Jump to content


Photo

Having trouble only with IE....it just locks up.

Started by JoeFixes , Apr 03 2019 04:53 PM

  • This topic is locked This topic is locked
14 replies to this topic

#1 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 03 April 2019 - 04:53 PM

Hi Again Guys,

 

I am having difficulty with my alternate computer but this time it is only when I am using Internet Explorer.  I do not have popups, and my browser has not been hijacked.  But I cannot use IE at all right now because once I start using it, it acts as if it is locking up, when in reality it just takes very long exaggerated moments for each click to come through.  I scanned with Malwarebytes and also with HouseCall, but neither generated a report as nothing was found.  Below are the logs from FRST and Rocket Grannie.  And lastly I am not able to attach the ADDITION.TXT file because it says it is too big.  If it is necessary I can paste it into the body of the next reply..

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 16th, december 2018
Running from:C:\Users\jlopresti\Desktop (17:19:05 - 04/03/2019)
***---------------------------------------------------------***
Microsoft Windows 10 Pro X64
UAC is Enabled
Internet Explorer 11
Default Browser: Firefox
***------------Antivirus - Antispyware - Firewall-----------***
Avast Antivirus (Enabled - up to Date)
Windows Defender (Disabled - up to Date)
Malwarebytes (Enabled - up to Date)
Malwarebytes (Enabled - up to Date)
Windows Defender (Disabled - up to Date)
Avast Antivirus (Enabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI (32.0.0.156)
Adobe Acrobat Reader DC (19.010.20098)
Google Chrome (73.0.3683.86)
Java (8.0.1710.11) ==> is out of Date
Malwarebytes (3.7.1.2839)
Microsoft Silverlight (5.1.50918.0)
Mozilla Firefox (66.0.2)

***----------------Analysis Complete-------------------------***

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
Ran by jlopresti (administrator) on DESKTOP-7P23BMA (03-04-2019 17:16:00)
Running from C:\Users\jlopresti\Desktop
Loaded Profiles: Joseph LoPresti & jlopresti (Available Profiles: Joseph LoPresti & jlopresti)
Platform: Windows 10 Pro Version 1803 17134.648 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Cisco WebEx LLC -> Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\73.0.3683.67\remoting_host.exe
(Digital Wave Ltd -> Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Intel® Intel Network Drivers -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Drobo, Inc. -> Drobo, Inc.) E:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe
(Sony Corporation -> Sony Corporation) E:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TechSmith Corporation -> TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\73.0.3683.67\remoting_host.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(GoPro, Inc. -> ) E:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(GoPro, Inc. -> ) E:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Amazon.com, Inc.) [File not signed] C:\Program Files\Amazon.com, Inc\AmazonPrintConnect.exe
(Apple Inc. -> Apple Inc.) E:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\jlopresti\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Drobo, Inc. -> Drobo, Inc.) E:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Apple Inc. -> Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(WhatsApp, Inc. -> WhatsApp) C:\Users\jlopresti\AppData\Local\WhatsApp\app-0.3.2386\WhatsApp.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(WhatsApp, Inc. -> WhatsApp) C:\Users\jlopresti\AppData\Local\WhatsApp\app-0.3.2386\WhatsApp.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(WhatsApp, Inc. -> WhatsApp) C:\Users\jlopresti\AppData\Local\WhatsApp\app-0.3.2386\WhatsApp.exe
(WhatsApp, Inc. -> WhatsApp) C:\Users\jlopresti\AppData\Local\WhatsApp\app-0.3.2386\WhatsApp.exe
(Cisco Systems, Inc. -> ) C:\Program Files (x86)\TPx\UCx\Communicator.exe
(Cisco Systems, Inc. -> ) C:\Program Files (x86)\TPx\UCx\BtbcCrashService.exe
(PFU LIMITED) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
(TechSmith Corporation -> TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 13\Snagit32.exe
(Sony Corporation -> Sony Corporation) E:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(PFU LIMITED) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wiawow64.exe
() [File not signed] \\Mbiserver01\sbt10\SBT10\Vpw.exe
(TechSmith Corporation -> TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 13\SnagPriv.exe
() [File not signed] C:\Users\Public\FLIRCloudClient\FLIRCloudClient\FLIRCloudClient.exe
(Cisco Systems, Inc. -> ) C:\Program Files (x86)\TPx\UCx\RedemptionRunner.exe
(Cisco Systems, Inc. -> ) C:\Program Files (x86)\TPx\UCx\connector_launcher.exe
(United Parcel Service -> United Parcel Service, Inc.) C:\Program Files (x86)\UPS\WSTD\WSTDMessaging.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TechSmith Corporation -> TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 13\SnagitEditor.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() [File not signed] \\Mbiserver01\sbt10\SBT10\Vpw.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19021.18010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [259976 2019-03-02] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [GoPro Tray App] => E:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe [866224 2017-03-16] (GoPro, Inc. -> )
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18389856 2018-09-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [Amazon Print Connect] => C:\Program Files\Amazon.com, Inc\AmazonPrintConnect.exe [2322944 2018-04-12] (Amazon.com, Inc.) [File not signed]
HKLM\...\Run: [iTunesHelper] => E:\Program Files\iTunes\iTunesHelper.exe [302904 2019-01-18] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe [1178400 2015-10-16] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => E:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [3002048 2017-02-07] (Sony Corporation -> Sony Corporation)
HKLM-x32\...\Run: [Smart-PSS] => C:\Users\Public\FLIRCloudClient\FLIRCloudClient\FlirCloudClient.exe******************************** [20275200 2018-01-26] () [File not signed]
HKLM-x32\...\Run: [WSUpdater] => C:\PROGRAM FILES (X86)\UPS\WSTD\CF\WorldShipCF.exe [177408 2018-08-23] (United Parcel Service -> UPS)
HKLM-x32\...\Run: [NA1Messenger] => C:\PROGRAM FILES (X86)\UPS\WSTD\UPSNA1Msgr.exe [34048 2018-08-23] (United Parcel Service -> )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [259976 2019-03-02] (AVAST Software s.r.o. -> AVAST Software)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1183369387-3531538442-3511386656-1001\...\Run: [AIM for Windows] => C:\Users\Joseph LoPresti\AppData\Local\AOL\AIM\aim.exe [1075608 2016-10-03] (AOL Inc. -> AOL Inc.)
HKU\S-1-5-21-1183369387-3531538442-3511386656-1001\...\Run: [Yahoo Messenger] => C:\Users\Joseph LoPresti\AppData\Local\yahoomessenger\app-0.8.231\Yahoo Messenger.exe [62345232 2016-11-16] (Yahoo! Inc. -> Yahoo! Inc)
HKU\S-1-5-21-1183369387-3531538442-3511386656-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2321501746-3221011889-664855769-1107\...\Run: [DDAssist] => E:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe [628696 2016-11-01] (Drobo, Inc. -> Drobo, Inc.)
HKU\S-1-5-21-2321501746-3221011889-664855769-1107\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-10-01] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-2321501746-3221011889-664855769-1107\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-10-01] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-2321501746-3221011889-664855769-1107\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2019-01-15] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-2321501746-3221011889-664855769-1107\...\Run: [com.squirrel.WhatsApp.WhatsApp] => C:\Users\jlopresti\AppData\Local\WhatsApp\Update.exe [2206648 2019-03-11] (WhatsApp, Inc. -> )
HKU\S-1-5-21-2321501746-3221011889-664855769-1107\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [53540200 2019-03-26] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-2321501746-3221011889-664855769-1107\...\Run: [UCx] => C:\Program Files (x86)\TPx\UCx\Communicator.exe [14759048 2019-01-07] (Cisco Systems, Inc. -> )
HKLM\...\Drivers32: [VIDC.CFHD] => C:\WINDOWS\system32\CFHD.dll [1334784 2017-03-16] (CineForm Inc.) [File not signed]
HKLM\...\Drivers32: [VIDC.CFHD] => C:\WINDOWS\SysWOW64\CFHD.dll [1119744 2017-03-16] (CineForm Inc.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.86\Installer\chrmstp.exe [2019-03-21] (Google LLC -> Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk [2016-11-21]
ShortcutTarget: ScanSnap Manager.lnk -> E:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 13.lnk [2016-11-16]
ShortcutTarget: Snagit 13.lnk -> C:\Program Files (x86)\TechSmith\Snagit 13\Snagit32.exe (TechSmith Corporation -> TechSmith Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk [2018-03-28]
ShortcutTarget: UPS WorldShip Messaging Utility.lnk -> C:\Program Files (x86)\UPS\WSTD\WSTDMessaging.exe (United Parcel Service -> United Parcel Service, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk [2018-03-28]
ShortcutTarget: UPS WorldShip PLD Reminder Utility.lnk -> C:\Program Files (x86)\UPS\WSTD\wstdPldReminder.exe (United Parcel Service -> UPS)
Startup: C:\Users\jlopresti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-09-22]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{067077fd-2cc5-4fb3-8080-03a57b90db59}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{865ab1b1-d48e-429b-926a-2d478dd27145}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{8c43d1c9-ed38-4c22-85c9-70a2100eeb35}: [NameServer] 192.168.1.250,4.2.2.1
Tcpip\..\Interfaces\{96e66cf7-f5ee-400f-95d7-c4d6228ff254}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-2321501746-3221011889-664855769-1107\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amatteroffax.com/vendors/
HKU\S-1-5-21-2321501746-3221011889-664855769-1107\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2321501746-3221011889-664855769-1107\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.xerox.com/printer-supplies/enus.html
hxxps://www.linkedin.com/home?trk=nav_responsive_tab_home
hxxps://erp.gcsimaging.com/web#home
hxxp://www.precisionroller.com/cross-reference.php
hxxp://www.google.com/
SearchScopes: HKU\S-1-5-21-1183369387-3531538442-3511386656-1001 -> DefaultScope {D0EE636B-2806-4E0C-A16B-131F6D9A8900} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-1183369387-3531538442-3511386656-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1183369387-3531538442-3511386656-1001 -> {D0EE636B-2806-4E0C-A16B-131F6D9A8900} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2321501746-3221011889-664855769-1107 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-17] (Google Inc -> Google Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-05-15] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-17] (Google Inc -> Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-05-15] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-17] (Google Inc -> Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-17] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-1183369387-3531538442-3511386656-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-17] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-2321501746-3221011889-664855769-1107 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-17] (Google Inc -> Google Inc.)
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} hxxps://h50203.www5.hp.com/WCLWeb/cabs/HPISDataManager.CAB
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-09] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\jlopresti\AppData\Roaming\Mozilla\Firefox\Profiles\h7b5v64f.default-1479924509629 [2019-04-03]
FF Homepage: Mozilla\Firefox\Profiles\h7b5v64f.default-1479924509629 -> hxxps://sellercentral.amazon.com/gp/homepage.html/ref=ag_home_logo_xx,%20hxxps://www.ebay.com/sh/ovw|hxxps://www.ebay.com/sh/ovw
FF HomepageOverride: Mozilla\Firefox\Profiles\h7b5v64f.default-1479924509629 -> Disabled: web@Template
FF NewTabOverride: Mozilla\Firefox\Profiles\h7b5v64f.default-1479924509629 -> Disabled: web@Template
FF Extension: (Cisco Webex Extension) - C:\Users\jlopresti\AppData\Roaming\Mozilla\Firefox\Profiles\h7b5v64f.default-1479924509629\Extensions\ciscowebexstart1@cisco.com.xpi [2018-08-13]
FF Extension: (WiseStamp) - C:\Users\jlopresti\AppData\Roaming\Mozilla\Firefox\Profiles\h7b5v64f.default-1479924509629\Extensions\wisestamp@wisestamp.com.xpi [2018-06-13]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_156.dll [2019-03-12] (Adobe Systems Incorporated -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_156.dll [2019-03-12] (Adobe Systems Incorporated -> )
FF Plugin-x32: @DVR/npmedia,version=3.1.0.5 -> C:\Program Files (x86)\webrec\WEB30\DVR32\3.1.0.5\npmedia.dll [2015-12-17] () [File not signed]
FF Plugin-x32: @DVR/npTimeGrid,version=3.1.0.5 -> C:\Program Files (x86)\webrec\WEB30\DVR32\3.1.0.5\npTimeGrid.dll [2015-12-17] (Unauthorized copy) [File not signed]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-25] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-25] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-05-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-05-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-03-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-01-31] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\jlopresti\AppData\Roaming\mozilla\plugins\npatgpc.dll [2018-08-13]

