-29 02:03 - 2013-08-08 18:33 - 001114768 _____ () C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe
2013-11-29 02:09 - 2013-10-01 20:26 - 000878592 _____ () C:\Windows\AsusLauncherContextMenu64.dll
2016-05-12 00:39 - 2016-05-12 00:39 - 001088944 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe
2018-07-02 11:50 - 2018-07-02 11:50 - 000067048 _____ () C:\Program Files (x86)\Western Digital\Discovery\Current\Service\WDDiscoveryService.exe
2018-03-23 14:02 - 2018-03-23 14:02 - 011886328 _____ () C:\Program Files\WD Desktop App\kdd
2018-03-23 14:02 - 2018-03-23 14:02 - 002637985 _____ () C:\Program Files\WD Desktop App\libfusewdfs.dll
2018-03-23 14:02 - 2018-03-23 14:02 - 021776608 _____ () C:\Program Files\WD Desktop App\wdsync.exe
2018-03-23 14:02 - 2018-03-23 14:02 - 007039200 _____ () C:\Program Files\WD Desktop App\wdsync-inotify.exe
2016-06-28 01:19 - 2016-06-28 01:19 - 000865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0 (1)\kpcengine.2.3.dll
2013-11-29 02:02 - 2018-09-01 15:26 - 000025600 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2013-11-29 02:02 - 2010-06-28 19:58 - 000104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2014-03-22 02:34 - 2013-08-19 12:10 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-03-20 11:57 - 2017-03-20 11:57 - 000321208 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2018-07-02 11:50 - 2018-07-02 11:50 - 001702400 _____ () C:\Program Files (x86)\Western Digital\Discovery\Current\ffmpeg.dll
2015-11-11 03:41 - 2015-11-11 03:41 - 000756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2358354011-981561540-3637120196-1002\...\drudgereport.com -> www.drudgereport.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2358354011-981561540-3637120196-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\dannyid\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows photo viewer wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BFBEC0EA-C68C-491C-BBDE-260CC7AF401C}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{C3F6F437-38E9-4360-B3D1-D34FAE9F8AD3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{C2F362E2-405C-46F7-B26A-BBEF91E59DAF}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{8379DC2C-DAD5-44F3-972A-5881D930ACED}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{05D57759-4A33-4375-8C74-668CB39B63F0}] => (Allow) LPort=2869
FirewallRules: [{07488EC1-2213-455C-9975-ED3E892378B9}] => (Allow) LPort=1900
FirewallRules: [{3178BD92-BDCC-4BC0-8200-F50D9913349B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{F9BA953B-5AEF-4989-A4D9-BAD8C6F4357F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{4BCAD607-DFDE-49AE-B70A-F9584FCDAD17}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{76B4A66F-9218-4858-976D-1D344EB3B6A3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{9BD88C8E-6C2E-43B9-A9B6-1ACE13E40C97}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{A430D0B1-EF1C-4278-98C4-02D14CAA90EF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{5ABE56D3-BC47-42E3-ADF7-F6ED66154CC0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{5FA9B726-D32F-434D-BE18-3A975F3B52AC}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{31A2BFCE-0B1A-4D35-A0D0-4CE1F7739506}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{504D4054-8AB6-4D1C-8D62-859B688C73F2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{96775895-C2F7-4669-93A0-DD5610779940}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{419A9589-7D90-433A-B14F-37FC0EBDE1B9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{A796AC8A-0ADD-47CC-9E23-D35231CC8CA5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{D4FA5DE8-C8D3-4DE0-9BEC-585015C27CF1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{1B25D05F-5A63-45A7-8AF8-A697C92D254B}] => (Allow) I:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{4FD9EE2E-7491-409C-8C3B-057EB23EF8D7}] => (Allow) I:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [TCP Query User{C98251F6-C5A6-4645-9E2B-67864F23F7D1}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{B94B433F-B58A-4BBD-B63B-C16BD910F1BC}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{5787DC35-4D1E-4F5C-8464-A024C64DD930}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{BA9ED2F4-D787-4590-B5F8-9CD1A3366340}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{9CDED7BD-FC36-4BF9-9CF4-D76D469BFA14}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{673AA415-FFDD-4DAE-933D-921B22BB3028}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{CB549B3A-2220-4155-B191-0093949FCEF0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{2AACDFC8-F768-4308-9FC7-C2B0D46E79B0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{60665591-CD1C-49C1-8ECC-B2D3A9F508A7}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{A579C72E-1FA5-4F02-822C-2ADADE702B8F}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{C9E64127-BAF4-4DF3-AA6E-082180DE5918}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{B60F4AAC-23EB-4FFD-849F-E4E003041397}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{88B6C50F-96A1-404E-A29A-78E9E668A5FC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3332\Agent.exe
FirewallRules: [{E61A6987-3928-4AE1-80EB-A9818F3A6F0A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3332\Agent.exe
FirewallRules: [{DF20A1E9-67F0-4C7A-8D4F-5A6B9426533E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{74F7847E-6A06-4D50-9B2E-29F9B7C11108}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{2A513357-C0E8-4F5D-B31D-802BE4DC8DC2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{26F97CC3-8775-4D62-B261-706F9F312126}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{6D8183BA-31BE-4F0B-B196-6D11DC986888}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{70FEF417-695F-4280-9F3A-85F54E47A667}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{1847FB16-30D3-479B-B42C-F710D2046FD8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{00BDD0A0-198B-40E4-9F7B-7B3617D7D7DD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{6D322122-4E5D-422C-A7B4-18180BD06206}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{D0DDF2BE-D72D-4046-884E-4C85078466E1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{DDA25F4E-A7A5-46DF-ABE0-4FBE5B86BF78}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{60B0E988-C7BB-4FF5-BC05-BFA0ECF0BB06}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{FCD152AB-4F55-4EDB-8248-2F3B26572EF0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{36482D8F-4DFC-4A55-AB68-E325C9994000}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{8765CF2E-CC7A-4819-9AF5-44E2AACC1FC5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{A79C44CD-FCC1-4821-B9DE-1E5DC1804031}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{1035685F-9479-4B3E-8C5C-A6B229BCC28B}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{A393AC85-D1FF-4693-82B8-7E7B3CCA7A8B}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{E797F8B4-8057-4335-9BC7-AC02EADE8406}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{65F1FFF6-53F7-4C37-AC09-437D6875AC92}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{6B5BF45C-D248-44C7-A2B2-7750ABDBB6EB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{7AF8FDB4-0EAF-46C3-A15E-7A74D1FEF1D0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{91DC32A5-E4F0-46B8-9BAC-000BDA78F74C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{8C05BFC9-9C95-45B6-85D6-C91BC10C5B2E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{A22229A3-C3B7-42B2-9D4E-008324BEB7E1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{711B40EE-CCCC-4E12-8DD9-E44C8B27E454}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{C897E74C-C4F3-4DE2-9E09-D6A1D6A9151F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{F3FE2F8B-0F37-488F-A4F5-6E877066F437}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{AAF30267-650B-42ED-A4FE-1BA23CB9D698}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{CA1D0C8F-1942-48C2-88E2-1F376B7FDFF7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{D422FC22-84FC-4D97-8382-8999BC5462C1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{7495654C-DA23-4C72-840B-A268E32B9338}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [TCP Query User{7DCCD7FE-7C10-48CD-99EE-42142DCEE7D7}C:\program files (x86)\intuit\quickbooks 2013\qbdbmgrn.exe] => (Allow) C:\program files (x86)\intuit\quickbooks 2013\qbdbmgrn.exe
FirewallRules: [UDP Query User{CC168F69-9F97-4410-9061-A22411ECE327}C:\program files (x86)\intuit\quickbooks 2013\qbdbmgrn.exe] => (Allow) C:\program files (x86)\intuit\quickbooks 2013\qbdbmgrn.exe
FirewallRules: [{55D8CCE3-3016-473F-91CA-6CE6D935F49E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{07B572CC-D3A4-4A94-B359-5DE09C21373C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F5CE72F4-95D4-4862-92E8-8BDDECEF1A6F}] => (Allow) C:\Users\dannyid\Downloads\raropener_setup-64668594.exe
FirewallRules: [{A188C480-EB7D-4782-B3C2-FB3DD4F0AC41}] => (Allow) C:\Users\dannyid\Downloads\raropener_setup-64668594.exe
FirewallRules: [TCP Query User{62219525-D711-409F-8478-95BB2F2BC8A1}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{D5C959FA-0C31-45C2-A0FB-D03165934E51}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{8A738B09-61D9-49AE-B7F8-2B307EB65B02}C:\program files (x86)\intuit\quickbooks 2013\qbdbmgrn.exe] => (Allow) C:\program files (x86)\intuit\quickbooks 2013\qbdbmgrn.exe
FirewallRules: [UDP Query User{91094A9F-D3DA-4DF7-AF2C-D8776C0884CD}C:\program files (x86)\intuit\quickbooks 2013\qbdbmgrn.exe] => (Allow) C:\program files (x86)\intuit\quickbooks 2013\qbdbmgrn.exe
FirewallRules: [{65BA26E2-D465-40B8-8AED-D870B820EC76}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2016\qbdbmgrn.exe
FirewallRules: [{9DAE5FED-5063-44F6-8F50-2316AEBADF3A}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2016\qbdbmgrn.exe
FirewallRules: [{09FE79DD-0371-41FF-A0FF-B314C0409731}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2016\qbw32.exe
FirewallRules: [{6C1A3CC3-2B92-4549-899B-32BE3144B413}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2016\qbw32.exe
FirewallRules: [{73AEAA3A-252B-48E1-8151-BB5A19B9A63B}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2016\dbmanagerexe.exe
FirewallRules: [{B2679879-8414-4B83-914F-D8262570863E}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2016\dbmanagerexe.exe
FirewallRules: [{2B5A6525-3677-47EA-8781-33E97BE40BE4}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2016\filemanagement.exe
FirewallRules: [{9437B96D-2749-48E5-86B4-DFE7F446703D}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2016\filemanagement.exe
FirewallRules: [{8035687A-AB89-4FE0-997F-CB680A8A3BDC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\qblaunch.exe
FirewallRules: [{92B595F3-5A5C-43B0-856D-526564275C64}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\qblaunch.exe
FirewallRules: [{B335F06B-ECAC-4373-ACEC-6E3EBD8D5F38}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
FirewallRules: [{BB76C4C2-C946-4678-806D-5ACE30C7A817}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
FirewallRules: [{DC172D59-0BEE-4128-A664-171E161F07CD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F3F2FBBF-CF15-4473-B92F-AA40EE89AB35}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FA062EAE-211F-4118-A440-95B32BADD937}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{CF463EF8-315D-4EBF-AE13-4BBAB9F8E8C0}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoPro.exe
FirewallRules: [{45CDDA34-EDFF-4429-8D82-9C7474668067}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProMsgBus.exe
FirewallRules: [{51BC3E43-89BC-4F64-81E3-033DA13C0C3B}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProIDService.exe
FirewallRules: [{9B06272B-D58E-4E14-8D7D-846D0142C0C7}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProLauncher.exe
FirewallRules: [{9FE805A9-E345-4B61-875F-78688C4E562C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [TCP Query User{FF04454A-7A1E-43C8-A793-36A3F0E492E0}D:\program files\starcraft\starcraft.exe] => (Allow) D:\program files\starcraft\starcraft.exe
FirewallRules: [UDP Query User{AB958AB6-1E7A-4F96-8734-AFFEFEA6390D}D:\program files\starcraft\starcraft.exe] => (Allow) D:\program files\starcraft\starcraft.exe
FirewallRules: [{FB5D050B-79B8-4CAC-BCAF-C9BCEC7AAA2A}] => (Allow) LPort=8888
FirewallRules: [{BC257253-B765-4025-8D3D-BB7B05B5FB98}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{976E9C65-2157-47B8-8628-FB99EA41BA31}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{253FE380-3A2F-48F2-A7D5-A5738870BBAF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D1AB2096-5AE3-4CA5-ABA4-7373F99E46F7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0B46433E-0710-40BD-9E2A-DE68F3CF97A1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/02/2018 01:26:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AZUZ1DESK)
Description: Activation of app Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/02/2018 01:11:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AZUZ1DESK)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/02/2018 11:43:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.19036 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 27dc