Chrome:
=======
CHR DefaultProfile: Default
CHR NewTab: Default ->  Not-active:"chrome-extension://lpdanlflhdimpoddbnfnpgekdhnkgdme/newtab/index.html"
CHR Profile: C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default [2019-04-03]
CHR Extension: (Slides) - C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-02]
CHR Extension: (Docs) - C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-02]
CHR Extension: (Google Drive) - C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-16]
CHR Extension: (YouTube) - C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-16]
CHR Extension: (Sheets) - C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-02]
CHR Extension: (Chrome Remote Desktop) - C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-03-04]
CHR Extension: (Google Docs Offline) - C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-22]
CHR Extension: (Avast Online Security) - C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-02-19]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-04-07]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2019-04-02]
CHR Extension: (Italy HD Wallpaper New Tab theme) - C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpdanlflhdimpoddbnfnpgekdhnkgdme [2018-08-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-16]
CHR Extension: (Chrome Media Router) - C:\Users\jlopresti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-14]
CHR HKU\S-1-5-21-2321501746-3221011889-664855769-1107\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6758976 2019-03-02] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [357304 2019-03-02] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-03-02] (AVAST Software s.r.o. -> AVAST Software)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\73.0.3683.67\remoting_host.exe [73200 2019-03-05] (Google LLC -> Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11129928 2019-03-06] (Microsoft Corporation -> Microsoft Corporation)
R2 DDService; E:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe [2085336 2016-11-01] (Drobo, Inc. -> Drobo, Inc.)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2018-02-16] (Digital Wave Ltd -> Digital Wave Ltd.)
R2 GoProDeviceDetectionService; E:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2017-03-16] (GoPro, Inc. -> )
S3 GoToAssist; C:\Program Files (x86)\LogMeIn\GoToAssist Corporate\1280\G2AC_Service.exe [316872 2018-02-06] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Trusted Connect Service -> Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-10-16] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [4009016 2016-09-22] (NVIDIA Corporation -> NVIDIA Corporation)
R2 PMBDeviceInfoProvider; E:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [505024 2017-02-07] (Sony Corporation -> Sony Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [268128 2018-09-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737560 2019-02-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255584 2017-08-19] (Synaptics Incorporated -> Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11791704 2019-03-18] (TeamViewer GmbH -> TeamViewer GmbH)
R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3661096 2015-09-14] (TechSmith Corporation -> TechSmith Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4403496 2019-01-09] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107160 2019-02-16] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37320 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [205608 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [254408 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [196304 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblog.sys [320904 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [58168 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-01-08] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42496 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [169104 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88152 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1034640 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [476256 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380160 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
S3 iaStorB; C:\WINDOWS\System32\drivers\iaStorB.sys [559576 2015-05-20] (Intel Corporation – Non-Volatile Memory Solutions Group -> Intel Corporation)
S3 iaStorS; C:\WINDOWS\System32\drivers\iaStorS.sys [665592 2015-06-04] (Intel Corporation – Non-Volatile Memory Solutions Group -> Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-04-03] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-04-03] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73912 2019-04-03] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-04-03] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [114040 2019-04-03] (Malwarebytes Corporation -> Malwarebytes)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2016-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
S3 netr7364; C:\WINDOWS\System32\drivers\netr7364.sys [721920 2018-04-11] (Microsoft Windows -> Ralink Technology, Corp.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvwu.inf_amd64_6fb2b7040c1fcb13\nvlddmkm.sys [14246456 2016-09-28] (NVIDIA Corporation -> NVIDIA Corporation)
S3 rccfg; C:\WINDOWS\System32\drivers\rccfg.sys [22552 2015-05-11] (Microsoft Windows Hardware Compatibility Publisher -> AMD, Inc.)
S3 rcraid; C:\WINDOWS\System32\drivers\rcraid.sys [540184 2015-05-11] (Microsoft Windows Hardware Compatibility Publisher -> AMD, Inc.)
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-03] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [43920 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel® Software -> Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-03 17:16 - 2019-04-03 17:16 - 000039361 ____C C:\Users\jlopresti\Desktop\FRST.txt
2019-04-03 17:15 - 2019-04-03 17:16 - 000000000 ____D C:\FRST
2019-04-03 17:04 - 2019-04-03 17:04 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-04-03 17:04 - 2019-04-03 17:04 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-04-03 17:04 - 2019-04-03 17:04 - 000114040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-04-03 17:04 - 2019-04-03 17:04 - 000073912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-04-03 17:03 - 2019-04-03 17:03 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-04-03 17:03 - 2019-04-03 17:03 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-04-03 17:03 - 2019-04-03 17:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-04-03 17:03 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-04-03 17:03 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-04-03 17:02 - 2019-04-03 17:03 - 000899584 ____C C:\Users\jlopresti\Desktop\RGSA.exe
2019-04-03 16:59 - 2019-04-03 16:59 - 002434048 ____C (Farbar) C:\Users\jlopresti\Desktop\FRST64.exe
2019-04-03 16:55 - 2019-04-03 16:57 - 062591336 ____C (Malwarebytes ) C:\Users\jlopresti\Desktop\mb3-setup-consumer-3.7.1.2839-1.0.563-1.0.9988.exe
2019-04-03 16:17 - 2019-04-03 16:17 - 000207634 ____C C:\Users\jlopresti\Downloads\retrieveBOLAction(7).action
2019-04-03 13:03 - 2019-04-03 13:03 - 000002643 _____ C:\Users\jlopresti\Downloads\LabelFedex-786407878889-0.ZPLII
2019-04-03 09:32 - 2019-04-03 09:32 - 000000000 ___HD C:\OneDriveTemp
2019-04-02 11:20 - 2019-04-02 11:20 - 000245284 _____ C:\Users\jlopresti\Downloads\INV20192835.pdf
2019-04-01 16:25 - 2019-04-01 16:25 - 000038380 ____C C:\Users\jlopresti\Downloads\2015-08-04_minutes_-_board_of_health_public_meeting.pdf
2019-04-01 15:44 - 2019-04-01 15:44 - 000971264 _____ C:\Users\jlopresti\Downloads\product.product (10).xls
2019-04-01 13:13 - 2019-04-01 13:13 - 000208022 ____C C:\Users\jlopresti\Downloads\retrieveBOLAction(6).action
2019-04-01 12:07 - 2019-04-01 12:07 - 000971264 _____ C:\Users\jlopresti\Downloads\product.product (9).xls
2019-04-01 11:51 - 2019-04-01 11:51 - 001932521 ____C C:\Users\jlopresti\Downloads\MDL(2).pdf
2019-04-01 11:23 - 2019-04-01 11:23 - 000208007 ____C C:\Users\jlopresti\Downloads\retrieveBOLAction(5).action
2019-03-29 11:33 - 2019-03-29 11:33 - 000971264 _____ C:\Users\jlopresti\Downloads\product.product (8).xls
2019-03-29 09:49 - 2019-03-29 09:49 - 000417076 ____C C:\Users\jlopresti\Downloads\00P1Y000015Tz5UUAS(1).pdf
2019-03-28 14:33 - 2019-03-28 14:33 - 000026992 ____C C:\Users\jlopresti\Downloads\9056418822yDJH1HA.pdf
2019-03-28 14:33 - 2019-03-28 14:33 - 000026992 ____C C:\Users\jlopresti\Downloads\9056418822yDJH1HA(1).pdf
2019-03-28 11:06 - 2019-03-28 14:07 - 000252416 _____ C:\Users\jlopresti\Downloads\product.product (7).xls
2019-03-28 10:28 - 2019-03-28 10:28 - 000203712 _____ C:\Users\jlopresti\Downloads\INV20192672.pdf
2019-03-27 14:12 - 2019-03-27 14:12 - 000252749 ____C C:\Users\jlopresti\Downloads\CreditCardStatement(22).pdf
2019-03-27 14:12 - 2019-03-27 14:12 - 000251211 ____C C:\Users\jlopresti\Downloads\CreditCardStatement(23).pdf
2019-03-27 14:11 - 2019-03-27 14:11 - 000253623 ____C C:\Users\jlopresti\Downloads\CreditCardStatement(21).pdf
2019-03-27 12:29 - 2019-03-27 12:29 - 000417076 ____C C:\Users\jlopresti\Downloads\00P1Y000015Tz5UUAS.pdf
2019-03-27 09:54 - 2019-03-27 09:54 - 000351152 ____C C:\Users\jlopresti\Downloads\ebi9393888983_00_M_00_N_EB_0145550844(2).pdf
2019-03-27 09:54 - 2019-03-27 09:54 - 000351152 ____C C:\Users\jlopresti\Downloads\ebi9393888983_00_M_00_N_EB_0145550844(1).pdf
2019-03-27 09:53 - 2019-03-27 09:54 - 000351152 ____C C:\Users\jlopresti\Downloads\ebi9393888983_00_M_00_N_EB_0145550844.pdf
2019-03-26 11:32 - 2019-03-26 11:32 - 000000418 ____C C:\Users\jlopresti\Downloads\eGkiljup
2019-03-25 17:34 - 2019-03-25 17:34 - 000967168 _____ C:\Users\jlopresti\Downloads\product.product (6).xls
2019-03-25 14:28 - 2019-03-25 14:28 - 002625190 ____C C:\Users\jlopresti\Downloads\Pavers.pdf
2019-03-25 10:14 - 2019-03-25 10:38 - 000249856 _____ C:\Users\jlopresti\Downloads\product.product (5).xls
2019-03-21 14:29 - 2019-03-21 14:29 - 000375739 _____ C:\Users\jlopresti\Downloads\IMG_0326.HEIC
2019-03-21 14:05 - 2019-03-21 14:05 - 000233391 _____ C:\Users\jlopresti\Downloads\Invoice_INV_2019_2413_.pdf
2019-03-21 12:02 - 2019-03-21 12:02 - 000019847 ____C C:\Users\jlopresti\Downloads\retrievePDF(7).jsp
2019-03-19 17:17 - 2019-03-19 17:17 - 000456865 ____C C:\Users\jlopresti\Downloads\WORKPLACE-SURVEILLANCE-POLICY-1.pdf
2019-03-19 09:24 - 2019-03-19 09:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2019-03-18 18:37 - 2019-03-18 18:37 - 013754953 _____ C:\Users\jlopresti\Downloads\IMPERFETTO.pdf
2019-03-18 17:18 - 2019-03-18 17:18 - 012732421 _____ C:\Users\jlopresti\Downloads\PRESENTE.pdf
2019-03-18 16:00 - 2019-03-18 16:00 - 000905216 _____ C:\Users\jlopresti\Downloads\product.product (4).xls
2019-03-18 15:34 - 2019-03-18 15:33 - 000362888 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2019-03-18 15:31 - 2019-03-18 15:31 - 000001640 _____ C:\Users\Public\Desktop\iTunes.lnk
2019-03-18 15:31 - 2019-03-18 15:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2019-03-18 15:31 - 2019-03-18 15:31 - 000000000 ____D C:\Program Files\iPod
2019-03-18 15:27 - 2019-03-18 15:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2019-03-18 12:34 - 2019-03-18 13:28 - 000248832 _____ C:\Users\jlopresti\Downloads\product.product (3).xls
2019-03-18 11:51 - 2019-03-18 11:51 - 001927655 ____C C:\Users\jlopresti\Downloads\VBE.pdf
2019-03-15 13:05 - 2019-03-15 13:05 - 000707642 ____C C:\Users\jlopresti\Downloads\Turning-Robocalls-Into-Cash-2019.pdf
2019-03-14 12:13 - 2019-03-14 12:13 - 000000000 ___HD C:\Users\jlopresti\MicrosoftEdgeBackups
2019-03-14 11:20 - 2019-03-14 11:50 - 000250880 _____ C:\Users\jlopresti\Downloads\product.product (2).xls
2019-03-13 16:41 - 2019-03-13 16:41 - 000003557 ____C C:\Users\jlopresti\Downloads\GetDocument
2019-03-13 14:49 - 2019-03-13 14:49 - 000093801 ____C C:\Users\jlopresti\Downloads\INTEC-PRICING-EURO-XP2020-CP2020-GLOBAL-PARTNER-1st-January-2014-v-2.0.pdf
2019-03-13 14:13 - 2019-03-13 14:13 - 000278975 ____C C:\Users\jlopresti\Downloads\MX-M503_453_363N.pdf
2019-03-13 13:56 - 2019-03-13 13:56 - 002710546 ____C C:\Users\jlopresti\Downloads\MX-M1100.pdf
2019-03-13 13:16 - 2019-03-13 13:16 - 000072504 ____C C:\Users\jlopresti\Downloads\Print BOL20190313101620_4782.pdf
2019-03-13 13:13 - 2019-03-13 13:13 - 000072505 ____C C:\Users\jlopresti\Downloads\Print BOL20190313101308_13770.pdf
2019-03-13 13:11 - 2019-03-13 13:11 - 000072505 ____C C:\Users\jlopresti\Downloads\Print BOL20190313101150_816.pdf
2019-03-13 10:17 - 2019-03-13 10:17 - 000203743 ____C C:\Users\jlopresti\Downloads\bill-of-lading-show(11)
2019-03-12 14:55 - 2019-03-06 11:39 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-03-12 14:55 - 2019-03-06 11:37 - 001616608 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-03-12 14:55 - 2019-03-06 11:36 - 001047352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2019-03-12 14:55 - 2019-03-06 11:20 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-03-12 14:55 - 2019-03-06 11:19 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-03-12 14:55 - 2019-03-06 11:17 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-03-12 14:55 - 2019-03-06 11:17 - 000810496 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2019-03-12 14:55 - 2019-03-06 11:17 - 000116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2019-03-12 14:55 - 2019-03-06 11:14 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-03-12 14:55 - 2019-03-06 11:14 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-03-12 14:55 - 2019-03-06 11:14 - 000488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-03-12 14:55 - 2019-03-06 11:13 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-03-12 14:55 - 2019-03-06 11:13 - 001856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-03-12 14:55 - 2019-03-06 11:13 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-03-12 14:55 - 2019-03-06 11:13 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-03-12 14:55 - 2019-03-06 11:12 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-03-12 14:55 - 2019-03-06 08:18 - 000918032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2019-03-12 14:55 - 2019-03-06 08:18 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-03-12 14:55 - 2019-03-06 08:10 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-03-12 14:55 - 2019-03-06 08:09 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-03-12 14:55 - 2019-03-06 08:06 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-03-12 14:55 - 2019-03-06 08:05 - 004054016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-03-12 14:55 - 2019-03-06 08:05 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-03-12 14:55 - 2019-03-06 08:04 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-03-12 14:55 - 2019-03-06 08:04 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-03-12 14:55 - 2019-03-06 07:59 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-03-12 14:55 - 2019-03-06 05:29 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-03-12 14:55 - 2019-03-06 05:16 - 002822456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-03-12 14:55 - 2019-03-06 05:16 - 001457032 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-03-12 14:55 - 2019-03-06 05:16 - 001188000 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2019-03-12 14:55 - 2019-03-06 05:16 - 000776792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-03-12 14:55 - 2019-03-06 05:16 - 000722744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2019-03-12 14:55 - 2019-03-06 05:16 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-03-12 14:55 - 2019-03-06 05:16 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2019-03-12 14:55 - 2019-03-06 05:11 - 000493880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-03-12 14:55 - 2019-03-06 05:10 - 000248880 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2019-03-12 14:55 - 2019-03-06 05:07 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-03-12 14:55 - 2019-03-06 05:07 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-03-12 14:55 - 2019-03-06 05:07 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-03-12 14:55 - 2019-03-06 05:06 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-03-12 14:55 - 2019-03-06 05:06 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-03-12 14:55 - 2019-03-06 05:06 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-03-12 14:55 - 2019-03-06 05:05 - 000439224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-03-12 14:55 - 2019-03-06 05:05 - 000436240 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-03-12 14:55 - 2019-03-06 05:05 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-03-12 14:55 - 2019-03-06 05:04 - 002765856 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-03-12 14:55 - 2019-03-06 05:04 - 000945464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-03-12 14:55 - 2019-03-06 05:04 - 000628024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll
2019-03-12 14:55 - 2019-03-06 05:03 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-03-12 14:55 - 2019-03-06 05:03 - 002719544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-03-12 14:55 - 2019-03-06 05:03 - 002465784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-03-12 14:55 - 2019-03-06 05:03 - 001921848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-03-12 14:55 - 2019-03-06 05:03 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-03-12 14:55 - 2019-03-06 05:03 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-03-12 14:55 - 2019-03-06 05:03 - 000375608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2019-03-12 14:55 - 2019-03-06 05:02 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-03-12 14:55 - 2019-03-06 05:02 - 001257672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-03-12 14:55 - 2019-03-06 05:02 - 001140480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-03-12 14:55 - 2019-03-06 05:02 - 000982912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-03-12 14:55 - 2019-03-06 05:02 - 000626488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2019-03-12 14:55 - 2019-03-06 04:44 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-03-12 14:55 - 2019-03-06 04:36 - 022716928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-03-12 14:55 - 2019-03-06 04:36 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-03-12 14:55 - 2019-03-06 04:34 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-03-12 14:55 - 2019-03-06 04:33 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidparse.sys
2019-03-12 14:55 - 2019-03-06 04:33 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-03-12 14:55 - 2019-03-06 04:32 - 003399168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-03-12 14:55 - 2019-03-06 04:32 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-03-12 14:55 - 2019-03-06 04:32 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-03-12 14:55 - 2019-03-06 04:31 - 007598592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-03-12 14:55 - 2019-03-06 04:31 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-03-12 14:55 - 2019-03-06 04:31 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-03-12 14:55 - 2019-03-06 04:31 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-03-12 14:55 - 2019-03-06 04:31 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-03-12 14:55 - 2019-03-06 04:31 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-03-12 14:55 - 2019-03-06 04:31 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-03-12 14:55 - 2019-03-06 04:31 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-03-12 14:55 - 2019-03-06 04:31 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2019-03-12 14:55 - 2019-03-06 04:31 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-03-12 14:55 - 2019-03-06 04:31 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-03-12 14:55 - 2019-03-06 04:29 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2019-03-12 14:55 - 2019-03-06 04:29 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-03-12 14:55 - 2019-03-06 04:29 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-03-12 14:55 - 2019-03-06 04:29 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-03-12 14:55 - 2019-03-06 04:28 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-03-12 14:55 - 2019-03-06 04:28 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-03-12 14:55 - 2019-03-06 04:27 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-03-12 14:55 - 2019-03-06 04:27 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-03-12 14:55 - 2019-03-06 04:27 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-03-12 14:55 - 2019-03-06 04:27 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-03-12 14:55 - 2019-03-06 04:26 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-03-12 14:55 - 2019-03-06 04:26 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2019-03-12 14:55 - 2019-03-06 04:26 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2019-03-12 14:55 - 2019-03-06 04:25 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-03-12 14:55 - 2019-03-06 03:08 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-03-12 14:55 - 2019-03-06 02:17 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-03-12 14:55 - 2019-03-06 02:17 - 000146712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-03-12 14:55 - 2019-03-06 02:15 - 002253488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-03-12 14:55 - 2019-03-06 02:15 - 000434488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-03-12 14:55 - 2019-03-06 02:14 - 006568528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-03-12 14:55 - 2019-03-06 02:14 - 000785568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2019-03-12 14:55 - 2019-03-06 02:14 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-03-12 14:55 - 2019-03-06 02:14 - 000450872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll
2019-03-12 14:55 - 2019-03-06 02:14 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-03-12 14:55 - 2019-03-06 02:13 - 000607248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2019-03-12 14:55 - 2019-03-06 02:05 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-03-12 14:55 - 2019-03-06 01:56 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-03-12 14:55 - 2019-03-06 01:53 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-03-12 14:55 - 2019-03-06 01:53 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-03-12 14:55 - 2019-03-06 01:52 - 005790720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-03-12 14:55 - 2019-03-06 01:52 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-03-12 14:55 - 2019-03-06 01:52 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-03-12 14:55 - 2019-03-06 01:51 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-03-12 14:55 - 2019-03-06 01:51 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-03-12 14:55 - 2019-03-06 01:51 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-03-12 14:55 - 2019-03-06 01:50 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-03-12 14:55 - 2019-03-06 01:50 - 001347584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2019-03-12 14:55 - 2019-03-06 01:50 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-03-12 14:55 - 2019-03-06 01:49 - 004516352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-03-12 14:55 - 2019-03-06 01:49 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-03-12 14:55 - 2019-03-06 01:49 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-03-12 14:55 - 2019-03-06 01:48 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-03-12 14:55 - 2019-03-06 01:48 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-03-12 14:55 - 2019-02-20 23:26 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-03-12 14:55 - 2019-02-16 09:02 - 002871304 _____ (Microsoft Corporation)