Start Time: 01d4427e56551144

Termination Time: 1183

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 10ca7ac0-aee0-11e8-8406-bcee7bd9cce4

Faulting package full name:

Faulting package-relative application ID:

Error: (09/02/2018 11:42:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AZUZ1DESK)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/02/2018 11:42:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AZUZ1DESK)
Description: Activation of app Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/01/2018 11:19:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AZUZ1DESK)
Description: Activation of app Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/01/2018 11:05:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AZUZ1DESK)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/01/2018 09:20:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AZUZ1DESK)
Description: Activation of app Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:
=============
Error: (09/01/2018 03:27:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/01/2018 03:22:55 PM) (Source: DCOM) (EventID: 10010) (User: AZUZ1DESK)
Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout.

Error: (09/01/2018 03:22:55 PM) (Source: DCOM) (EventID: 10010) (User: AZUZ1DESK)
Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout.

Error: (09/01/2018 03:25:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The CarboniteService service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/31/2018 12:36:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/31/2018 12:33:11 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:11:24 AM on ‎8/‎31/‎2018 was unexpected.

Error: (08/31/2018 12:32:55 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 32212256841172432

Error: (08/30/2018 07:39:40 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.

Windows Defender:
===================================
Date: 2016-12-06 14:11:44.526
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.

Date: 2016-12-06 12:00:56.491
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 0.0.0.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error code: 0x8024001e
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2016-08-02 17:21:53.765
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 0.0.0.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error code: 0x8024001e
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2016-08-02 17:21:53.765
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 0.0.0.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error code: 0x8024001e
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2016-08-02 16:53:08.427
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error code: 0x80072f76
Error description: The requested header was not found

CodeIntegrity:
===================================

Date: 2014-07-15 01:55:01.513
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 28%
Total physical RAM: 16291.2 MB
Available physical RAM: 11664.82 MB
Total Virtual: 18723.2 MB
Available Virtual: 12569.28 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:150 GB) (Free:3.73 GB) NTFS
Drive d: (Data) (Fixed) (Total:1696.3 GB) (Free:1407.52 GB) NTFS
Drive j: (24604 - Transfer) (Fixed) (Total:931.51 GB) (Free:368.77 GB) NTFS

\\?\Volume{031137ab-558f-4fce-9bfb-59e3e6aebab5}\ (Windows RE tools) (Fixed) (Total:0.78 GB) (Free:0.5 GB) NTFS
\\?\Volume{26f3018e-fc0a-4ca3-a059-a583fd3ec06d}\ (Recovery image) (Fixed) (Total:15.56 GB) (Free:3.72 GB) NTFS
\\?\Volume{bd792236-6e1b-11e8-83ee-bcee7bd9cce4}\ () (Removable) (Total:7238.93 GB) (Free:6875.34 GB) KDDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: E187AD01)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 323A3EC7)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[sefnf]

Please download the latest version and post its log here.

http://spywareinfoforum.com/RGSA.exe

 

 

new scan below:

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 03rd, September 2018
Running from:C:\Users\dannyid\Downloads (11:27:38 - 09/03/2018)
***---------------------------------------------------------***
Microsoft Windows 8.1 X64
UAC is Enabled
Internet Explorer 11
Default Browser: Internet Explorer
***------------Antivirus - Antispyware - Firewall-----------***
Kaspersky Total Security (Disabled - up to Date)
Windows Defender (Disabled - up to Date)
Malwarebytes (Disabled - Not up to Date)
Kaspersky Total Security (Disabled - up to Date)
Windows Defender (Disabled - up to Date)
Kaspersky Total Security Firewall270352
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI (23.0.0.207) ==> is out of Date
Adobe Acrobat Reader DC (18.011.20058)
Google Chrome (68.0.3440.106)
Malwarebytes (3.5.1.2522)
Microsoft Silverlight (5.1.50907.0)
Mozilla Firefox (61.0.2)
Windows Live Essentials (16.4.3508.0205) ==> is no longer supported

***----------------Analysis Complete-------------------------***

Edited by sefnf, 03 September 2018 - 12:31 PM.

[nasdaq]

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 

Start

CreateRestorePoint:
CloseProcesses:

URLSearchHook: [S-1-5-21-2358354011-981561540-3637120196-1005] ATTENTION => Default URLSearchHook is missing
BHO: No Name -> {62582D6F-2615-4AF3-ACB6-12482A7E6BD7}' -> No File
BHO-x32: No Name -> {62582D6F-2615-4AF3-ACB6-12482A7E6BD7}' -> No File

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Task: {CB2D527A-8995-4153-94FD-7643A17FC37B} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\Overseer.exe [2018-08-17] (AVAST Software)

2018-08-08 02:29 - 2018-08-08 02:29 - 000016583 _____ C:\Users\dannyid\Documents\~WRD2680.tmp
2018-08-08 02:22 - 2018-08-08 02:22 - 000016380 _____ C:\Users\dannyid\Documents\~WRD4044.tmp
2018-08-08 01:45 - 2018-08-08 01:45 - 000011356 _____ C:\Users\dannyid\Documents\~WRD1270.tmp
2018-08-07 21:15 - 2018-08-07 21:21 - 000011283 ____H C:\Users\dannyid\Documents\~WRL1304.tmp
2018-07-18 13:21 - 2018-07-18 13:21 - 000073728 _____ () C:\Users\Daniel Tech Support\AppData\Local\Temp\5510.tmp.exe
2018-07-18 12:24 - 2018-07-18 12:24 - 000103424 _____ () C:\Users\Daniel Tech Support\AppData\Local\Temp\629A.tmp.exe
2018-07-18 12:15 - 2018-07-18 12:15 - 000073728 _____ () C:\Users\Daniel Tech Support\AppData\Local\Temp\8EEB.tmp.exe
2018-07-18 12:16 - 2018-07-18 12:16 - 000651776 _____ (Igor Pavlov) C:\Users\Daniel Tech Support\AppData\Local\Temp\DED5.tmp.exe
2018-07-25 11:24 - 2018-07-25 11:24 - 000103424 _____ () C:\Users\DanielAzuz\AppData\Local\Temp\261C.tmp.exe
2018-07-25 11:24 - 2018-07-25 11:24 - 000058336 _____ (NirSoft) C:\Users\DanielAzuz\AppData\Local\Temp\2C18.tmp.exe
2018-07-25 11:24 - 2018-07-25 11:24 - 000651776 _____ (Igor Pavlov) C:\Users\DanielAzuz\AppData\Local\Temp\833.tmp.exe
2018-07-25 11:23 - 2018-07-25 11:23 - 000073728 _____ () C:\Users\DanielAzuz\AppData\Local\Temp\A8F8.tmp.exe
2018-06-12 00:07 - 2018-06-12 00:07 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\11B4.tmp.exe
2018-09-01 20:38 - 2018-09-01 20:38 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\1A45.tmp.exe
2018-07-21 14:26 - 2018-07-21 14:26 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\1C99.tmp.exe
2018-07-18 11:14 - 2018-07-18 11:14 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\1D57.tmp.exe
2018-07-18 11:11 - 2018-07-18 11:11 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\1E5.tmp.exe
2018-08-23 14:19 - 2018-08-23 14:19 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\2076.tmp.exe
2018-08-23 14:19 - 2018-08-23 14:19 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\221D.tmp.exe
2018-07-31 16:15 - 2018-07-31 16:15 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\253C.tmp.exe
2018-08-19 11:48 - 2018-08-19 11:48 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\2560.tmp.exe
2018-07-21 12:34 - 2018-07-21 12:34 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\311A.tmp.exe
2018-07-21 11:17 - 2018-07-21 11:17 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\3177.tmp.exe
2018-06-12 00:06 - 2018-06-12 00:06 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\32A7.tmp.exe
2018-07-23 12:01 - 2018-07-23 12:01 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\35A1.tmp.exe
2018-07-28 14:32 - 2018-07-28 14:32 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\371E.tmp.exe
2018-07-23 12:01 - 2018-07-23 12:01 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\3757.tmp.exe
2018-08-19 12:02 - 2018-08-19 12:02 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\3B00.tmp.exe
2018-08-19 12:02 - 2018-08-19 12:02 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\3C88.tmp.exe
2018-07-02 11:52 - 2018-07-02 11:52 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\3F9D.tmp.exe
2018-07-02 11:34 - 2018-07-02 11:34 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\4969.tmp.exe
2018-09-01 20:38 - 2018-09-01 20:38 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\4CE2.tmp.exe
2018-09-01 20:38 - 2018-09-01 20:38 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\509D.tmp.exe
2018-07-02 11:44 - 2018-07-02 11:44 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\50B8.tmp.exe
2018-06-12 00:06 - 2018-06-12 00:06 - 000651776 _____ (Igor Pavlov) C:\Users\dannyid\AppData\Local\Temp\542D.tmp.exe
2018-08-25 10:56 - 2018-08-25 10:56 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\59A6.tmp.exe
2018-07-23 10:32 - 2018-07-23 10:32 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\5AA6.tmp.exe
2018-08-30 15:12 - 2018-08-30 15:12 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\603C.tmp.exe
2018-07-28 14:34 - 2018-07-28 14:34 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\60CD.tmp.exe
2018-08-12 14:43 - 2018-08-12 14:43 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\6943.tmp.exe
2018-07-02 11:49 - 2018-07-02 11:49 - 000651776 _____ (Igor Pavlov) C:\Users\dannyid\AppData\Local\Temp\69EC.tmp.exe
2018-07-02 11:52 - 2018-07-02 11:52 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\6AE4.tmp.exe
2018-07-18 11:46 - 2018-07-18 11:46 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\6C2.tmp.exe
2018-08-25 10:59 - 2018-08-25 10:59 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\6CB6.tmp.exe
2018-07-22 17:34 - 2018-07-22 17:34 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\7BAE.tmp.exe
2018-07-23 11:32 - 2018-07-23 11:32 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\84D9.tmp.exe
2018-07-18 13:30 - 2018-07-18 13:30 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\8FF1.tmp.exe
2018-08-12 14:44 - 2018-08-12 14:44 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\91CE.tmp.exe
2018-08-12 14:44 - 2018-08-12 14:44 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\93A4.tmp.exe
2018-08-30 15:12 - 2018-08-30 15:12 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\9568.tmp.exe
2018-08-30 15:12 - 2018-08-30 15:12 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\97CA.tmp.exe
2018-08-09 23:07 - 2018-08-09 23:07 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\9C9F.tmp.exe
2018-08-18 14:53 - 2018-08-18 14:53 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\9FC.tmp.exe
2018-08-11 11:49 - 2018-08-11 11:49 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\A233.tmp.exe
2018-08-11 11:53 - 2018-08-11 11:53 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\A4D3.tmp.exe
2018-08-31 12:39 - 2018-08-31 12:39 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\A521.tmp.exe
2018-07-18 11:43 - 2018-07-18 11:43 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\A94B.tmp.exe
2018-07-22 04:43 - 2018-07-22 04:43 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\AC73.tmp.exe
2018-08-11 11:53 - 2018-08-11 11:53 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\ADEC.tmp.exe
2018-07-21 16:04 - 2018-07-21 16:04 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\B08A.tmp.exe
2018-07-15 21:20 - 2018-07-15 21:20 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\B2FB.tmp.exe
2018-08-16 19:01 - 2018-08-16 19:01 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\B383.tmp.exe
2018-06-12 00:06 - 2018-06-12 00:06 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\B460.tmp.exe
2018-07-15 21:20 - 2018-07-15 21:20 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\B50F.tmp.exe
2018-07-02 11:45 - 2018-07-02 11:45 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\B56E.tmp.exe
2018-08-18 14:53 - 2018-08-18 14:53 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\BC2.tmp.exe
2018-07-29 15:29 - 2018-07-29 15:29 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\BCA5.tmp.exe
2018-08-16 19:01 - 2018-08-16 19:01 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\BF5B.tmp.exe
2018-08-23 14:17 - 2018-08-23 14:17 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\C387.tmp.exe
2018-07-29 15:30 - 2018-07-29 15:30 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\C6B6.tmp.exe
2018-07-31 16:18 - 2018-07-31 16:18 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\CC73.tmp.exe
2018-08-18 14:53 - 2018-08-18 14:53 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\CD9B.tmp.exe
2018-07-21 16:02 - 2018-07-21 16:02 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\D425.tmp.exe
2018-08-06 06:55 - 2018-08-06 06:55 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\D54E.tmp.exe
2018-08-06 06:56 - 2018-08-06 06:56 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\D59B.tmp.exe
2018-08-06 06:56 - 2018-08-06 06:56 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\D6A6.tmp.exe
2018-07-22 04:38 - 2018-07-22 04:38 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\D702.tmp.exe
2018-08-09 23:09 - 2018-08-09 23:09 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\DCEE.tmp.exe
2018-08-09 23:09 - 2018-08-09 23:09 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\DD7C.tmp.exe
2018-07-18 13:32 - 2018-07-18 13:32 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\E237.tmp.exe
2018-08-06 06:49 - 2018-08-06 06:49 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\EB24.tmp.exe
2018-08-31 12:39 - 2018-08-31 12:39 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\EB36.tmp.exe
2018-08-31 12:39 - 2018-08-31 12:39 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\EBC4.tmp.exe
2018-07-15 21:16 - 2018-07-15 21:16 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\ED54.tmp.exe
2018-08-16 19:00 - 2018-08-16 19:00 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\EEB8.tmp.exe
2018-07-02 11:52 - 2018-07-02 11:52 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\EF64.tmp.exe
2018-08-29 08:57 - 2018-08-29 08:57 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\F07E.tmp.exe
2018-07-23 03:14 - 2018-07-23 03:14 - 000651776 _____ (Igor Pavlov) C:\Users\dannyid\AppData\Local\Temp\F8BD.tmp.exe
2018-07-21 12:36 - 2018-07-21 12:36 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\FBAD.tmp.exe
2018-07-22 17:29 - 2018-07-22 17:29 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\FD07.tmp.exe
C:\Program Files\Common Files\Avast Software\Overseer