JoeFixes
(But only if its Broke)

#2 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,200 posts

Posted 04 April 2019 - 10:46 AM

Hello again JoeFixes,

 

Please copy and paste the entire content of the Addition.txt in your next reply for review.

 

p.s.: I will be out from tomorrow (Friday) until next Monday. If in the meanwhile I don't have time to review your logs, I will send an alert to our helpers community and someone will continue assisting you.

 

Thank you for understanding.

 

Android 8888

 

 


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#3 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 04 April 2019 - 11:11 AM

Thank you Android

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by jlopresti (03-04-2019 17:17:17)
Running from C:\Users\jlopresti\Desktop
Windows 10 Pro Version 1803 17134.648 (X64) (2018-05-15 13:52:12)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1183369387-3531538442-3511386656-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1183369387-3531538442-3511386656-503 - Limited - Disabled)
Guest (S-1-5-21-1183369387-3531538442-3511386656-501 - Limited - Disabled)
Joseph LoPresti (S-1-5-21-1183369387-3531538442-3511386656-1001 - Administrator - Enabled) => C:\Users\Joseph LoPresti
WDAGUtilityAccount (S-1-5-21-1183369387-3531538442-3511386656-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2.05.05 (HKLM-x32\...\Smartwizard Discovery_is1) (Version:  - )
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat 4.0 (HKLM-x32\...\Adobe Acrobat 4.0) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 28.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.156 - Adobe Systems Incorporated)
AIM for Windows (HKU\S-1-5-21-1183369387-3531538442-3511386656-1001\...\AIM) (Version:  - AOL Inc.)
AlignmentUtility (HKLM-x32\...\{4C5E314A-31CA-4223-9A90-CE0C4D5800A4}) (Version: 21.00.0000 - UPS) Hidden
Amazon Print Connect (HKLM\...\{79E517A4-F87E-44DB-9F76-64455DBFB70F}) (Version: 1.0.0.0 - Amazon.com, Inc.)
Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.5.2 - Angry IP Scanner)
Apple Application Support (32-bit) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.3.2369 - AVAST Software)
Backup and Sync from Google (HKLM\...\{693CADB0-962B-4AC1-A939-9524B258C997}) (Version: 3.43.2448.9071 - Google, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCC (HKLM-x32\...\{95749C5B-BC37-41E3-8D39-EEF4C21A2825}) (Version: 21.00.0000 - United Parcel Service, Inc.) Hidden
CCCHelp (HKLM-x32\...\{21C4D7B4-79A2-43F3-89EF-558CE4BEE85F}) (Version: 21.00.0000 - United Parcel Service, Inc.) Hidden
Chrome Remote Desktop Host (HKLM-x32\...\{519CE4A6-64D0-4955-A17B-751645E1163B}) (Version: 73.0.3683.67 - Google Inc.)
Cisco Webex Meetings (HKU\S-1-5-21-2321501746-3221011889-664855769-1107\...\ActiveTouchMeetingClient) (Version:  - Cisco Webex LLC)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Drobo Dashboard (HKLM-x32\...\{863885B3-7C05-421C-8817-568712778745}) (Version: 2.8.4 - Drobo)
e-Campaign 11 (HKLM-x32\...\e-Campaign_is1) (Version: 11 - LmhSoft)
ezCheckPrinting (HKLM-x32\...\{03C3E414-A9A9-42F9-A691-667A19B318DE}) (Version: 6.0.51 - Halfpricesoft)
FileZilla Client 3.33.0 (HKLM-x32\...\FileZilla Client) (Version: 3.33.0 - Tim Kosse)
FLIRCloudClient 2.1.50 (HKLM-x32\...\FLIRCloudClient) (Version: 2.1.50 - FLIR)
FormsComponent (HKLM-x32\...\{91032FF2-836F-4CCA-A1A3-55B966E82907}) (Version: 21.00.0000 - UPS) Hidden
FOSS (HKLM-x32\...\{267FC070-5271-4768-B33A-33E4EA0E3A74}) (Version: 21.00.0000 - UPS) Hidden
Free MP4 Video Converter (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.111.215 - Digital Wave Ltd)
Free Studio (HKLM-x32\...\Free Studio_is1) (Version: 6.6.35.323 - Digital Wave Ltd)
Free YouTube To MP3 Converter (HKLM-x32\...\Free YouTube To MP3 Converter_is1) (Version: 4.1.50.525 - Digital Wave Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.86 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.107 - Google Inc.) Hidden
GoPro Studio (HKLM-x32\...\{BE06FF1A-83A0-42F2-913E-6E405393145C}) (Version: 5.12.5383 - GoPro, Inc.) Hidden
GoTo Opener (HKLM-x32\...\{8B2D47CC-1558-4939-B27F-41E30530072A}) (Version: 1.0.467 - LogMeIn, Inc.)
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.9.0.1280 - LogMeIn, Inc.)
GoToMeeting 8.41.0.12127 (HKU\S-1-5-21-2321501746-3221011889-664855769-1107\...\GoToMeeting) (Version: 8.41.0.12127 - LogMeIn, Inc.)
HP SoftPaq Download Manager (HKLM-x32\...\{92db00b4-c4ee-4893-bc4e-8be6548b2742}) (Version: 4.3.4.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.10.49.21 - HP Inc.)
ICCHelp (HKLM-x32\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 21.00.0000 - UPS)
iCloud (HKLM\...\{05D97028-FD26-4A3D-BADC-D1CA2E9F1214}) (Version: 7.10.0.9 - Apple Inc.)
Intel® Chipset Device Software (HKLM-x32\...\{619e726e-d2b4-4e28-9568-c964fd81ee6c}) (Version: 10.1.1.14 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1173 - Intel Corporation)
Intel® Network Connections 20.2.4001.0 (HKLM\...\PROSetDX) (Version: 20.2.4001.0 - Intel)
Intel® Wireless Bluetooth® (HKLM-x32\...\{7B11A2EA-168E-442A-809E-5F8908A7504F}) (Version: 19.50.1 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
iSmartViewPro version 1.9 (HKLM-x32\...\{8EC13308-5065-43FA-A8E8-E985F18DAB89}_is1) (Version: 1.9 - iSmartViewPro, Inc.)
iTunes (HKLM\...\{D9D08A8F-5A03-486A-AD4D-3A438D521F8B}) (Version: 12.9.3.3 - Apple Inc.)
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
LeMon - Lepide (HKLM-x32\...\Lepide Port Monitor) (Version:  - )
Lorex_webplugin.exe version 3.1.0.5 (HKLM-x32\...\{ED02ABD7-1049-4984-A35A-26ABEC69E2E0}_is1) (Version: 3.1.0.5 - )
MagicInfo Express Content Creator (HKLM-x32\...\MagicInfo Express Content Creator) (Version: 1018.1 - Samsung Electronics)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
MergeModule_x64 (HKLM\...\{12DCC5A7-0100-4433-B4FF-217A3C5DC83B}) (Version: 9.3.00 - Sony Corporation) Hidden
MergeModule_x86 (HKLM-x32\...\{DD7721BB-CF1C-4DC9-AD87-8D5FB75413B7}) (Version: 9.3.00 - Sony Corporation) Hidden
Microsoft Command Line Utilities 11 for SQL Server (HKLM-x32\...\{92216AED-67BB-4832-8A7B-BBE8FDE7C3B0}) (Version: 11.0.2270.0 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{4294D9EB-FECF-4E55-8615-1B9EF152EE95}) (Version: 12.2.5543.11 - Microsoft Corporation)
Microsoft Office Professional 2016 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 16.0.11328.20158 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2321501746-3221011889-664855769-1107\...\OneDriveSetup.exe) (Version: 19.033.0218.0011 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Management Objects (HKLM-x32\...\{5C251AE3-C4DE-4398-847E-34154763000A}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{7FFF0385-BD04-4047-AA1D-6146A391FD0A}) (Version: 11.3.6020.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{9AE22681-C27C-402A-A136-15854DFF693D}) (Version: 11.3.6020.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{8CE29F52-8FAF-4CFD-89E8-B2D61A6800B1}) (Version: 11.3.6020.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movavi Video Editor 12 (HKLM-x32\...\Movavi Video Editor 12) (Version: 12.1.1 - Movavi)
Mozilla Firefox 66.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 66.0.2 (x64 en-US)) (Version: 66.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 66.0.2.7024 - Mozilla)
MSIChecker (HKLM-x32\...\{C9D43B38-34AD-4EC2-B696-46F42D49D174}) (Version: 21.00.0000 - UPS) Hidden
NA1Messenger (HKLM-x32\...\{D44E7219-947E-4F1B-830E-66EF11ACC543}) (Version: 21.00.0000 - Your Company Name) Hidden
NRF (HKLM-x32\...\{99A0F94F-9F09-4F09-B8D9-E8F1BBBEF212}) (Version: 21.00.0000 - UPS) Hidden
NVIDIA nView 148.03 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 148.03 - NVIDIA Corporation)
NVIDIA WMI 2.28.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.28.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11328.20158 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20158 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20158 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11328.20158 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.5 (HKLM-x32\...\{ABCAD346-4F4B-49E9-9AA1-28EF8C26059D}) (Version: 4.15.9789 - Apache Software Foundation)
Paint Shop Pro 7 (HKLM-x32\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.2.0000 - Jasc Software Inc)
PlayMemories Home (HKLM-x32\...\{4F95DC94-A29D-41F6-AF34-15AA0D666186}) (Version: 5.3.01.02070 - Sony Corporation)
PMB_ModeEditor (HKLM-x32\...\{E95982CA-945F-41F2-B156-A603897AB242}) (Version: 10.3.00 - Sony Corporation) Hidden
PMB_ServiceUploader (HKLM-x32\...\{2CA3C685-339C-4C61-B12C-FAD81A872651}) (Version: 10.3.01 - Sony Corporation) Hidden
PolicyManager (HKLM-x32\...\{2329553C-D499-4476-A20F-9C7E82ED122B}) (Version: 21.00.0000 - UPS) Hidden
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
PuTTY release 0.68 (64-bit) (HKLM\...\{DB149DDE-903A-4B5E-93C4-46BBEC48F0C2}) (Version: 0.68.0.0 - Simon Tatham)
Quik (HKLM\...\{DF7EE9CB-0369-44F3-9B91-BF05A2D4891D}) (Version: 0.1.5383 - GoPro, Inc.) Hidden
Quik (HKLM-x32\...\{b15a4fb5-7637-45ca-b230-33d94af786a7}) (Version: 2.3.0.5383 - GoPro, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8544 - Realtek Semiconductor Corp.)
Reconciler (HKLM-x32\...\{98C4DE92-27C8-482C-8431-514828756E80}) (Version: 21.00.0000 - UPS) Hidden
ReportServer (HKLM-x32\...\{C81D8576-F1B1-4E3A-9DC3-DF1B664962F0}) (Version: 21.00.0000 - Your Company Name) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
ScanSnap (HKLM-x32\...\{734605D9-CE17-4A99-8859-C53F06CBBAB4}) (Version: 5.5.10.2 - PFU Limited) Hidden
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V5.5L10 - PFU)
Skype version 8.42 (HKLM-x32\...\Skype_is1) (Version: 8.42 - Skype Technologies S.A.)
SmartControlCenter (HKLM-x32\...\{63CE935C-03E3-4EB4-B194-792CB2F91C87}) (Version: 1.1.3.4 - Netgear)
Snagit 13 (HKLM-x32\...\{2D2045B7-AF91-409C-87F6-99E263CDC13F}) (Version: 13.0.3 - TechSmith Corporation) Hidden
Snagit 13 (HKLM-x32\...\{5acd453a-fa98-417a-b893-31468cbdd0e5}) (Version: 13.0.3.7115 - TechSmith Corporation)
SQL Server System CLR Types (HKLM-x32\...\{EADD5703-F2A0-4504-9C8A-88B236FC4643}) (Version: 10.3.5500.0 - Microsoft Corporation)
Stamps.com (HKLM-x32\...\{698AC01B-DF0C-4BCE-940C-EB29AD23A560}) (Version: 16.0.1.3699 - Stamps.com, Inc.) Hidden
Stamps.com (HKLM-x32\...\Stamps.com) (Version: 16.0.1.3699 - Stamps.com, Inc.)
SupportUtility (HKLM-x32\...\{31AF8802-BF43-4C43-984B-EC597CF51505}) (Version: 21.00.0000 - UPS) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.63 - Synaptics Incorporated)
System (HKLM-x32\...\{DB2C58E0-6284-4B48-97F2-22A980B6360B}) (Version: 21.00.0000 - UPS) Hidden
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.2.2558 - TeamViewer)
Trim Spaces for Excel 1.3 (HKLM-x32\...\Trim Spaces for Excel_is1) (Version:  - Add-in Express Ltd.)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
UCx (HKLM-x32\...\{5D2F7551-3447-462E-A730-8379BF8605C7}) (Version: 21.3.2.35 - DSCI)
UCx (HKU\S-1-5-21-2321501746-3221011889-664855769-1107\...\UCx) (Version: 22.6.9.23 - TPx)
UnifiedPrinting (HKLM-x32\...\{CF2962CB-E3E7-4AA5-B6CE-EE59A600ECBE}) (Version: 21.00.0000 - UPS) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{FBA3961B-D1DF-493C-BC1F-E67D3B832895}) (Version: 2.56.0.0 - Microsoft Corporation)
UPS WorldShip (HKLM-x32\...\UPS WorldShip) (Version: 21.0 - UPS)
UPSICC (HKLM-x32\...\{390160B4-D276-4A04-8002-8D3101A0D367}) (Version: 21.00.0000 - UPS) Hidden
UPSlinkHTTP (HKLM-x32\...\{E358CC1E-4953-4E27-ADEB-8B27D8BBC20E}) (Version: 21.00.0000 - UPS) Hidden
UPSVC2008MM (HKLM-x32\...\{95BFC573-7D09-46C9-B458-A75BA947FFCB}) (Version: 1.00.0000 - UPS) Hidden
UPSVC2013MM (HKLM-x32\...\{D99432A9-099D-4DF0-B3BA-41562C3F8B4C}) (Version: 19.00.0000 - Your Company Name) Hidden
UPSVCMM (HKLM-x32\...\{C23415D8-FE94-4F52-B5C4-0FFA2202C6D9}) (Version: 12.00.0000 - UPS) Hidden
VFW_Codec32 (HKLM-x32\...\{ECDB3455-70F4-4EE6-B89E-3B4C5E9FF592}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (HKLM\...\{AE4073DE-7596-4E3B-9DE3-18BE2C3EFAA6}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Wansview version 1.0.2 (HKLM-x32\...\{770ED450-CE7D-4562-9A9D-E1319D2E2891}_is1) (Version: 1.0.2 - Wansview, Inc.)
WhatsApp (HKU\S-1-5-21-2321501746-3221011889-664855769-1107\...\WhatsApp) (Version: 0.3.2386 - WhatsApp)
WorldShip (HKLM-x32\...\{05221EA8-BC66-483B-8036-5CAF7B813C10}) (Version: 21.00.0000 - UPS) Hidden
WSShared (HKLM-x32\...\{4D8761F6-BB0D-48B9-81F3-58EC0CDA2090}) (Version: 21.00.0000 - UPS) Hidden
Yahoo Messenger (HKU\S-1-5-21-1183369387-3531538442-3511386656-1001\...\yahoomessenger) (Version: 0.8.231 - Yahoo! Inc)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2321501746-3221011889-664855769-1107_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-2321501746-3221011889-664855769-1107_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\jlopresti\AppData\Local\GoToMeeting\12023\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-02] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-02] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-02] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-12-07] (Google Inc -> Google)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-01-15] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 13\DLLx64\SnagitShellExt64.dll [2016-11-03] (TechSmith Corporation -> TechSmith Corporation)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-02] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-12-07] (Google Inc -> Google)
ContextMenuHandlers4: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 13\DLLx64\SnagitShellExt64.dll [2016-11-03] (TechSmith Corporation -> TechSmith Corporation)
ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2016-09-22] (NVIDIA Corporation -> )
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-09-22] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-02] (AVAST Software s.r.o. -> AVAST Software)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05CE4E8C-7A7D-443D-90D4-B3E9507EB0A0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {0954F912-651D-45E7-9149-B3E2AD0DAC72} - System32\Tasks\G2MUploadTask-S-1-5-21-2321501746-3221011889-664855769-1107 => C:\Users\jlopresti\AppData\Local\GoToMeeting\12127\g2mupload.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {0BC30BE5-B747-415A-BDA4-ECFC4A93ECAD} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {12A56A40-D0F8-4F69-9DD6-5285F3C2D289} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {1720A4F9-7C8B-4E41-B086-BCFCC316B734} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {250D6EF9-4FFF-4D7D-B4C0-9158E5260AA1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe (HP Inc. -> HP Inc.)
Task: {262B296C-437F-4FB8-A70B-479BEB526487} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc. -> Apple Inc.)
Task: {35045212-B3DE-45FB-B3D6-84F1E2FB19DD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {3577FFB2-92AF-4EAD-A69E-B5391BF3B754} - System32\Tasks\UPS WorldShip Updater => C:\PROGRAM FILES (X86)\UPS\WSTD\CF\WorldShipCF.exe (United Parcel Service -> UPS)
Task: {46C20067-D375-4D50-BD53-5FE9A121558B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {5F9F6C1E-5CBD-49DA-84E0-BF1C96FCCD28} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {7FF77007-CCD1-4A03-8608-F2A1EF828E07} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe (TechSmith Corporation -> TechSmith Corporation)
Task: {7FF79EC9-C385-4B82-8B4F-8FE5AC0B1C08} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {8F2B804F-009D-43A0-BA21-0126112CF906} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} => C:\WINDOWS\system32\gpupdate.exe (Microsoft Windows -> Microsoft Corporation)
Task: {93E1CB8F-B48A-45AD-876A-8C578B7CEE0F} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures
Task: {ACD39742-9F53-4AA1-B038-A3D9F48E4D14} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_156_Plugin.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {BC60B884-7D05-4809-AB27-132D8D3FA4F2} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {C0A871CF-5D3C-4553-9C64-0AF219F1BF1E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {D55C303A-3D54-40BB-995B-C23949261C07} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {DCE7B283-B462-4DBC-A816-19B1B7D9D203} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}" was unlocked. <==== ATTENTION
Task: {E60E569B-A9BD-4019-936F-DADDEE39235A} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:\WINDOWS\system32\gpupdate.exe (Microsoft Windows -> Microsoft Corporation)
Task: {EA8AE254-04E4-44D8-8D01-0364693B0CC0} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {F6737642-A4E4-49B9-BAB9-754AE38CE152} - System32\Tasks\G2MUpdateTask-S-1-5-21-2321501746-3221011889-664855769-1107 => C:\Users\jlopresti\AppData\Local\GoToMeeting\12127\g2mupdate.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {F77F007C-7124-4B27-A031-4616D53F3AEB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe (HP Inc. -> HP Inc.)
Task: {FF4FBEA9-6B1B-4EEA-9559-5F6411681280} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2321501746-3221011889-664855769-1107.job => C:\Users\jlopresti\AppData\Local\GoToMeeting\12127\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2321501746-3221011889-664855769-1107.job => C:\Users\jlopresti\AppData\Local\GoToMeeting\12127\g2mupload.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\jlopresti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp

==================== Loaded Modules (Whitelisted) ==============

2016-11-16 17:32 - 2012-06-28 15:53 - 000090336 _____ (Lepide Software Pvt. Ltd. -> ) [File not signed] C:\Program Files (x86)\Kernel for Outlook PST Repair - Home Version\lemon64.dll
2015-05-19 13:11 - 2015-05-19 13:11 - 000335872 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
2016-11-18 13:11 - 2016-10-04 10:51 - 000076800 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2016-11-21 12:37 - 2012-02-01 12:39 - 000344576 _____ (PFU LIMITED) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\SSFolder\x64\SSFolder.DLL
2018-10-03 08:47 - 2018-10-03 08:47 - 000113664 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\amd64_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_8a1dd9552ed7f8d8\ATL80.DLL
2018-04-12 12:55 - 2018-04-12 12:55 - 002322944 _____ (Amazon.com, Inc.) [File not signed] C:\Program Files\Amazon.com, Inc\AmazonPrintConnect.exe
2019-04-03 09:32 - 2019-04-03 09:32 - 000497152 ____C () [File not signed] \\?\C:\Users\jlopresti\AppData\Local\Temp\c6ef0384-717b-4689-b604-ee8d2c174daf.tmp.node
2019-04-03 09:32 - 2019-04-03 09:32 - 000497152 ____C () [File not signed] \\?\C:\Users\jlopresti\AppData\Local\Temp\75ded447-cdcb-423e-b672-ac15c9e792bc.tmp.node
2016-11-21 12:37 - 2016-01-29 11:54 - 001097728 _____ (PFU LIMITED) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
2016-11-21 12:37 - 2012-07-12 22:12 - 000634880 _____ (PFU LIMITED) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe
2018-01-26 04:03 - 2018-01-26 04:03 - 020275200 _____ () [File not signed] C:\Users\Public\FLIRCloudClient\FLIRCloudClient\FLIRCloudClient.exe
2019-01-24 10:47 - 2019-03-26 16:27 - 015257088 _____ (Node.js) [File not signed] C:\Program Files (x86)\Microsoft\Skype for Desktop\node.dll
2019-01-24 10:47 - 2019-03-26 16:27 - 002901504 _____ () [File not signed] C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2019-01-24 10:47 - 2019-03-26 16:27 - 000015360 _____ () [File not signed] C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2016-11-21 12:37 - 2015-04-14 16:50 - 000385024 _____ () [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsConfig.dll
2016-11-21 12:37 - 2016-03-02 22:49 - 000819712 _____ (PFU LIMITED) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\PfuPDFLib.dll
2016-11-21 12:37 - 2004-09-14 13:16 - 000352256 _____ (Intel Corporation) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\ijl15.dll
2016-11-21 12:37 - 2015-12-25 12:51 - 000175616 _____ (PFU LIMITED) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\PfuXMPLib.dll
2016-11-21 12:37 - 2011-12-21 14:20 - 000266240 _____ (PFU LIMITED) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsCommon.dll
2016-11-21 12:37 - 2011-12-14 22:49 - 000258048 _____ (PFU LIMITED) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsLaunchapp.dll
2016-11-21 12:37 - 2015-04-14 16:49 - 000233472 _____ () [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsExtention.dll
2016-11-21 12:37 - 2011-01-27 13:36 - 000315392 _____ (PFU LIMITED) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsSvc.dll
2016-11-21 12:37 - 2003-03-26 19:46 - 000135168 _____ () [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll
2016-11-21 12:37 - 2008-11-27 20:23 - 000053248 _____ (PFU LIMITED) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsOrgFolder.dll
2016-11-21 12:37 - 2008-02-28 20:36 - 001069056 _____ (PFU Limited) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\SsIjl.dll
2016-11-21 12:37 - 2016-01-23 14:21 - 001626112 _____ (PFU LIMITED) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsQMLiteSetting.dll
2016-11-21 12:37 - 2014-09-10 11:10 - 000262144 _____ (PFU LIMITED) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsXMLLite.dll
2016-11-21 12:37 - 2002-06-19 20:11 - 000516179 _____ (PFU) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\pgd_file.dll
2016-11-21 12:37 - 2010-08-24 17:56 - 000167936 _____ () [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll
2016-11-21 12:37 - 2006-11-01 20:50 - 000054544 _____ (PFU LIMITED) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\PtsaaEIf.dll
2016-11-21 12:37 - 2005-11-24 13:28 - 000188416 _____ (PFU LIMITED) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\SignLib.dll
2016-11-21 12:37 - 2008-07-03 19:02 - 000057344 _____ (PFU) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\P2IROTAT.dll
2016-11-21 12:37 - 2012-07-04 13:45 - 000094208 _____ (PFU) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\P2IMOCR.dll
2016-11-21 12:37 - 2012-06-26 11:38 - 000159744 _____ (PFU) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\P2ICMUKIS.dll
2016-11-21 12:37 - 2008-07-04 10:28 - 000118784 _____ (PFU) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\P2Igr2mo.dll
2016-11-21 12:37 - 2008-02-04 12:15 - 000065536 _____ (PFU) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\P2Iscale.dll
2016-11-21 12:37 - 2008-01-18 15:20 - 000106496 _____ (PFU) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\P2IJDGWP.dll
2016-11-21 12:37 - 2012-07-04 14:26 - 000249856 _____ (PFU LIMITED) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\pfumkocr.dll
2016-11-21 12:37 - 2015-02-10 10:12 - 000458752 _____ (PFU) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsCtl.dll
2016-11-21 12:37 - 2002-02-25 19:00 - 000069632 _____ (PFU LIMITED) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\IMGPROC2.dll
2016-11-21 12:37 - 2010-07-23 10:54 - 000823296 _____ (PFU Limited) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\P2ICRPPR.dll
2016-11-21 12:37 - 2008-10-29 14:59 - 000053248 _____ (PFU) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsSRGB.dll
2016-11-21 12:37 - 2005-02-17 12:55 - 000069632 _____ (PFU LIMITED) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\distortion.dll
2019-04-03 09:32 - 2004-12-02 10:36 - 000122880 _____ (FUJITSU) [File not signed] C:\WINDOWS\SSDriver\fi5110\Fjtw6200.fds
2016-11-21 12:37 - 2011-12-27 16:17 - 001294336 _____ (FUJITSU) [File not signed] C:\WINDOWS\SSDriver\fi5110\fjtw32.dll
2016-11-21 12:37 - 2003-04-21 15:19 - 000020480 _____ () [File not signed] C:\WINDOWS\SSDriver\fi5110\fjipl.dll
2016-11-21 12:37 - 2003-04-21 15:19 - 000851968 _____ () [File not signed] C:\WINDOWS\SSDriver\fi5110\fjiplA6.DLL
2016-11-21 12:37 - 2011-12-27 16:17 - 000352256 _____ (FUJITSU) [File not signed] C:\WINDOWS\SSDriver\fi5110\MERCURY.DLL
2016-11-21 12:37 - 2010-04-20 11:33 - 000069632 _____ (PFU) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\P2IATRES.DLL
2016-11-21 12:37 - 2009-06-17 11:41 - 000126976 _____ (PFU) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\P2IDEPTH.DLL
2016-11-21 12:37 - 2009-03-30 22:31 - 000765952 _____ (PFU Limited) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\P2IBSKEW.dll
2016-11-21 12:37 - 2008-01-24 17:26 - 000077824 _____ (PFU) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\ErrorDifusion.dll
2016-11-21 12:37 - 2010-07-02 11:20 - 000880640 _____ (PFU Limited) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\Option\SSCarrierSheetOption\P2IUnite.dll
2016-11-21 12:37 - 2008-07-03 18:58 - 000118784 _____ (PFU Limited) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\P2IERSDW.dll
2016-11-21 12:37 - 2008-10-29 15:00 - 000061440 _____ (PFU LIMITED) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\MonoComp.DLL
2016-11-21 12:37 - 2015-06-18 23:40 - 010477568 _____ (Foxit Software Inc.) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\fsdk_win32.dll
2016-11-21 12:37 - 2015-04-17 11:53 - 000629760 _____ (PFU LIMITED) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\PfuIPLib.dll
2016-11-21 12:37 - 2015-01-11 14:13 - 000352256 _____ (PFU LIMITED) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\Driver\PFUOCR.DLL
2016-11-03 17:30 - 2016-11-03 17:30 - 000449024 _____ (Red Hat Software) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\pangocairo-1.0.dll
2016-11-03 17:30 - 2016-11-03 17:30 - 000248832 _____ (Red Hat Software) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\pango-1.0.dll
2016-11-03 17:30 - 2016-11-03 17:30 - 000232960 _____ (The GLib developer community) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\gobject-2.0.dll
2016-11-03 17:30 - 2016-11-03 17:30 - 001152512 _____ () [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\cairo.dll
2016-11-03 17:30 - 2016-11-03 17:30 - 000055808 _____ (Red Hat Software) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\pangowin32-1.0.dll
2016-11-03 17:30 - 2016-11-03 17:30 - 000468992 _____ (Red Hat Software) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\pangoft2-1.0.dll
2016-11-03 17:30 - 2016-11-03 17:30 - 000588288 _____ () [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\pixman-1.dll
2016-11-03 17:30 - 2016-11-03 17:30 - 000165888 _____ () [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\libpng16.dll
2016-11-03 17:30 - 2016-11-03 17:30 - 000071680 _____ () [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\zlib1.dll
2016-11-03 17:30 - 2016-11-03 17:30 - 000778240 _____ () [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\harfbuzz.dll
2016-11-03 17:28 - 2016-11-03 17:28 - 008968192 _____ () [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\opencv_core300.dll
2016-11-03 17:30 - 2016-11-03 17:30 - 001093632 _____ (The GLib developer community) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\glib-2.0.dll
2016-11-03 17:30 - 2016-11-03 17:30 - 000601088 _____ () [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\fontconfig.dll
2016-11-03 17:22 - 2016-11-03 17:22 - 000122000 _____ (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\Lttwn15u.dll
2016-11-03 17:22 - 2016-11-03 17:22 - 000212112 _____ (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\Ltimgclr15u.dll
2016-11-03 17:28 - 2016-11-03 17:28 - 020629504 _____ () [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\opencv_imgproc300.dll
2016-11-03 17:30 - 2016-11-03 17:30 - 000015872 _____ (The GLib developer community) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\gmodule-2.0.dll
2016-11-03 17:30 - 2016-11-03 17:30 - 000058880 _____ (Free Software Foundation) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\libintl.dll
2016-11-03 17:30 - 2016-11-03 17:30 - 001015296 _____ () [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\libxml2.dll
2016-11-03 17:30 - 2016-11-03 17:30 - 000023552 _____ () [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\iconv.dll
2016-11-03 17:22 - 2016-11-03 17:22 - 000134288 _____ (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\Ltimgutl15u.dll
2016-11-03 17:22 - 2016-11-03 17:22 - 000066192 _____ (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\LFJbg15U.DLL
2016-11-03 17:22 - 2016-11-03 17:22 - 000126096 _____ (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\LFPng15U.DLL
2016-11-21 12:37 - 2012-01-16 19:19 - 000081920 _____ (PFU LIMITED) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\SSFolder\S2OCmnU.dll
2018-10-03 08:47 - 2018-10-03 08:47 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2016-11-21 12:37 - 2012-01-16 19:19 - 000010752 _____ (PFU LIMITED) [File not signed] E:\Program Files (x86)\PFU\ScanSnap\SSFolder\STOLogOut.dll
2018-10-03 08:47 - 2018-10-03 08:47 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
2015-08-26 22:02 - 2015-08-26 22:02 - 008802304 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Public\FLIRCloudClient\FLIRCloudClient\QtGui4.dll
2015-08-26 22:02 - 2015-08-26 22:02 - 002686976 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Public\FLIRCloudClient\FLIRCloudClient\QtCore4.dll
2015-08-26 22:02 - 2015-08-26 22:02 - 000593920 _____ (Dahuatech Software Line) [File not signed] C:\Users\Public\FLIRCloudClient\FLIRCloudClient\libdsl.dll
2015-08-26 22:02 - 2015-08-26 22:02 - 000937984 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Public\FLIRCloudClient\FLIRCloudClient\QtNetwork4.dll
2014-09-28 05:59 - 2014-09-28 05:59 - 005399552 _____ () [File not signed] C:\Users\Public\FLIRCloudClient\FLIRCloudClient\P2PClient.dll
2015-08-26 22:02 - 2015-08-26 22:02 - 000946176 _____ (dslalien) [File not signed] C:\Users\Public\FLIRCloudClient\FLIRCloudClient\dslalien.dll
2017-08-13 03:58 - 2017-08-13 03:58 - 009052298 _____ () [File not signed] C:\Users\Public\FLIRCloudClient\FLIRCloudClient\flirnetsdk.dll
2017-08-13 03:59 - 2017-08-13 03:59 - 002318477 _____ ( ) [File not signed] C:\Users\Public\FLIRCloudClient\FLIRCloudClient\flirconfigsdk.dll
2015-12-02 23:28 - 2015-12-02 23:28 - 000389120 _____ () [File not signed] C:\Users\Public\FLIRCloudClient\FLIRCloudClient\VAXPlayer.dll
2015-08-26 22:02 - 2015-08-26 22:02 - 000229448 _____ (dahua) [File not signed] C:\Users\Public\FLIRCloudClient\FLIRCloudClient\IvsDrawer.dll
2015-08-26 22:02 - 2015-08-26 22:02 - 013979648 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Public\FLIRCloudClient\FLIRCloudClient\QtWebKit4.dll
2015-08-26 22:02 - 2015-08-26 22:02 - 000184374 _____ () [File not signed] C:\Users\Public\FLIRCloudClient\FLIRCloudClient\StreamAnalyzer.dll
2015-08-26 22:02 - 2015-08-26 22:02 - 000031744 _____ () [File not signed] C:\Users\Public\FLIRCloudClient\FLIRCloudClient\OnvifDll.dll
2017-08-23 03:31 - 2017-08-23 03:31 - 000929792 _____ () [File not signed] C:\Users\Public\FLIRCloudClient\FLIRCloudClient\DSGui.dll
2015-08-26 22:02 - 2015-08-26 22:02 - 000381023 _____ () [File not signed] C:\Users\Public\FLIRCloudClient\FLIRCloudClient\StreamConvertor.dll
2015-08-26 22:02 - 2015-08-26 22:02 - 000368640 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Public\FLIRCloudClient\FLIRCloudClient\QtXml4.dll
2015-08-26 22:02 - 2015-08-26 22:02 - 003903488 _____ () [File not signed] C:\Users\Public\FLIRCloudClient\FLIRCloudClient\ThirdDeviceInter.dll
2015-08-26 22:02 - 2015-08-26 22:02 - 000503808 _____ () [File not signed] C:\Users\Public\FLIRCloudClient\FLIRCloudClient\Inframd.dll
2015-08-26 22:02 - 2015-08-26 22:02 - 000266240 _____ () [File not signed] C:\Users\Public\FLIRCloudClient\FLIRCloudClient\NetFramework.dll