Reboot:

End

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

It's possible that AVAST was previously installed and removed.
I sugges you download and run their Uninstaller.
https://www.avast.co...install-utility
===

--RogueKiller--

• Download & SAVE to your Desktop Download RogueKiller
• Quit all programs that you may have started.
• Please disconnect any USB or external drives from the computer before you run this scan!
• For Vista or above, right-click the program file and select "Run as Administrator"
• Accept the user agreements.
• Execute the scan and wait until it has finished.
• If a Windows opens to explain what [PUM's] are, read about it.
• Click the RoguKiller icon on your taksbar to return to the report.
• Click open the Report
• Click Export TXT button
• Save the file as ReportRogue.txt
• Click the Remove button to delete the items in RED
• Click Finish and close the program.
• Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.

=======


Please let me know what problem persists with this computer.

[sefnf]

Fix result of Farbar Recovery Scan Tool (x64) Version: 01.09.2018 03
Ran by dannyid (04-09-2018 11:45:38) Run:1
Running from C:\Users\dannyid\Downloads
Loaded Profiles: dannyid & QBDataServiceUser26 (Available Profiles: dannyid & DanielAzuz & QBDataServiceUser23 & QBDataServiceUser26 & Daniel Tech Support)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
CloseProcesses:

URLSearchHook: [S-1-5-21-2358354011-981561540-3637120196-1005] ATTENTION => Default URLSearchHook is missing
BHO: No Name -> {62582D6F-2615-4AF3-ACB6-12482A7E6BD7}' -> No File
BHO-x32: No Name -> {62582D6F-2615-4AF3-ACB6-12482A7E6BD7}' -> No File

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Task: {CB2D527A-8995-4153-94FD-7643A17FC37B} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\Overseer.exe [2018-08-17] (AVAST Software)

2018-08-08 02:29 - 2018-08-08 02:29 - 000016583 _____ C:\Users\dannyid\Documents\~WRD2680.tmp
2018-08-08 02:22 - 2018-08-08 02:22 - 000016380 _____ C:\Users\dannyid\Documents\~WRD4044.tmp
2018-08-08 01:45 - 2018-08-08 01:45 - 000011356 _____ C:\Users\dannyid\Documents\~WRD1270.tmp
2018-08-07 21:15 - 2018-08-07 21:21 - 000011283 ____H C:\Users\dannyid\Documents\~WRL1304.tmp
2018-07-18 13:21 - 2018-07-18 13:21 - 000073728 _____ () C:\Users\Daniel Tech Support\AppData\Local\Temp\5510.tmp.exe
2018-07-18 12:24 - 2018-07-18 12:24 - 000103424 _____ () C:\Users\Daniel Tech Support\AppData\Local\Temp\629A.tmp.exe
2018-07-18 12:15 - 2018-07-18 12:15 - 000073728 _____ () C:\Users\Daniel Tech Support\AppData\Local\Temp\8EEB.tmp.exe
2018-07-18 12:16 - 2018-07-18 12:16 - 000651776 _____ (Igor Pavlov) C:\Users\Daniel Tech Support\AppData\Local\Temp\DED5.tmp.exe
2018-07-25 11:24 - 2018-07-25 11:24 - 000103424 _____ () C:\Users\DanielAzuz\AppData\Local\Temp\261C.tmp.exe
2018-07-25 11:24 - 2018-07-25 11:24 - 000058336 _____ (NirSoft) C:\Users\DanielAzuz\AppData\Local\Temp\2C18.tmp.exe
2018-07-25 11:24 - 2018-07-25 11:24 - 000651776 _____ (Igor Pavlov) C:\Users\DanielAzuz\AppData\Local\Temp\833.tmp.exe
2018-07-25 11:23 - 2018-07-25 11:23 - 000073728 _____ () C:\Users\DanielAzuz\AppData\Local\Temp\A8F8.tmp.exe
2018-06-12 00:07 - 2018-06-12 00:07 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\11B4.tmp.exe
2018-09-01 20:38 - 2018-09-01 20:38 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\1A45.tmp.exe
2018-07-21 14:26 - 2018-07-21 14:26 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\1C99.tmp.exe
2018-07-18 11:14 - 2018-07-18 11:14 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\1D57.tmp.exe
2018-07-18 11:11 - 2018-07-18 11:11 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\1E5.tmp.exe
2018-08-23 14:19 - 2018-08-23 14:19 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\2076.tmp.exe
2018-08-23 14:19 - 2018-08-23 14:19 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\221D.tmp.exe
2018-07-31 16:15 - 2018-07-31 16:15 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\253C.tmp.exe
2018-08-19 11:48 - 2018-08-19 11:48 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\2560.tmp.exe
2018-07-21 12:34 - 2018-07-21 12:34 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\311A.tmp.exe
2018-07-21 11:17 - 2018-07-21 11:17 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\3177.tmp.exe
2018-06-12 00:06 - 2018-06-12 00:06 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\32A7.tmp.exe
2018-07-23 12:01 - 2018-07-23 12:01 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\35A1.tmp.exe
2018-07-28 14:32 - 2018-07-28 14:32 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\371E.tmp.exe
2018-07-23 12:01 - 2018-07-23 12:01 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\3757.tmp.exe
2018-08-19 12:02 - 2018-08-19 12:02 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\3B00.tmp.exe
2018-08-19 12:02 - 2018-08-19 12:02 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\3C88.tmp.exe
2018-07-02 11:52 - 2018-07-02 11:52 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\3F9D.tmp.exe
2018-07-02 11:34 - 2018-07-02 11:34 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\4969.tmp.exe
2018-09-01 20:38 - 2018-09-01 20:38 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\4CE2.tmp.exe
2018-09-01 20:38 - 2018-09-01 20:38 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\509D.tmp.exe
2018-07-02 11:44 - 2018-07-02 11:44 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\50B8.tmp.exe
2018-06-12 00:06 - 2018-06-12 00:06 - 000651776 _____ (Igor Pavlov) C:\Users\dannyid\AppData\Local\Temp\542D.tmp.exe
2018-08-25 10:56 - 2018-08-25 10:56 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\59A6.tmp.exe
2018-07-23 10:32 - 2018-07-23 10:32 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\5AA6.tmp.exe
2018-08-30 15:12 - 2018-08-30 15:12 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\603C.tmp.exe
2018-07-28 14:34 - 2018-07-28 14:34 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\60CD.tmp.exe
2018-08-12 14:43 - 2018-08-12 14:43 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\6943.tmp.exe
2018-07-02 11:49 - 2018-07-02 11:49 - 000651776 _____ (Igor Pavlov) C:\Users\dannyid\AppData\Local\Temp\69EC.tmp.exe
2018-07-02 11:52 - 2018-07-02 11:52 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\6AE4.tmp.exe
2018-07-18 11:46 - 2018-07-18 11:46 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\6C2.tmp.exe
2018-08-25 10:59 - 2018-08-25 10:59 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\6CB6.tmp.exe
2018-07-22 17:34 - 2018-07-22 17:34 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\7BAE.tmp.exe
2018-07-23 11:32 - 2018-07-23 11:32 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\84D9.tmp.exe
2018-07-18 13:30 - 2018-07-18 13:30 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\8FF1.tmp.exe
2018-08-12 14:44 - 2018-08-12 14:44 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\91CE.tmp.exe
2018-08-12 14:44 - 2018-08-12 14:44 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\93A4.tmp.exe
2018-08-30 15:12 - 2018-08-30 15:12 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\9568.tmp.exe
2018-08-30 15:12 - 2018-08-30 15:12 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\97CA.tmp.exe
2018-08-09 23:07 - 2018-08-09 23:07 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\9C9F.tmp.exe
2018-08-18 14:53 - 2018-08-18 14:53 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\9FC.tmp.exe
2018-08-11 11:49 - 2018-08-11 11:49 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\A233.tmp.exe
2018-08-11 11:53 - 2018-08-11 11:53 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\A4D3.tmp.exe
2018-08-31 12:39 - 2018-08-31 12:39 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\A521.tmp.exe
2018-07-18 11:43 - 2018-07-18 11:43 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\A94B.tmp.exe
2018-07-22 04:43 - 2018-07-22 04:43 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\AC73.tmp.exe
2018-08-11 11:53 - 2018-08-11 11:53 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\ADEC.tmp.exe
2018-07-21 16:04 - 2018-07-21 16:04 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\B08A.tmp.exe
2018-07-15 21:20 - 2018-07-15 21:20 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\B2FB.tmp.exe
2018-08-16 19:01 - 2018-08-16 19:01 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\B383.tmp.exe
2018-06-12 00:06 - 2018-06-12 00:06 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\B460.tmp.exe
2018-07-15 21:20 - 2018-07-15 21:20 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\B50F.tmp.exe
2018-07-02 11:45 - 2018-07-02 11:45 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\B56E.tmp.exe
2018-08-18 14:53 - 2018-08-18 14:53 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\BC2.tmp.exe
2018-07-29 15:29 - 2018-07-29 15:29 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\BCA5.tmp.exe
2018-08-16 19:01 - 2018-08-16 19:01 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\BF5B.tmp.exe
2018-08-23 14:17 - 2018-08-23 14:17 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\C387.tmp.exe
2018-07-29 15:30 - 2018-07-29 15:30 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\C6B6.tmp.exe
2018-07-31 16:18 - 2018-07-31 16:18 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\CC73.tmp.exe
2018-08-18 14:53 - 2018-08-18 14:53 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\CD9B.tmp.exe
2018-07-21 16:02 - 2018-07-21 16:02 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\D425.tmp.exe
2018-08-06 06:55 - 2018-08-06 06:55 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\D54E.tmp.exe
2018-08-06 06:56 - 2018-08-06 06:56 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\D59B.tmp.exe
2018-08-06 06:56 - 2018-08-06 06:56 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\D6A6.tmp.exe
2018-07-22 04:38 - 2018-07-22 04:38 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\D702.tmp.exe
2018-08-09 23:09 - 2018-08-09 23:09 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\DCEE.tmp.exe
2018-08-09 23:09 - 2018-08-09 23:09 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\DD7C.tmp.exe
2018-07-18 13:32 - 2018-07-18 13:32 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\E237.tmp.exe
2018-08-06 06:49 - 2018-08-06 06:49 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\EB24.tmp.exe
2018-08-31 12:39 - 2018-08-31 12:39 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\EB36.tmp.exe
2018-08-31 12:39 - 2018-08-31 12:39 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\EBC4.tmp.exe
2018-07-15 21:16 - 2018-07-15 21:16 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\ED54.tmp.exe
2018-08-16 19:00 - 2018-08-16 19:00 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\EEB8.tmp.exe
2018-07-02 11:52 - 2018-07-02 11:52 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\EF64.tmp.exe
2018-08-29 08:57 - 2018-08-29 08:57 - 000058336 _____ (NirSoft) C:\Users\dannyid\AppData\Local\Temp\F07E.tmp.exe
2018-07-23 03:14 - 2018-07-23 03:14 - 000651776 _____ (Igor Pavlov) C:\Users\dannyid\AppData\Local\Temp\F8BD.tmp.exe
2018-07-21 12:36 - 2018-07-21 12:36 - 000103424 _____ () C:\Users\dannyid\AppData\Local\Temp\FBAD.tmp.exe
2018-07-22 17:29 - 2018-07-22 17:29 - 000073728 _____ () C:\Users\dannyid\AppData\Local\Temp\FD07.tmp.exe
C:\Program Files\Common Files\Avast Software\Overseer

Reboot:

End
*****************

Restore point was successfully created.
Processes closed successfully.
Could not restore Default URLSearchHook.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62582D6F-2615-4AF3-ACB6-12482A7E6BD7}'" => removed successfully
HKLM\Software\Classes\CLSID\{62582D6F-2615-4AF3-ACB6-12482A7E6BD7}' => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62582D6F-2615-4AF3-ACB6-12482A7E6BD7}'" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{62582D6F-2615-4AF3-ACB6-12482A7E6BD7}' => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avast" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{CB2D527A-8995-4153-94FD-7643A17FC37B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB2D527A-8995-4153-94FD-7643A17FC37B}" => removed successfully
C:\Windows\System32\Tasks\Avast Software\Overseer => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removed successfully
C:\Users\dannyid\Documents\~WRD2680.tmp => moved successfully
C:\Users\dannyid\Documents\~WRD4044.tmp => moved successfully
C:\Users\dannyid\Documents\~WRD1270.tmp => moved successfully
C:\Users\dannyid\Documents\~WRL1304.tmp => moved successfully
C:\Users\Daniel Tech Support\AppData\Local\Temp\5510.tmp.exe => moved successfully
C:\Users\Daniel Tech Support\AppData\Local\Temp\629A.tmp.exe => moved successfully
C:\Users\Daniel Tech Support\AppData\Local\Temp\8EEB.tmp.exe => moved successfully
C:\Users\Daniel Tech Support\AppData\Local\Temp\DED5.tmp.exe => moved successfully
C:\Users\DanielAzuz\AppData\Local\Temp\261C.tmp.exe => moved successfully
C:\Users\DanielAzuz\AppData\Local\Temp\2C18.tmp.exe => moved successfully
C:\Users\DanielAzuz\AppData\Local\Temp\833.tmp.exe => moved successfully
C:\Users\DanielAzuz\AppData\Local\Temp\A8F8.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\11B4.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\1A45.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\1C99.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\1D57.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\1E5.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\2076.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\221D.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\253C.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\2560.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\311A.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\3177.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\32A7.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\35A1.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\371E.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\3757.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\3B00.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\3C88.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\3F9D.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\4969.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\4CE2.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\509D.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\50B8.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\542D.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\59A6.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\5AA6.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\603C.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\60CD.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\6943.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\69EC.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\6AE4.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\6C2.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\6CB6.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\7BAE.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\84D9.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\8FF1.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\91CE.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\93A4.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\9568.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\97CA.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\9C9F.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\9FC.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\A233.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\A4D3.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\A521.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\A94B.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\AC73.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\ADEC.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\B08A.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\B2FB.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\B383.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\B460.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\B50F.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\B56E.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\BC2.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\BCA5.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\BF5B.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\C387.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\C6B6.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\CC73.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\CD9B.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\D425.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\D54E.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\D59B.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\D6A6.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\D702.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\DCEE.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\DD7C.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\E237.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\EB24.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\EB36.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\EBC4.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\ED54.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\EEB8.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\EF64.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\F07E.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\F8BD.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\FBAD.tmp.exe => moved successfully
C:\Users\dannyid\AppData\Local\Temp\FD07.tmp.exe => moved successfully
C:\Program Files\Common Files\Avast Software\Overseer => moved successfully

The system needed a reboot.

==== End of Fixlog 11:46:27 ====

[nasdaq]

Hi,

How is the computer running now?

[sefnf]