2015-08-26 22:02 - 2015-08-26 22:02 - 000114688 _____ () [File not signed] C:\Users\Public\FLIRCloudClient\FLIRCloudClient\json.dll
2015-08-26 22:02 - 2015-08-26 22:02 - 000729088 _____ () [File not signed] C:\Users\Public\FLIRCloudClient\FLIRCloudClient\StreamSvr.dll
2015-08-26 22:02 - 2015-08-26 22:02 - 000192512 _____ () [File not signed] C:\Users\Public\FLIRCloudClient\FLIRCloudClient\Streammd.dll
2015-08-26 22:02 - 2015-08-26 22:02 - 000110592 _____ () [File not signed] C:\Users\Public\FLIRCloudClient\FLIRCloudClient\http.dll
2015-08-26 22:02 - 2015-08-26 22:02 - 000077824 _____ () [File not signed] C:\Users\Public\FLIRCloudClient\FLIRCloudClient\StreamParser.dll
2015-08-26 22:02 - 2015-08-26 22:02 - 000491520 _____ () [File not signed] C:\Users\Public\FLIRCloudClient\FLIRCloudClient\sipstack.dll
2015-08-26 22:02 - 2015-08-26 22:02 - 001048576 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\Public\FLIRCloudClient\FLIRCloudClient\LIBEAY32.dll
2015-08-26 22:02 - 2015-08-26 22:02 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Users\Public\FLIRCloudClient\FLIRCloudClient\MSVCR71.dll
2016-07-12 08:03 - 2016-07-12 08:03 - 000483840 _____ () [File not signed] C:\Users\Public\FLIRCloudClient\FLIRCloudClient\dhlog.dll
2016-07-12 08:03 - 2016-07-12 08:03 - 000806987 _____ () [File not signed] c:\users\public\flircloudclient\flircloudclient\dhplay.dll
2015-08-26 22:02 - 2015-08-26 22:02 - 000026624 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Public\FLIRCloudClient\FLIRCloudClient\imageformats\qgif4.dll
2015-08-26 22:02 - 2015-08-26 22:02 - 000028672 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Public\FLIRCloudClient\FLIRCloudClient\imageformats\qico4.dll
2015-08-26 22:02 - 2015-08-26 22:02 - 000212992 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Public\FLIRCloudClient\FLIRCloudClient\imageformats\qjpeg4.dll
2015-12-01 03:21 - 2015-12-01 03:21 - 000073728 _____ () [File not signed] C:\Users\Public\FLIRCloudClient\FLIRCloudClient\flirAdaptor.dll
2015-12-01 03:21 - 2015-12-01 03:21 - 003108864 _____ () [File not signed] C:\Users\Public\FLIRCloudClient\FLIRCloudClient\flirplay.dll
2016-07-12 08:03 - 2016-07-12 08:03 - 000566784 _____ () [File not signed] C:\Users\Public\FLIRCloudClient\FLIRCloudClient\h264dec.dll
2016-11-16 18:23 - 2016-11-16 18:23 - 000000000 ____LMicrosoft Corporation C:\Program Files (x86)\Microsoft Office\root\Office16\AppvIsvSubsystems32.dll
2016-11-16 18:23 - 2016-11-16 18:23 - 000000000 ____LMicrosoft Corporation C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll
2016-11-03 17:29 - 2016-11-03 17:29 - 000306688 _____ (hxxp://hunspell.sourceforge.net/) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\libhunspell.dll
2016-11-03 17:22 - 2016-11-03 17:22 - 000208016 _____ (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\Ltimgefx15u.dll
2019-04-03 17:03 - 2019-03-13 09:22 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2019-04-03 17:03 - 2019-03-13 09:22 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2019-04-03 17:03 - 2019-03-13 09:22 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-04-03 17:03 - 2019-03-13 09:22 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2019-04-03 17:03 - 2019-03-13 09:22 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2019-04-03 17:03 - 2019-03-13 09:22 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2019-04-03 17:03 - 2019-03-13 09:22 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-04-03 17:03 - 2019-03-13 09:22 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-04-03 17:03 - 2019-03-13 09:22 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-04-03 17:03 - 2019-03-13 09:22 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-04-03 17:03 - 2019-03-13 09:22 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2019-04-03 17:03 - 2019-03-13 09:22 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-04-03 17:03 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-04-03 17:03 - 2019-03-13 09:22 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-04-03 17:03 - 2019-03-13 09:22 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-04-03 17:03 - 2019-03-13 09:22 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-04-03 17:03 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-04-03 17:03 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-04-03 17:03 - 2019-03-13 09:22 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2019-04-03 17:03 - 2019-03-13 09:22 - 000035328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\iaStorB.sys:com.dropbox.attributes [168]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iaStorS.sys:com.dropbox.attributes [168]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rccfg.sys:com.dropbox.attributes [168]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rcraid.sys:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 03:24 - 2019-01-04 06:02 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\PuTTY\;C:\Program Files (x86)\Microsoft SQL Server\Client SDK\ODBC\110\Tools\Binn\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1183369387-3531538442-3511386656-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Joseph LoPresti\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-2321501746-3221011889-664855769-1107\Control Panel\Desktop\\Wallpaper -> C:\Users\jlopresti\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.250 - 4.2.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{6D26749C-6283-4F0B-AA36-95638E97DC80}C:\program files (x86)\magicinfo express\magicinfohybridauthor.exe] => (Allow) C:\program files (x86)\magicinfo express\magicinfohybridauthor.exe (TODO: <Company name>) [File not signed]
FirewallRules: [TCP Query User{73F7E046-AA17-48F1-81B8-36E457A62F0D}C:\program files (x86)\magicinfo express\magicinfohybridauthor.exe] => (Allow) C:\program files (x86)\magicinfo express\magicinfohybridauthor.exe (TODO: <Company name>) [File not signed]
FirewallRules: [UDP Query User{19036383-7CC1-49EC-A52C-AF9B19135002}C:\program files (x86)\smartwizard discovery\smartwizard discovery.exe] => (Allow) C:\program files (x86)\smartwizard discovery\smartwizard discovery.exe () [File not signed]
FirewallRules: [TCP Query User{03E706A5-C5E6-46FC-8F48-9A4EF4BC5D52}C:\program files (x86)\smartwizard discovery\smartwizard discovery.exe] => (Allow) C:\program files (x86)\smartwizard discovery\smartwizard discovery.exe () [File not signed]
FirewallRules: [UDP Query User{1C2DE9D6-0FAB-4BCB-B62A-D32F944F65B4}C:\program files (x86)\smartcontrolcenter\sccd.exe] => (Allow) C:\program files (x86)\smartcontrolcenter\sccd.exe () [File not signed]
FirewallRules: [TCP Query User{C2420B7F-C872-41B6-8317-4B2F669F9441}C:\program files (x86)\smartcontrolcenter\sccd.exe] => (Allow) C:\program files (x86)\smartcontrolcenter\sccd.exe () [File not signed]
FirewallRules: [{46BCD942-A70C-4A09-953B-C56F05DD883C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{3B81762A-A38D-494B-94CE-FEC2B07A631E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{EB98497D-2BBE-46D9-80BF-0A6056948015}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{77F2828D-16DB-4BE8-85E7-AC3A26069EC1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{F18CABA1-19DC-48F4-9FF5-599BCBCD3185}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{BD9666EA-D5A7-4B79-BCF8-A3B05E3CE4C2}C:\program files (x86)\ismartviewpro\ismartviewpro.exe] => (Allow) C:\program files (x86)\ismartviewpro\ismartviewpro.exe No File
FirewallRules: [TCP Query User{149055D5-F7A9-4E6B-AEB7-E280752C7AC7}C:\program files (x86)\ismartviewpro\ismartviewpro.exe] => (Allow) C:\program files (x86)\ismartviewpro\ismartviewpro.exe No File
FirewallRules: [UDP Query User{2B263A8D-2CE6-4F5D-9BD4-A43AC67E42E4}C:\users\jlopresti\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\jlopresti\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe No File
FirewallRules: [TCP Query User{EA7BD5BC-D23B-48DF-BB8F-58C45575BBEF}C:\users\jlopresti\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\jlopresti\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe No File
FirewallRules: [{1E2850F6-E588-4813-B474-83D4B786F0EB}] => (Allow) E:\Program Files\GoPro\GoPro Desktop App\GoProLauncher.exe (GoPro, Inc. -> )
FirewallRules: [{87A5D696-ED1A-4994-88B1-E89325CBAD75}] => (Allow) E:\Program Files\GoPro\GoPro Desktop App\GoProIDService.exe (GoPro, Inc. -> )
FirewallRules: [{A86308A6-2D9A-4EAB-9A32-00167630ABB4}] => (Allow) E:\Program Files\GoPro\GoPro Desktop App\GoProMsgBus.exe (GoPro, Inc. -> )
FirewallRules: [{0C6FD0AA-7EBA-4105-8BA8-5336FE2FF442}] => (Allow) E:\Program Files\GoPro\GoPro Desktop App\GoPro Quik.exe (GoPro, Inc. -> )
FirewallRules: [{6EE2B20B-F15C-4A8B-BD9D-6CBA39A565E5}] => (Allow) E:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe (Digital Wave Ltd -> DVDVideoSoft Ltd.)
FirewallRules: [{DE75708A-02BC-4C67-B56F-C4A4D26238F0}] => (Allow) E:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe (Digital Wave Ltd -> DVDVideoSoft Ltd.)
FirewallRules: [UDP Query User{42B8EC71-EAE4-4517-A4EC-EB578838E351}C:\program files (x86)\tpx\ucx\communicator.exe] => (Allow) C:\program files (x86)\tpx\ucx\communicator.exe (Cisco Systems, Inc. -> )
FirewallRules: [TCP Query User{175F5F41-20CE-4566-9A91-B5697B58BD71}C:\program files (x86)\tpx\ucx\communicator.exe] => (Allow) C:\program files (x86)\tpx\ucx\communicator.exe (Cisco Systems, Inc. -> )
FirewallRules: [UDP Query User{B486D562-AAD8-4DC2-8B2B-D7616932D15C}C:\program files (x86)\tpx\ucx\communicator.exe] => (Allow) C:\program files (x86)\tpx\ucx\communicator.exe (Cisco Systems, Inc. -> )
FirewallRules: [TCP Query User{1DCB4AC0-29FB-41F8-8089-790D3155C7DF}C:\program files (x86)\tpx\ucx\communicator.exe] => (Allow) C:\program files (x86)\tpx\ucx\communicator.exe (Cisco Systems, Inc. -> )
FirewallRules: [UDP Query User{A4CB8C96-24C3-44FD-90FF-CE392C140CDC}C:\users\public\flircloudclient\flircloudclient\flircloudclient.exe] => (Allow) C:\users\public\flircloudclient\flircloudclient\flircloudclient.exe () [File not signed]
FirewallRules: [TCP Query User{A5F27189-D906-4A72-87FB-AA07A6095C76}C:\users\public\flircloudclient\flircloudclient\flircloudclient.exe] => (Allow) C:\users\public\flircloudclient\flircloudclient\flircloudclient.exe () [File not signed]
FirewallRules: [UDP Query User{C1D6C389-BAEC-4350-8B5D-5E000FF8ED5E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{1A3C9EFE-16FF-4C22-BCE0-0ED92424CB5D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{58D1669C-4A2F-4D93-B920-975D4A36A644}C:\program files (x86)\dsci\ucx\communicator.exe] => (Allow) C:\program files (x86)\dsci\ucx\communicator.exe No File
FirewallRules: [TCP Query User{7542DF5E-2075-463D-8FBA-34044E013996}C:\program files (x86)\dsci\ucx\communicator.exe] => (Allow) C:\program files (x86)\dsci\ucx\communicator.exe No File
FirewallRules: [{54B6275B-6FE1-4405-86EC-6A165B0B6C62}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5C7716D5-02BC-483B-8AEA-EADFAE300613}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A6D00C37-9B68-4EA1-A907-4776B3FC8D6B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EF6AFF36-185A-4482-AAE1-0FCE2533B9A4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0FF752AE-7A45-401B-954B-12B27FBBE932}] => (Allow) C:\Users\jlopresti\Downloads\AeroAdmin.exe (Sole Proprietorship Smolikov Eugene Gennadyevich -> AeroAdmin Inc.)
FirewallRules: [{CA9D3B26-AADE-49D4-A29C-B0D9AEE9D0AB}] => (Allow) C:\Users\jlopresti\Downloads\AeroAdmin.exe (Sole Proprietorship Smolikov Eugene Gennadyevich -> AeroAdmin Inc.)
FirewallRules: [{FECC5613-FFE4-4F53-9875-DDC46A7192B8}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe (Digital Wave Ltd -> DVDVideoSoft Ltd.)
FirewallRules: [{30FC76A1-68D1-412D-9B7E-14E2790CF16F}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe (Digital Wave Ltd -> DVDVideoSoft Ltd.)
FirewallRules: [{4B6599A1-CC40-463F-A8B8-1D8B239B540A}] => (Allow) E:\Program Files (x86)\Drobo\Drobo Dashboard\Drobo Dashboard.exe (Drobo, Inc. -> Drobo, Inc.)
FirewallRules: [{4B72BE24-9A44-4809-AAB6-05D0CA162053}] => (Allow) E:\Program Files (x86)\Drobo\Drobo Dashboard\Drobo Dashboard.exe (Drobo, Inc. -> Drobo, Inc.)
FirewallRules: [{B3A67664-2963-4B3D-BC91-A4F665BB1C08}] => (Allow) E:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe (Drobo, Inc. -> Drobo, Inc.)
FirewallRules: [{59F675CB-4897-4C96-9C2F-547093571D7C}] => (Allow) E:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe (Drobo, Inc. -> Drobo, Inc.)
FirewallRules: [UDP Query User{38F69E7B-E44A-4263-B919-CDCF121AF58C}E:\program files (x86)\magicinfo express 2\magicinfo-express-2.exe] => (Allow) E:\program files (x86)\magicinfo express 2\magicinfo-express-2.exe No File
FirewallRules: [TCP Query User{6D0EEF63-BA59-40FD-A904-9F8857446274}E:\program files (x86)\magicinfo express 2\magicinfo-express-2.exe] => (Allow) E:\program files (x86)\magicinfo express 2\magicinfo-express-2.exe No File
FirewallRules: [UDP Query User{7D85C62B-535E-4921-ACFF-B357A7505F3E}C:\program files (x86)\magicinfo express\magicinfohybridauthor.exe] => (Allow) C:\program files (x86)\magicinfo express\magicinfohybridauthor.exe (TODO: <Company name>) [File not signed]
FirewallRules: [TCP Query User{7D1C7B2F-3CB5-44A1-BA91-C391D6E1E908}C:\program files (x86)\magicinfo express\magicinfohybridauthor.exe] => (Allow) C:\program files (x86)\magicinfo express\magicinfohybridauthor.exe (TODO: <Company name>) [File not signed]
FirewallRules: [UDP Query User{5FB68286-4BC3-457A-AFE7-FB792C7A4091}E:\program files (x86)\flircloudclient\flircloudclient\flircloudclient.exe] => (Allow) E:\program files (x86)\flircloudclient\flircloudclient\flircloudclient.exe No File
FirewallRules: [TCP Query User{BC40E0CB-0333-46ED-BACF-EAF98F240340}E:\program files (x86)\flircloudclient\flircloudclient\flircloudclient.exe] => (Allow) E:\program files (x86)\flircloudclient\flircloudclient\flircloudclient.exe No File
FirewallRules: [{639D6570-E12C-43B6-A76A-BAC0E74B2666}] => (Allow) LPort=8298
FirewallRules: [{50FA2E2A-7659-4209-AB55-04ADC58489B5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corpo