R_o_g_u_e_K_i_l_l_e_r_ _V_1_2_._1_2_._3_4_._0_ _(_x_6_4_)_ _[_S_e_p_ _ _3_ _2_0_1_8_]_ _(_F_r_e_e_)_ _b_y_ _A_d_l_i_c_e_ _S_o_f_t_w_a_r_e_
_
_m_a_i_l_ _:_ _h_t_t_p_:_/_/_w_w_w_._a_d_l_i_c_e_._c_o_m_/_c_o_n_t_a_c_t_/_
_
_F_e_e_d_b_a_c_k_ _:_ _h_t_t_p_s_:_/_/_f_o_r_u_m_._a_d_l_i_c_e_._c_o_m_
_
_W_e_b_s_i_t_e_ _:_ _h_t_t_p_:_/_/_w_w_w_._a_d_l_i_c_e_._c_o_m_/_d_o_w_n_l_o_a_d_/_r_o_g_u_e_k_i_l_l_e_r_/_
_
_B_l_o_g_ _:_ _h_t_t_p_:_/_/_w_w_w_._a_d_l_i_c_e_._c_o_m_
_
_
_
_O_p_e_r_a_t_i_n_g_ _S_y_s_t_e_m_ _:_ _W_i_n_d_o_w_s_ _8_._1_ _(_6_._3_._9_6_0_0_)_ _6_4_ _b_i_t_s_ _v_e_r_s_i_o_n_
_
_S_t_a_r_t_e_d_ _i_n_ _:_ _N_o_r_m_a_l_ _m_o_d_e_
_
_U_s_e_r_ _:_ _d_a_n_n_y_i_d_ _[_A_d_m_i_n_i_s_t_r_a_t_o_r_]_
_
_S_t_a_r_t_e_d_ _f_r_o_m_ _:_ _C_:_\_P_r_o_g_r_a_m_ _F_i_l_e_s_\_R_o_g_u_e_K_i_l_l_e_r_\_R_o_g_u_e_K_i_l_l_e_r_6_4_._e_x_e_
_
_M_o_d_e_ _:_ _S_c_a_n_ _-_-_ _D_a_t_e_ _:_ _0_9_/_0_4_/_2_0_1_8_ _1_8_:_3_8_:_1_6_ _(_D_u_r_a_t_i_o_n_ _:_ _0_8_:_1_9_:_2_8_)_
_
_S_w_i_t_c_h_e_s_ _:_ _-_r_e_f_i_d_
_
_
_
_¤_¤_¤_ _P_r_o_c_e_s_s_e_s_ _:_ _0_ _¤_¤_¤_
_
_
_
_¤_¤_¤_ _R_e_g_i_s_t_r_y_ _:_ _3_ _¤_¤_¤_
_
_[_P_U_P_._G_e_n_0_]_ _(_X_6_4_)_ _H_K_E_Y___C_L_A_S_S_E_S___R_O_O_T_\_C_L_S_I_D_\_{_A_2_9_7_0_C_7_C_-_8_3_9_2_-_4_E_6_F_-_8_B_5_1_-_B_7_6_3_C_F_3_8_E_1_3_C_}_ _-_>_ _F_o_u_n_d_
_
_[_P_U_M_._S_e_a_r_c_h_P_a_g_e_]_ _(_X_6_4_)_ _H_K_E_Y___U_S_E_R_S_\_S_-_1_-_5_-_2_1_-_2_3_5_8_3_5_4_0_1_1_-_9_8_1_5_6_1_5_4_0_-_3_6_3_7_1_2_0_1_9_6_-_1_0_0_2_\_S_o_f_t_w_a_r_e_\_M_i_c_r_o_s_o_f_t_\_I_n_t_e_r_n_e_t_ _E_x_p_l_o_r_e_r_\_M_a_i_n_ _|_ _S_e_a_r_c_h_ _B_a_r_ _:_ _P_r_e_s_e_r_v_e_ _ _-_>_ _F_o_u_n_d_
_
_[_P_U_M_._S_e_a_r_c_h_P_a_g_e_]_ _(_X_8_6_)_ _H_K_E_Y___U_S_E_R_S_\_S_-_1_-_5_-_2_1_-_2_3_5_8_3_5_4_0_1_1_-_9_8_1_5_6_1_5_4_0_-_3_6_3_7_1_2_0_1_9_6_-_1_0_0_2_\_S_o_f_t_w_a_r_e_\_M_i_c_r_o_s_o_f_t_\_I_n_t_e_r_n_e_t_ _E_x_p_l_o_r_e_r_\_M_a_i_n_ _|_ _S_e_a_r_c_h_ _B_a_r_ _:_ _P_r_e_s_e_r_v_e_ _ _-_>_ _F_o_u_n_d_
_
_
_
_¤_¤_¤_ _T_a_s_k_s_ _:_ _0_ _¤_¤_¤_
_
_
_
_¤_¤_¤_ _F_i_l_e_s_ _:_ _1_ _¤_¤_¤_
_
_[_P_U_P_._G_e_n_1_]_[_F_o_l_d_e_r_]_ _C_:_\_U_s_e_r_s_\_d_a_n_n_y_i_d_\_A_p_p_D_a_t_a_\_R_o_a_m_i_n_g_\_D_o_w_n_l_o_a_d_ _M_a_n_a_g_e_r_ _-_>_ _F_o_u_n_d_
_
_
_
_¤_¤_¤_ _W_M_I_ _:_ _0_ _¤_¤_¤_
_
_
_
_¤_¤_¤_ _H_o_s_t_s_ _F_i_l_e_ _:_ _0_ _¤_¤_¤_
_
_
_
_¤_¤_¤_ _A_n_t_i_r_o_o_t_k_i_t_ _:_ _0_ _(_D_r_i_v_e_r_:_ _L_o_a_d_e_d_)_ _¤_¤_¤_
_
_
_
_¤_¤_¤_ _W_e_b_ _b_r_o_w_s_e_r_s_ _:_ _1_ _¤_¤_¤_
_
_[_P_U_M_._S_e_a_r_c_h_E_n_g_i_n_e_]_[_F_i_r_e_f_o_x_:_C_o_n_f_i_g_]_ _k_y_a_c_6_r_n_3_._d_e_f_a_u_l_t_ _:_ _u_s_e_r___p_r_e_f_(_"_b_r_o_w_s_e_r_._s_e_a_r_c_h_._s_e_l_e_c_t_e_d_E_n_g_i_n_e_"_,_ _"_Y_a_h_o_o_!_"_)_;_ _-_>_ _F_o_u_n_d_
_
_
_
_¤_¤_¤_ _M_B_R_ _C_h_e_c_k_ _:_ _¤_¤_¤_
_
_+_+_+_+_+_ _P_h_y_s_i_c_a_l_D_r_i_v_e_0_:_ _T_O_S_H_I_B_A_ _D_T_0_1_A_C_A_2_0_0_ _+_+_+_+_+_
_
_-_-_-_ _U_s_e_r_ _-_-_-_
_
_[_M_B_R_]_ _3_b_0_6_9_d_3_1_1_2_0_6_0_5_0_7_9_8_f_f_b_a_a_e_c_b_d_b_c_1_3_d_
_
_[_B_S_P_]_ _2_5_f_4_a_a_a_1_9_5_f_9_c_8_d_8_3_b_c_0_4_e_3_d_3_6_3_0_1_e_f_0_ _:_ _E_m_p_t_y_ _M_B_R_ _C_o_d_e_
_
_P_a_r_t_i_t_i_o_n_ _t_a_b_l_e_:_
_
_0_ _-_ _[_S_Y_S_T_E_M_]_[_M_A_N_-_M_O_U_N_T_]_ _B_a_s_i_c_ _d_a_t_a_ _p_a_r_t_i_t_i_o_n_ _|_ _O_f_f_s_e_t_ _(_s_e_c_t_o_r_s_)_:_ _2_0_4_8_ _|_ _S_i_z_e_:_ _8_0_0_ _M_B_
_
_1_ _-_ _[_M_A_N_-_M_O_U_N_T_]_ _E_F_I_ _s_y_s_t_e_m_ _p_a_r_t_i_t_i_o_n_ _|_ _O_f_f_s_e_t_ _(_s_e_c_t_o_r_s_)_:_ _1_6_4_0_4_4_8_ _|_ _S_i_z_e_:_ _2_6_0_ _M_B_
_
_2_ _-_ _[_M_A_N_-_M_O_U_N_T_]_ _M_i_c_r_o_s_o_f_t_ _r_e_s_e_r_v_e_d_ _p_a_r_t_i_t_i_o_n_ _|_ _O_f_f_s_e_t_ _(_s_e_c_t_o_r_s_)_:_ _2_1_7_2_9_2_8_ _|_ _S_i_z_e_:_ _1_2_8_ _M_B_
_
_3_ _-_ _B_a_s_i_c_ _d_a_t_a_ _p_a_r_t_i_t_i_o_n_ _|_ _O_f_f_s_e_t_ _(_s_e_c_t_o_r_s_)_:_ _2_4_3_5_0_7_2_ _|_ _S_i_z_e_:_ _1_5_3_6_0_0_ _M_B_
_
_4_ _-_ _B_a_s_i_c_ _d_a_t_a_ _p_a_r_t_i_t_i_o_n_ _|_ _O_f_f_s_e_t_ _(_s_e_c_t_o_r_s_)_:_ _3_1_7_0_0_7_8_7_2_ _|_ _S_i_z_e_:_ _1_7_3_7_0_0_9_ _M_B_
_
_5_ _-_ _[_S_Y_S_T_E_M_]_[_M_A_N_-_M_O_U_N_T_]_ _B_a_s_i_c_ _d_a_t_a_ _p_a_r_t_i_t_i_o_n_ _|_ _O_f_f_s_e_t_ _(_s_e_c_t_o_r_s_)_:_ _3_8_7_4_4_0_2_3_0_4_ _|_ _S_i_z_e_:_ _1_5_9_3_1_ _M_B_
_
_U_s_e_r_ _=_ _L_L_1_ _._._._ _O_K_
_
_U_s_e_r_ _=_ _L_L_2_ _._._._ _O_K_
_
_
_
_+_+_+_+_+_ _P_h_y_s_i_c_a_l_D_r_i_v_e_1_:_ _G_e_n_e_r_i_c_-_ _S_D_/_M_M_C_ _+_+_+_+_+_
_
_E_r_r_o_r_ _r_e_a_d_i_n_g_ _U_s_e_r_ _M_B_R_!_ _(_[_1_5_]_ _T_h_e_ _d_e_v_i_c_e_ _i_s_ _n_o_t_ _r_e_a_d_y_._ _)_
_
_E_r_r_o_r_ _r_e_a_d_i_n_g_ _L_L_1_ _M_B_R_!_ _N_O_T_ _V_A_L_I_D_!_
_
_E_r_r_o_r_ _r_e_a_d_i_n_g_ _L_L_2_ _M_B_R_!_ _(_[_3_2_]_ _T_h_e_ _r_e_q_u_e_s_t_ _i_s_ _n_o_t_ _s_u_p_p_o_r_t_e_d_._ _)_
_
_
_
_+_+_+_+_+_ _P_h_y_s_i_c_a_l_D_r_i_v_e_2_:_ _G_e_n_e_r_i_c_-_ _C_o_m_p_a_c_t_ _F_l_a_s_h_ _+_+_+_+_+_
_
_E_r_r_o_r_ _r_e_a_d_i_n_g_ _U_s_e_r_ _M_B_R_!_ _(_[_1_5_]_ _T_h_e_ _d_e_v_i_c_e_ _i_s_ _n_o_t_ _r_e_a_d_y_._ _)_
_
_E_r_r_o_r_ _r_e_a_d_i_n_g_ _L_L_1_ _M_B_R_!_ _N_O_T_ _V_A_L_I_D_!_
_
_E_r_r_o_r_ _r_e_a_d_i_n_g_ _L_L_2_ _M_B_R_!_ _(_[_3_2_]_ _T_h_e_ _r_e_q_u_e_s_t_ _i_s_ _n_o_t_ _s_u_p_p_o_r_t_e_d_._ _)_
_
_
_
_+_+_+_+_+_ _P_h_y_s_i_c_a_l_D_r_i_v_e_3_:_ _G_e_n_e_r_i_c_-_ _S_M_/_x_D_ _P_i_c_t_u_r_e_ _+_+_+_+_+_
_
_E_r_r_o_r_ _r_e_a_d_i_n_g_ _U_s_e_r_ _M_B_R_!_ _(_[_1_5_]_ _T_h_e_ _d_e_v_i_c_e_ _i_s_ _n_o_t_ _r_e_a_d_y_._ _)_
_
_E_r_r_o_r_ _r_e_a_d_i_n_g_ _L_L_1_ _M_B_R_!_ _N_O_T_ _V_A_L_I_D_!_
_
_E_r_r_o_r_ _r_e_a_d_i_n_g_ _L_L_2_ _M_B_R_!_ _(_[_3_2_]_ _T_h_e_ _r_e_q_u_e_s_t_ _i_s_ _n_o_t_ _s_u_p_p_o_r_t_e_d_._ _)_
_
_
_
_+_+_+_+_+_ _P_h_y_s_i_c_a_l_D_r_i_v_e_4_:_ _G_e_n_e_r_i_c_-_ _M_S_/_M_S_-_P_r_o_ _+_+_+_+_+_
_
_E_r_r_o_r_ _r_e_a_d_i_n_g_ _U_s_e_r_ _M_B_R_!_ _(_[_1_5_]_ _T_h_e_ _d_e_v_i_c_e_ _i_s_ _n_o_t_ _r_e_a_d_y_._ _)_
_
_E_r_r_o_r_ _r_e_a_d_i_n_g_ _L_L_1_ _M_B_R_!_ _N_O_T_ _V_A_L_I_D_!_
_
_E_r_r_o_r_ _r_e_a_d_i_n_g_ _L_L_2_ _M_B_R_!_ _(_[_3_2_]_ _T_h_e_ _r_e_q_u_e_s_t_ _i_s_ _n_o_t_ _s_u_p_p_o_r_t_e_d_._ _)_
_
_
_
_

[nasdaq]

Hi,

Remove this entry.

_[_P_U_P_._G_e_n_0_]_ _(_X_6_4_)_ _H_K_E_Y___C_L_A_S_S_E_S___R_O_O_T_\_C_L_S_I_D_\_{_A_2_9_7_0_C_7_C_-_8_3_9_2_-_4_E_6_F_-_8_B_5_1_-_B_7_6_3_C_F_3_8_E_1_3_C_}_ _-_>_ _F_o_u_n_d_

===

Has there been any improvement to the systems since running my suggested fix?

[sefnf]

I do feel some improvement, I am still uncertain however.

 

I just did a Kaspersky scan and it removed 31 items.

however, before the troubleshooting steps from you guys , the scanner had disconnection issues.

 

do you want me to post the txt of the Kaspersky scan?

[sefnf]

Hi,

Remove this entry.

_[_P_U_P_._G_e_n_0_]_ _(_X_6_4_)_ _H_K_E_Y___C_L_A_S_S_E_S___R_O_O_T_\_C_L_S_I_D_\_{_A_2_9_7_0_C_7_C_-_8_3_9_2_-_4_E_6_F_-_8_B_5_1_-_B_7_6_3_C_F_3_8_E_1_3_C_}_ _-_>_ _F_o_u_n_d_

===

Has there been any improvement to the systems since running my suggested fix?

 

How do i remove the entry?

[nasdaq]

Run RogueKiller and save the file with text Editor such as Notepad or Notepad++.

_[_P_U_P_._G_e_n_0_]_ _(_X_6_4_)_ _H_K_E_Y___C_L_A_S_S_E_S___R_O_O_T_\_C_L_S_I_D_\_{_A_2_9_7_0_C_7_C_-_8_3_9_2_-_4_E_6_F_-_8_B_5_1_-_B_7_6_3_C_F_3_8_E_1_3_C_}_ _-_>_ _F_o_u_n_d_]
You will see this entry but there should not be any underscrores, just spaces between the words.

Delete it.

If it cannot be deleted post the Roguekiller log and let me see the items with the spaces.

[sefnf]

latest ReportRogue txt

 