JoeFixes
(But only if its Broke)

#4 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,200 posts

Posted 04 April 2019 - 12:35 PM

Hi,
 
The log is not complete, it's cut off.

Could you please ensure to copy the missing lines until the end of the log, starting right from this line:
 
==================== FirewallRules (Whitelisted) ===============
 
 
Thank you.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#5 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 04 April 2019 - 01:13 PM

Hmmm that is strange.....

 

Let's try again:

 

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{6D26749C-6283-4F0B-AA36-95638E97DC80}C:\program files (x86)\magicinfo express\magicinfohybridauthor.exe] => (Allow) C:\program files (x86)\magicinfo express\magicinfohybridauthor.exe (TODO: <Company name>) [File not signed]
FirewallRules: [TCP Query User{73F7E046-AA17-48F1-81B8-36E457A62F0D}C:\program files (x86)\magicinfo express\magicinfohybridauthor.exe] => (Allow) C:\program files (x86)\magicinfo express\magicinfohybridauthor.exe (TODO: <Company name>) [File not signed]
FirewallRules: [UDP Query User{19036383-7CC1-49EC-A52C-AF9B19135002}C:\program files (x86)\smartwizard discovery\smartwizard discovery.exe] => (Allow) C:\program files (x86)\smartwizard discovery\smartwizard discovery.exe () [File not signed]
FirewallRules: [TCP Query User{03E706A5-C5E6-46FC-8F48-9A4EF4BC5D52}C:\program files (x86)\smartwizard discovery\smartwizard discovery.exe] => (Allow) C:\program files (x86)\smartwizard discovery\smartwizard discovery.exe () [File not signed]
FirewallRules: [UDP Query User{1C2DE9D6-0FAB-4BCB-B62A-D32F944F65B4}C:\program files (x86)\smartcontrolcenter\sccd.exe] => (Allow) C:\program files (x86)\smartcontrolcenter\sccd.exe () [File not signed]
FirewallRules: [TCP Query User{C2420B7F-C872-41B6-8317-4B2F669F9441}C:\program files (x86)\smartcontrolcenter\sccd.exe] => (Allow) C:\program files (x86)\smartcontrolcenter\sccd.exe () [File not signed]
FirewallRules: [{46BCD942-A70C-4A09-953B-C56F05DD883C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{3B81762A-A38D-494B-94CE-FEC2B07A631E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{EB98497D-2BBE-46D9-80BF-0A6056948015}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{77F2828D-16DB-4BE8-85E7-AC3A26069EC1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{F18CABA1-19DC-48F4-9FF5-599BCBCD3185}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{BD9666EA-D5A7-4B79-BCF8-A3B05E3CE4C2}C:\program files (x86)\ismartviewpro\ismartviewpro.exe] => (Allow) C:\program files (x86)\ismartviewpro\ismartviewpro.exe No File
FirewallRules: [TCP Query User{149055D5-F7A9-4E6B-AEB7-E280752C7AC7}C:\program files (x86)\ismartviewpro\ismartviewpro.exe] => (Allow) C:\program files (x86)\ismartviewpro\ismartviewpro.exe No File
FirewallRules: [UDP Query User{2B263A8D-2CE6-4F5D-9BD4-A43AC67E42E4}C:\users\jlopresti\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\jlopresti\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe No File
FirewallRules: [TCP Query User{EA7BD5BC-D23B-48DF-BB8F-58C45575BBEF}C:\users\jlopresti\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\jlopresti\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe No File
FirewallRules: [{1E2850F6-E588-4813-B474-83D4B786F0EB}] => (Allow) E:\Program Files\GoPro\GoPro Desktop App\GoProLauncher.exe (GoPro, Inc. -> )
FirewallRules: [{87A5D696-ED1A-4994-88B1-E89325CBAD75}] => (Allow) E:\Program Files\GoPro\GoPro Desktop App\GoProIDService.exe (GoPro, Inc. -> )
FirewallRules: [{A86308A6-2D9A-4EAB-9A32-00167630ABB4}] => (Allow) E:\Program Files\GoPro\GoPro Desktop App\GoProMsgBus.exe (GoPro, Inc. -> )
FirewallRules: [{0C6FD0AA-7EBA-4105-8BA8-5336FE2FF442}] => (Allow) E:\Program Files\GoPro\GoPro Desktop App\GoPro Quik.exe (GoPro, Inc. -> )
FirewallRules: [{6EE2B20B-F15C-4A8B-BD9D-6CBA39A565E5}] => (Allow) E:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe (Digital Wave Ltd -> DVDVideoSoft Ltd.)
FirewallRules: [{DE75708A-02BC-4C67-B56F-C4A4D26238F0}] => (Allow) E:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe (Digital Wave Ltd -> DVDVideoSoft Ltd.)
FirewallRules: [UDP Query User{42B8EC71-EAE4-4517-A4EC-EB578838E351}C:\program files (x86)\tpx\ucx\communicator.exe] => (Allow) C:\program files (x86)\tpx\ucx\communicator.exe (Cisco Systems, Inc. -> )
FirewallRules: [TCP Query User{175F5F41-20CE-4566-9A91-B5697B58BD71}C:\program files (x86)\tpx\ucx\communicator.exe] => (Allow) C:\program files (x86)\tpx\ucx\communicator.exe (Cisco Systems, Inc. -> )
FirewallRules: [UDP Query User{B486D562-AAD8-4DC2-8B2B-D7616932D15C}C:\program files (x86)\tpx\ucx\communicator.exe] => (Allow) C:\program files (x86)\tpx\ucx\communicator.exe (Cisco Systems, Inc. -> )
FirewallRules: [TCP Query User{1DCB4AC0-29FB-41F8-8089-790D3155C7DF}C:\program files (x86)\tpx\ucx\communicator.exe] => (Allow) C:\program files (x86)\tpx\ucx\communicator.exe (Cisco Systems, Inc. -> )
FirewallRules: [UDP Query User{A4CB8C96-24C3-44FD-90FF-CE392C140CDC}C:\users\public\flircloudclient\flircloudclient\flircloudclient.exe] => (Allow) C:\users\public\flircloudclient\flircloudclient\flircloudclient.exe () [File not signed]
FirewallRules: [TCP Query User{A5F27189-D906-4A72-87FB-AA07A6095C76}C:\users\public\flircloudclient\flircloudclient\flircloudclient.exe] => (Allow) C:\users\public\flircloudclient\flircloudclient\flircloudclient.exe () [File not signed]
FirewallRules: [UDP Query User{C1D6C389-BAEC-4350-8B5D-5E000FF8ED5E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{1A3C9EFE-16FF-4C22-BCE0-0ED92424CB5D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{58D1669C-4A2F-4D93-B920-975D4A36A644}C:\program files (x86)\dsci\ucx\communicator.exe] => (Allow) C:\program files (x86)\dsci\ucx\communicator.exe No File
FirewallRules: [TCP Query User{7542DF5E-2075-463D-8FBA-34044E013996}C:\program files (x86)\dsci\ucx\communicator.exe] => (Allow) C:\program files (x86)\dsci\ucx\communicator.exe No File
FirewallRules: [{54B6275B-6FE1-4405-86EC-6A165B0B6C62}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5C7716D5-02BC-483B-8AEA-EADFAE300613}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A6D00C37-9B68-4EA1-A907-4776B3FC8D6B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EF6AFF36-185A-4482-AAE1-0FCE2533B9A4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0FF752AE-7A45-401B-954B-12B27FBBE932}] => (Allow) C:\Users\jlopresti\Downloads\AeroAdmin.exe (Sole Proprietorship Smolikov Eugene Gennadyevich -> AeroAdmin Inc.)
FirewallRules: [{CA9D3B26-AADE-49D4-A29C-B0D9AEE9D0AB}] => (Allow) C:\Users\jlopresti\Downloads\AeroAdmin.exe (Sole Proprietorship Smolikov Eugene Gennadyevich -> AeroAdmin Inc.)
FirewallRules: [{FECC5613-FFE4-4F53-9875-DDC46A7192B8}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe (Digital Wave Ltd -> DVDVideoSoft Ltd.)
FirewallRules: [{30FC76A1-68D1-412D-9B7E-14E2790CF16F}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe (Digital Wave Ltd -> DVDVideoSoft Ltd.)
FirewallRules: [{4B6599A1-CC40-463F-A8B8-1D8B239B540A}] => (Allow) E:\Program Files (x86)\Drobo\Drobo Dashboard\Drobo Dashboard.exe (Drobo, Inc. -> Drobo, Inc.)
FirewallRules: [{4B72BE24-9A44-4809-AAB6-05D0CA162053}] => (Allow) E:\Program Files (x86)\Drobo\Drobo Dashboard\Drobo Dashboard.exe (Drobo, Inc. -> Drobo, Inc.)
FirewallRules: [{B3A67664-2963-4B3D-BC91-A4F665BB1C08}] => (Allow) E:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe (Drobo, Inc. -> Drobo, Inc.)
FirewallRules: [{59F675CB-4897-4C96-9C2F-547093571D7C}] => (Allow) E:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe (Drobo, Inc. -> Drobo, Inc.)
FirewallRules: [UDP Query User{38F69E7B-E44A-4263-B919-CDCF121AF58C}E:\program files (x86)\magicinfo express 2\magicinfo-express-2.exe] => (Allow) E:\program files (x86)\magicinfo express 2\magicinfo-express-2.exe No File
FirewallRules: [TCP Query User{6D0EEF63-BA59-40FD-A904-9F8857446274}E:\program files (x86)\magicinfo express 2\magicinfo-express-2.exe] => (Allow) E:\program files (x86)\magicinfo express 2\magicinfo-express-2.exe No File
FirewallRules: [UDP Query User{7D85C62B-535E-4921-ACFF-B357A7505F3E}C:\program files (x86)\magicinfo express\magicinfohybridauthor.exe] => (Allow) C:\program files (x86)\magicinfo express\magicinfohybridauthor.exe (TODO: <Company name>) [File not signed]
FirewallRules: [TCP Query User{7D1C7B2F-3CB5-44A1-BA91-C391D6E1E908}C:\program files (x86)\magicinfo express\magicinfohybridauthor.exe] => (Allow) C:\program files (x86)\magicinfo express\magicinfohybridauthor.exe (TODO: <Company name>) [File not signed]
FirewallRules: [UDP Query User{5FB68286-4BC3-457A-AFE7-FB792C7A4091}E:\program files (x86)\flircloudclient\flircloudclient\flircloudclient.exe] => (Allow) E:\program files (x86)\flircloudclient\flircloudclient\flircloudclient.exe No File
FirewallRules: [TCP Query User{BC40E0CB-0333-46ED-BACF-EAF98F240340}E:\program files (x86)\flircloudclient\flircloudclient\flircloudclient.exe] => (Allow) E:\program files (x86)\flircloudclient\flircloudclient\flircloudclient.exe No File
FirewallRules: [{639D6570-E12C-43B6-A76A-BAC0E74B2666}] => (Allow) LPort=8298
FirewallRules: [{50FA2E2A-7659-4209-AB55-04ADC58489B5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{82B1FFC3-5A34-4B99-A735-618177EAD4C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{827E2FC5-AF6B-49EB-B8CC-8A64DE71A84B}C:\program files (x86)\dsci\ucx\communicator.exe] => (Allow) C:\program files (x86)\dsci\ucx\communicator.exe No File
FirewallRules: [UDP Query User{18D16B8D-ACD4-4740-A22F-48EEB51AF803}C:\program files (x86)\dsci\ucx\communicator.exe] => (Allow) C:\program files (x86)\dsci\ucx\communicator.exe No File
FirewallRules: [TCP Query User{86F8D9D0-D3A3-42AD-BB4C-B4577E7088E5}C:\users\jlopresti\downloads\anydesk.exe] => (Allow) C:\users\jlopresti\downloads\anydesk.exe (philandro Software GmbH -> )
FirewallRules: [UDP Query User{0126B260-0A9E-4598-BB1A-759C39BE66A2}C:\users\jlopresti\downloads\anydesk.exe] => (Allow) C:\users\jlopresti\downloads\anydesk.exe (philandro Software GmbH -> )
FirewallRules: [TCP Query User{B6F889F8-4B2E-4A8C-9D46-D0F6A0A3BF2B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{B75EEE93-7BBD-429A-9FAC-A4276C2C83C4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{7388BE05-2525-46EB-925E-EB55726D63E2}C:\program files (x86)\searchpro\searchpro.exe] => (Allow) C:\program files (x86)\searchpro\searchpro.exe No File
FirewallRules: [UDP Query User{9FFAAAA9-02A7-47B5-90F6-CD62E2BABA87}C:\program files (x86)\searchpro\searchpro.exe] => (Allow) C:\program files (x86)\searchpro\searchpro.exe No File
FirewallRules: [TCP Query User{9754FF1E-55CC-4727-9F42-723BCF288C0D}C:\wansview\wansview.exe] => (Allow) C:\wansview\wansview.exe () [File not signed]
FirewallRules: [UDP Query User{0C59CC9A-B068-4970-9FD5-05FE840F8CA8}C:\wansview\wansview.exe] => (Allow) C:\wansview\wansview.exe () [File not signed]
FirewallRules: [{3482CC7F-C38E-4034-83C6-025569364F6D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe No File
FirewallRules: [{E2A36522-14B3-420C-8FD5-591EB785F96A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AE53FF8D-F82D-4334-B037-BE7D2EF14A91}] => (Allow) C:\Users\jlopresti\AppData\Local\Temp\unpacksos\2\SRManagerSOS.exe No File
FirewallRules: [{7478DA87-5A1B-4536-8E4F-13C2D16C42DE}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\73.0.3683.67\remoting_host.exe (Google LLC -> Google Inc.)
FirewallRules: [{B250C9B4-EB62-4AB8-A353-1C2A3BAB0FA0}] => (Allow) E:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4802169F-419F-4C81-BC54-4F164FCF165B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{44CE9755-4838-46F0-AC4C-D0D543F3C5A8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{D604CA09-04EE-4F8F-88D8-6E4AC8647CE7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{20FEDABF-E070-4F02-82D7-AE5C62D40AB0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{99D3FF7A-D88D-4EF0-9910-6C5C95391A76}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{14F59AE7-2F05-4CD1-9628-78537613BD16}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{014E11F7-87B7-40C1-9CE8-A891205F11F4}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

20-03-2019 15:42:38 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/03/2019 09:34:29 AM) (Source: TechSmith Updater) (EventID: 0) (User: )
Description: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

Error: (04/02/2019 09:28:28 AM) (Source: TechSmith Updater) (EventID: 0) (User: )
Description: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

Error: (04/01/2019 09:26:38 AM) (Source: TechSmith Updater) (EventID: 0) (User: )
Description: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

Error: (03/29/2019 09:26:48 AM) (Source: TechSmith Updater) (EventID: 0) (User: )
Description: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

Error: (03/28/2019 09:42:56 AM) (Source: TechSmith Updater) (EventID: 0) (User: )
Description: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

Error: (03/27/2019 06:02:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.17134.165, time stamp: 0x4031a9f8
Faulting module name: SHELL32.dll, version: 10.0.17134.441, time stamp: 0x5cbab8c4
Exception code: 0xc0000005
Fault offset: 0x000000000001ba79
Faulting process id: 0x5c50
Faulting application start time: 0x01d4e49e7ce42f9e
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\WINDOWS\System32\SHELL32.dll
Report Id: 391902cf-1c02-4578-888d-0484b8453938
Faulting package full name:
Faulting package-relative application ID:

Error: (03/27/2019 01:44:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_WpnUserService, version: 10.0.17134.556, time stamp: 0xf23cada5
Faulting module name: NotificationController.dll, version: 10.0.17134.165, time stamp: 0xe0385185
Exception code: 0xc0000005
Fault offset: 0x000000000007a24d
Faulting process id: 0x3448
Faulting application start time: 0x01d4e4ab8761f98a
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\Windows\System32\NotificationController.dll
Report Id: 7e5f7023-0b3b-40b3-a40e-d239cac17446
Faulting package full name:
Faulting package-relative application ID:

Error: (03/27/2019 09:13:32 AM) (Source: TechSmith Updater) (EventID: 0) (User: )
Description: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))


System errors:
=============
Error: (04/03/2019 04:22:04 PM) (Source: DCOM) (EventID: 10016) (User: MULTIBRANDS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user MULTIBRANDS\jlopresti SID (S-1-5-21-2321501746-3221011889-664855769-1107) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/03/2019 04:22:04 PM) (Source: DCOM) (EventID: 10016) (User: MULTIBRANDS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user MULTIBRANDS\jlopresti SID (S-1-5-21-2321501746-3221011889-664855769-1107) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/03/2019 04:22:04 PM) (Source: DCOM) (EventID: 10016) (User: MULTIBRANDS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user MULTIBRANDS\jlopresti SID (S-1-5-21-2321501746-3221011889-664855769-1107) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/03/2019 04:20:55 PM) (Source: DCOM) (EventID: 10016) (User: MULTIBRANDS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user MULTIBRANDS\jlopresti SID (S-1-5-21-2321501746-3221011889-664855769-1107) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/03/2019 04:20:55 PM) (Source: DCOM) (EventID: 10016) (User: MULTIBRANDS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user MULTIBRANDS\jlopresti SID (S-1-5-21-2321501746-3221011889-664855769-1107) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/03/2019 04:20:55 PM) (Source: DCOM) (EventID: 10016) (User: MULTIBRANDS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user MULTIBRANDS\jlopresti SID (S-1-5-21-2321501746-3221011889-664855769-1107) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/03/2019 04:20:55 PM) (Source: DCOM) (EventID: 10016) (User: MULTIBRANDS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user MULTIBRANDS\jlopresti SID (S-1-5-21-2321501746-3221011889-664855769-1107) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/03/2019 04:19:13 PM) (Source: DCOM) (EventID: 10016) (User: MULTIBRANDS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user MULTIBRANDS\jlopresti SID (S-1-5-21-2321501746-3221011889-664855769-1107) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================

Date: 2019-04-03 17:13:35.032
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-04-03 17:13:33.675
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-04-03 17:13:33.671
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-04-03 17:13:33.665
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-04-03 17:13:31.266
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-04-03 17:13:31.259
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-04-03 17:13:31.213
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-04-03 17:13:31.199
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel® Xeon® CPU E3-1270 v5 @ 3.60GHz
Percentage of memory in use: 34%
Total physical RAM: 32688.54 MB
Available physical RAM: 21378 MB
Total Virtual: 37552.54 MB
Available Virtual: 22858.34 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.13 GB) (Free:35 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:1863.02 GB) (Free:1447.16 GB) NTFS

\\?\Volume{91e22a66-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{91e22a66-0000-0000-0000-f0673b000000}\ () (Fixed) (Total:0.85 GB) (Free:0.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: ED73C414)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 91E22A66)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=237.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=869 MB) - (Type=27)

==================== End of Addition.txt ============================


JoeFixes
(But only if its Broke)

#6 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,380 posts

Posted 05 April 2019 - 06:24 AM



Hi,

My name is nasdaq, Android 8888 is away on a business trip and will only return next week.
I will help yiou until he returns.