R_o_g_u_e_K_i_l_l_e_r_ _V_1_2_._1_3_._1_._0_ _(_x_6_4_)_ _[_S_e_p_ _1_7_ _2_0_1_8_]_ _(_F_r_e_e_)_ _b_y_ _A_d_l_i_c_e_ _S_o_f_t_w_a_r_e_
_
_m_a_i_l_ _:_ _h_t_t_p_:_/_/_w_w_w_._a_d_l_i_c_e_._c_o_m_/_c_o_n_t_a_c_t_/_
_
_F_e_e_d_b_a_c_k_ _:_ _h_t_t_p_s_:_/_/_f_o_r_u_m_._a_d_l_i_c_e_._c_o_m_
_
_W_e_b_s_i_t_e_ _:_ _h_t_t_p_:_/_/_w_w_w_._a_d_l_i_c_e_._c_o_m_/_d_o_w_n_l_o_a_d_/_r_o_g_u_e_k_i_l_l_e_r_/_
_
_B_l_o_g_ _:_ _h_t_t_p_:_/_/_w_w_w_._a_d_l_i_c_e_._c_o_m_
_
_
_
_O_p_e_r_a_t_i_n_g_ _S_y_s_t_e_m_ _:_ _W_i_n_d_o_w_s_ _8_._1_ _(_6_._3_._9_6_0_0_)_ _6_4_ _b_i_t_s_ _v_e_r_s_i_o_n_
_
_S_t_a_r_t_e_d_ _i_n_ _:_ _N_o_r_m_a_l_ _m_o_d_e_
_
_U_s_e_r_ _:_ _d_a_n_n_y_i_d_ _[_A_d_m_i_n_i_s_t_r_a_t_o_r_]_
_
_S_t_a_r_t_e_d_ _f_r_o_m_ _:_ _C_:_\_P_r_o_g_r_a_m_ _F_i_l_e_s_\_R_o_g_u_e_K_i_l_l_e_r_\_R_o_g_u_e_K_i_l_l_e_r_6_4_._e_x_e_
_
_M_o_d_e_ _:_ _S_c_a_n_ _-_-_ _D_a_t_e_ _:_ _0_9_/_1_8_/_2_0_1_8_ _1_3_:_2_1_:_1_8_ _(_D_u_r_a_t_i_o_n_ _:_ _0_0_:_2_3_:_3_9_)_
_
_S_w_i_t_c_h_e_s_ _:_ _-_r_e_f_i_d_
_
_
_
_¤_¤_¤_ _P_r_o_c_e_s_s_e_s_ _:_ _0_ _¤_¤_¤_
_
_
_
_¤_¤_¤_ _R_e_g_i_s_t_r_y_ _:_ _0_ _¤_¤_¤_
_
_
_
_¤_¤_¤_ _T_a_s_k_s_ _:_ _0_ _¤_¤_¤_
_
_
_
_¤_¤_¤_ _F_i_l_e_s_ _:_ _0_ _¤_¤_¤_
_
_
_
_¤_¤_¤_ _W_M_I_ _:_ _0_ _¤_¤_¤_
_
_
_
_¤_¤_¤_ _H_o_s_t_s_ _F_i_l_e_ _:_ _0_ _¤_¤_¤_
_
_
_
_¤_¤_¤_ _A_n_t_i_r_o_o_t_k_i_t_ _:_ _0_ _(_D_r_i_v_e_r_:_ _L_o_a_d_e_d_)_ _¤_¤_¤_
_
_
_
_¤_¤_¤_ _W_e_b_ _b_r_o_w_s_e_r_s_ _:_ _0_ _¤_¤_¤_
_
_
_
_¤_¤_¤_ _M_B_R_ _C_h_e_c_k_ _:_ _¤_¤_¤_
_
_+_+_+_+_+_ _P_h_y_s_i_c_a_l_D_r_i_v_e_0_:_ _T_O_S_H_I_B_A_ _D_T_0_1_A_C_A_2_0_0_ _+_+_+_+_+_
_
_-_-_-_ _U_s_e_r_ _-_-_-_
_
_[_M_B_R_]_ _3_b_0_6_9_d_3_1_1_2_0_6_0_5_0_7_9_8_f_f_b_a_a_e_c_b_d_b_c_1_3_d_
_
_[_B_S_P_]_ _2_5_f_4_a_a_a_1_9_5_f_9_c_8_d_8_3_b_c_0_4_e_3_d_3_6_3_0_1_e_f_0_ _:_ _E_m_p_t_y_ _M_B_R_ _C_o_d_e_
_
_P_a_r_t_i_t_i_o_n_ _t_a_b_l_e_:_
_
_0_ _-_ _[_S_Y_S_T_E_M_]_[_M_A_N_-_M_O_U_N_T_]_ _B_a_s_i_c_ _d_a_t_a_ _p_a_r_t_i_t_i_o_n_ _|_ _O_f_f_s_e_t_ _(_s_e_c_t_o_r_s_)_:_ _2_0_4_8_ _|_ _S_i_z_e_:_ _8_0_0_ _M_B_
_
_1_ _-_ _[_M_A_N_-_M_O_U_N_T_]_ _E_F_I_ _s_y_s_t_e_m_ _p_a_r_t_i_t_i_o_n_ _|_ _O_f_f_s_e_t_ _(_s_e_c_t_o_r_s_)_:_ _1_6_4_0_4_4_8_ _|_ _S_i_z_e_:_ _2_6_0_ _M_B_
_
_2_ _-_ _[_M_A_N_-_M_O_U_N_T_]_ _M_i_c_r_o_s_o_f_t_ _r_e_s_e_r_v_e_d_ _p_a_r_t_i_t_i_o_n_ _|_ _O_f_f_s_e_t_ _(_s_e_c_t_o_r_s_)_:_ _2_1_7_2_9_2_8_ _|_ _S_i_z_e_:_ _1_2_8_ _M_B_
_
_3_ _-_ _B_a_s_i_c_ _d_a_t_a_ _p_a_r_t_i_t_i_o_n_ _|_ _O_f_f_s_e_t_ _(_s_e_c_t_o_r_s_)_:_ _2_4_3_5_0_7_2_ _|_ _S_i_z_e_:_ _1_5_3_6_0_0_ _M_B_
_
_4_ _-_ _B_a_s_i_c_ _d_a_t_a_ _p_a_r_t_i_t_i_o_n_ _|_ _O_f_f_s_e_t_ _(_s_e_c_t_o_r_s_)_:_ _3_1_7_0_0_7_8_7_2_ _|_ _S_i_z_e_:_ _1_7_3_7_0_0_9_ _M_B_
_
_5_ _-_ _[_S_Y_S_T_E_M_]_[_M_A_N_-_M_O_U_N_T_]_ _B_a_s_i_c_ _d_a_t_a_ _p_a_r_t_i_t_i_o_n_ _|_ _O_f_f_s_e_t_ _(_s_e_c_t_o_r_s_)_:_ _3_8_7_4_4_0_2_3_0_4_ _|_ _S_i_z_e_:_ _1_5_9_3_1_ _M_B_
_
_U_s_e_r_ _=_ _L_L_1_ _._._._ _O_K_
_
_U_s_e_r_ _=_ _L_L_2_ _._._._ _O_K_
_
_
_
_+_+_+_+_+_ _P_h_y_s_i_c_a_l_D_r_i_v_e_2_:_ _G_e_n_e_r_i_c_-_ _S_D_/_M_M_C_ _+_+_+_+_+_
_
_E_r_r_o_r_ _r_e_a_d_i_n_g_ _U_s_e_r_ _M_B_R_!_ _(_[_1_5_]_ _T_h_e_ _d_e_v_i_c_e_ _i_s_ _n_o_t_ _r_e_a_d_y_._ _)_
_
_E_r_r_o_r_ _r_e_a_d_i_n_g_ _L_L_1_ _M_B_R_!_ _N_O_T_ _V_A_L_I_D_!_
_
_E_r_r_o_r_ _r_e_a_d_i_n_g_ _L_L_2_ _M_B_R_!_ _(_[_3_2_]_ _T_h_e_ _r_e_q_u_e_s_t_ _i_s_ _n_o_t_ _s_u_p_p_o_r_t_e_d_._ _)_
_
_
_
_+_+_+_+_+_ _P_h_y_s_i_c_a_l_D_r_i_v_e_3_:_ _G_e_n_e_r_i_c_-_ _C_o_m_p_a_c_t_ _F_l_a_s_h_ _+_+_+_+_+_
_
_E_r_r_o_r_ _r_e_a_d_i_n_g_ _U_s_e_r_ _M_B_R_!_ _(_[_1_5_]_ _T_h_e_ _d_e_v_i_c_e_ _i_s_ _n_o_t_ _r_e_a_d_y_._ _)_
_
_E_r_r_o_r_ _r_e_a_d_i_n_g_ _L_L_1_ _M_B_R_!_ _N_O_T_ _V_A_L_I_D_!_
_
_E_r_r_o_r_ _r_e_a_d_i_n_g_ _L_L_2_ _M_B_R_!_ _(_[_3_2_]_ _T_h_e_ _r_e_q_u_e_s_t_ _i_s_ _n_o_t_ _s_u_p_p_o_r_t_e_d_._ _)_
_
_
_
_+_+_+_+_+_ _P_h_y_s_i_c_a_l_D_r_i_v_e_4_:_ _G_e_n_e_r_i_c_-_ _S_M_/_x_D_ _P_i_c_t_u_r_e_ _+_+_+_+_+_
_
_E_r_r_o_r_ _r_e_a_d_i_n_g_ _U_s_e_r_ _M_B_R_!_ _(_[_1_5_]_ _T_h_e_ _d_e_v_i_c_e_ _i_s_ _n_o_t_ _r_e_a_d_y_._ _)_
_
_E_r_r_o_r_ _r_e_a_d_i_n_g_ _L_L_1_ _M_B_R_!_ _N_O_T_ _V_A_L_I_D_!_
_
_E_r_r_o_r_ _r_e_a_d_i_n_g_ _L_L_2_ _M_B_R_!_ _(_[_3_2_]_ _T_h_e_ _r_e_q_u_e_s_t_ _i_s_ _n_o_t_ _s_u_p_p_o_r_t_e_d_._ _)_
_
_
_
_+_+_+_+_+_ _P_h_y_s_i_c_a_l_D_r_i_v_e_5_:_ _G_e_n_e_r_i_c_-_ _M_S_/_M_S_-_P_r_o_ _+_+_+_+_+_
_
_E_r_r_o_r_ _r_e_a_d_i_n_g_ _U_s_e_r_ _M_B_R_!_ _(_[_1_5_]_ _T_h_e_ _d_e_v_i_c_e_ _i_s_ _n_o_t_ _r_e_a_d_y_._ _)_
_
_E_r_r_o_r_ _r_e_a_d_i_n_g_ _L_L_1_ _M_B_R_!_ _N_O_T_ _V_A_L_I_D_!_
_
_E_r_r_o_r_ _r_e_a_d_i_n_g_ _L_L_2_ _M_B_R_!_ _(_[_3_2_]_ _T_h_e_ _r_e_q_u_e_s_t_ _i_s_ _n_o_t_ _s_u_p_p_o_r_t_e_d_._ _)_
_
_
_
_

[nasdaq]

How is the computer running now?