===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
SearchScopes: HKU\S-1-5-21-1183369387-3531538442-3511386656-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2321501746-3221011889-664855769-1107 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR NewTab: Default ->  Not-active:"chrome-extension://lpdanlflhdimpoddbnfnpgekdhnkgdme/newtab/index.html"

Task: {46C20067-D375-4D50-BD53-5FE9A121558B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iaStorB.sys:com.dropbox.attributes [168]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iaStorS.sys:com.dropbox.attributes [168]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rccfg.sys:com.dropbox.attributes [168]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rcraid.sys:com.dropbox.attributes [168]
FirewallRules: [UDP Query User{BD9666EA-D5A7-4B79-BCF8-A3B05E3CE4C2}C:\program files (x86)\ismartviewpro\ismartviewpro.exe] => (Allow) C:\program files (x86)\ismartviewpro\ismartviewpro.exe No File
FirewallRules: [TCP Query User{149055D5-F7A9-4E6B-AEB7-E280752C7AC7}C:\program files (x86)\ismartviewpro\ismartviewpro.exe] => (Allow) C:\program files (x86)\ismartviewpro\ismartviewpro.exe No File
FirewallRules: [UDP Query User{2B263A8D-2CE6-4F5D-9BD4-A43AC67E42E4}C:\users\jlopresti\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\jlopresti\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe No File
FirewallRules: [TCP Query User{EA7BD5BC-D23B-48DF-BB8F-58C45575BBEF}C:\users\jlopresti\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\jlopresti\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe No File
FirewallRules: [UDP Query User{58D1669C-4A2F-4D93-B920-975D4A36A644}C:\program files (x86)\dsci\ucx\communicator.exe] => (Allow) C:\program files (x86)\dsci\ucx\communicator.exe No File
FirewallRules: [TCP Query User{7542DF5E-2075-463D-8FBA-34044E013996}C:\program files (x86)\dsci\ucx\communicator.exe] => (Allow) C:\program files (x86)\dsci\ucx\communicator.exe No File
FirewallRules: [UDP Query User{38F69E7B-E44A-4263-B919-CDCF121AF58C}E:\program files (x86)\magicinfo express 2\magicinfo-express-2.exe] => (Allow) E:\program files (x86)\magicinfo express 2\magicinfo-express-2.exe No File
FirewallRules: [TCP Query User{6D0EEF63-BA59-40FD-A904-9F8857446274}E:\program files (x86)\magicinfo express 2\magicinfo-express-2.exe] => (Allow) E:\program files (x86)\magicinfo express 2\magicinfo-express-2.exe No File
FirewallRules: [UDP Query User{5FB68286-4BC3-457A-AFE7-FB792C7A4091}E:\program files (x86)\flircloudclient\flircloudclient\flircloudclient.exe] => (Allow) E:\program files (x86)\flircloudclient\flircloudclient\flircloudclient.exe No File
FirewallRules: [TCP Query User{BC40E0CB-0333-46ED-BACF-EAF98F240340}E:\program files (x86)\flircloudclient\flircloudclient\flircloudclient.exe] => (Allow) E:\program files (x86)\flircloudclient\flircloudclient\flircloudclient.exe No File
FirewallRules: [TCP Query User{827E2FC5-AF6B-49EB-B8CC-8A64DE71A84B}C:\program files (x86)\dsci\ucx\communicator.exe] => (Allow) C:\program files (x86)\dsci\ucx\communicator.exe No File
FirewallRules: [UDP Query User{18D16B8D-ACD4-4740-A22F-48EEB51AF803}C:\program files (x86)\dsci\ucx\communicator.exe] => (Allow) C:\program files (x86)\dsci\ucx\communicator.exe No File
FirewallRules: [TCP Query User{7388BE05-2525-46EB-925E-EB55726D63E2}C:\program files (x86)\searchpro\searchpro.exe] => (Allow) C:\program files (x86)\searchpro\searchpro.exe No File
FirewallRules: [UDP Query User{9FFAAAA9-02A7-47B5-90F6-CD62E2BABA87}C:\program files (x86)\searchpro\searchpro.exe] => (Allow) C:\program files (x86)\searchpro\searchpro.exe No File
FirewallRules: [{3482CC7F-C38E-4034-83C6-025569364F6D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe No File
FirewallRules: [{AE53FF8D-F82D-4334-B037-BE7D2EF14A91}] => (Allow) C:\Users\jlopresti\AppData\Local\Temp\unpacksos\2\SRManagerSOS.exe No File

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141
===

If the problem persists in IE and you are using the Sync with other devices, disable the Sync.
https://www.thewindo...ows-8-1-devices

close IE.

Restart the computer and re-sync you devices if you need them.
<<<>>>

Please post the Fixlog.txt and let me know if the problem persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#7 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 05 April 2019 - 08:22 AM

Hi NasDaq,

 

Thank you for stepping in.  I appreciate your guidance.  I ran the FIX and the log is below:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by jlopresti (05-04-2019 09:41:17) Run:1
Running from C:\Users\jlopresti\Desktop
Loaded Profiles: Joseph LoPresti & jlopresti (Available Profiles: Joseph LoPresti & jlopresti)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
SearchScopes: HKU\S-1-5-21-1183369387-3531538442-3511386656-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2321501746-3221011889-664855769-1107 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR NewTab: Default ->  Not-active:"chrome-extension://lpdanlflhdimpoddbnfnpgekdhnkgdme/newtab/index.html"

Task: {46C20067-D375-4D50-BD53-5FE9A121558B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iaStorB.sys:com.dropbox.attributes [168]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iaStorS.sys:com.dropbox.attributes [168]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rccfg.sys:com.dropbox.attributes [168]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rcraid.sys:com.dropbox.attributes [168]
FirewallRules: [UDP Query User{BD9666EA-D5A7-4B79-BCF8-A3B05E3CE4C2}C:\program files (x86)\ismartviewpro\ismartviewpro.exe] => (Allow) C:\program files (x86)\ismartviewpro\ismartviewpro.exe No File
FirewallRules: [TCP Query User{149055D5-F7A9-4E6B-AEB7-E280752C7AC7}C:\program files (x86)\ismartviewpro\ismartviewpro.exe] => (Allow) C:\program files (x86)\ismartviewpro\ismartviewpro.exe No File
FirewallRules: [UDP Query User{2B263A8D-2CE6-4F5D-9BD4-A43AC67E42E4}C:\users\jlopresti\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\jlopresti\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe No File
FirewallRules: [TCP Query User{EA7BD5BC-D23B-48DF-BB8F-58C45575BBEF}C:\users\jlopresti\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\jlopresti\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe No File
FirewallRules: [UDP Query User{58D1669C-4A2F-4D93-B920-975D4A36A644}C:\program files (x86)\dsci\ucx\communicator.exe] => (Allow) C:\program files (x86)\dsci\ucx\communicator.exe No File
FirewallRules: [TCP Query User{7542DF5E-2075-463D-8FBA-34044E013996}C:\program files (x86)\dsci\ucx\communicator.exe] => (Allow) C:\program files (x86)\dsci\ucx\communicator.exe No File
FirewallRules: [UDP Query User{38F69E7B-E44A-4263-B919-CDCF121AF58C}E:\program files (x86)\magicinfo express 2\magicinfo-express-2.exe] => (Allow) E:\program files (x86)\magicinfo express 2\magicinfo-express-2.exe No File
FirewallRules: [TCP Query User{6D0EEF63-BA59-40FD-A904-9F8857446274}E:\program files (x86)\magicinfo express 2\magicinfo-express-2.exe] => (Allow) E:\program files (x86)\magicinfo express 2\magicinfo-express-2.exe No File
FirewallRules: [UDP Query User{5FB68286-4BC3-457A-AFE7-FB792C7A4091}E:\program files (x86)\flircloudclient\flircloudclient\flircloudclient.exe] => (Allow) E:\program files (x86)\flircloudclient\flircloudclient\flircloudclient.exe No File
FirewallRules: [TCP Query User{BC40E0CB-0333-46ED-BACF-EAF98F240340}E:\program files (x86)\flircloudclient\flircloudclient\flircloudclient.exe] => (Allow) E:\program files (x86)\flircloudclient\flircloudclient\flircloudclient.exe No File
FirewallRules: [TCP Query User{827E2FC5-AF6B-49EB-B8CC-8A64DE71A84B}C:\program files (x86)\dsci\ucx\communicator.exe] => (Allow) C:\program files (x86)\dsci\ucx\communicator.exe No File
FirewallRules: [UDP Query User{18D16B8D-ACD4-4740-A22F-48EEB51AF803}C:\program files (x86)\dsci\ucx\communicator.exe] => (Allow) C:\program files (x86)\dsci\ucx\communicator.exe No File
FirewallRules: [TCP Query User{7388BE05-2525-46EB-925E-EB55726D63E2}C:\program files (x86)\searchpro\searchpro.exe] => (Allow) C:\program files (x86)\searchpro\searchpro.exe No File
FirewallRules: [UDP Query User{9FFAAAA9-02A7-47B5-90F6-CD62E2BABA87}C:\program files (x86)\searchpro\searchpro.exe] => (Allow) C:\program files (x86)\searchpro\searchpro.exe No File
FirewallRules: [{3482CC7F-C38E-4034-83C6-025569364F6D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe No File
FirewallRules: [{AE53FF8D-F82D-4334-B037-BE7D2EF14A91}] => (Allow) C:\Users\jlopresti\AppData\Local\Temp\unpacksos\2\SRManagerSOS.exe No File

Reboot:

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKU\S-1-5-21-1183369387-3531538442-3511386656-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKU\S-1-5-21-2321501746-3221011889-664855769-1107\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"Chrome NewTab" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{46C20067-D375-4D50-BD53-5FE9A121558B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46C20067-D375-4D50-BD53-5FE9A121558B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
C:\WINDOWS\system32\Drivers\iaStorB.sys => ":com.dropbox.attributes" ADS removed successfully
C:\WINDOWS\system32\Drivers\iaStorS.sys => ":com.dropbox.attributes" ADS removed successfully
C:\WINDOWS\system32\Drivers\rccfg.sys => ":com.dropbox.attributes" ADS removed successfully
C:\WINDOWS\system32\Drivers\rcraid.sys => ":com.dropbox.attributes" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BD9666EA-D5A7-4B79-BCF8-A3B05E3CE4C2}C:\program files (x86)\ismartviewpro\ismartviewpro.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{149055D5-F7A9-4E6B-AEB7-E280752C7AC7}C:\program files (x86)\ismartviewpro\ismartviewpro.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2B263A8D-2CE6-4F5D-9BD4-A43AC67E42E4}C:\users\jlopresti\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EA7BD5BC-D23B-48DF-BB8F-58C45575BBEF}C:\users\jlopresti\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{58D1669C-4A2F-4D93-B920-975D4A36A644}C:\program files (x86)\dsci\ucx\communicator.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7542DF5E-2075-463D-8FBA-34044E013996}C:\program files (x86)\dsci\ucx\communicator.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{38F69E7B-E44A-4263-B919-CDCF121AF58C}E:\program files (x86)\magicinfo express 2\magicinfo-express-2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6D0EEF63-BA59-40FD-A904-9F8857446274}E:\program files (x86)\magicinfo express 2\magicinfo-express-2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5FB68286-4BC3-457A-AFE7-FB792C7A4091}E:\program files (x86)\flircloudclient\flircloudclient\flircloudclient.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BC40E0CB-0333-46ED-BACF-EAF98F240340}E:\program files (x86)\flircloudclient\flircloudclient\flircloudclient.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{827E2FC5-AF6B-49EB-B8CC-8A64DE71A84B}C:\program files (x86)\dsci\ucx\communicator.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{18D16B8D-ACD4-4740-A22F-48EEB51AF803}C:\program files (x86)\dsci\ucx\communicator.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7388BE05-2525-46EB-925E-EB55726D63E2}C:\program files (x86)\searchpro\searchpro.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9FFAAAA9-02A7-47B5-90F6-CD62E2BABA87}C:\program files (x86)\searchpro\searchpro.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3482CC7F-C38E-4034-83C6-025569364F6D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AE53FF8D-F82D-4334-B037-BE7D2EF14A91}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1177760707 B
Java, Flash, Steam htmlcache => 1893 B
Windows/system/drivers => 179242343 B
Edge => 1881123 B
Chrome => 392046989 B
Firefox => 1172968446 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 50380 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
Joseph LoPresti => 115862 B
jlopresti => 318423642 B

RecycleBin => 12243169115 B
EmptyTemp: => 14.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:44:46 ====

 

 

It has only been about 30 minutes or so, but it seems like things are much better with IE.  When it was afflicted, it would only take a few minutes before it became non-responsive. 

 

If you dont mind, i will use it for the day and report back after having a full day of use.

 

Thank you very much for your help.

 

JoeFixes


JoeFixes
(But only if its Broke)

#8 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 05 April 2019 - 09:54 AM

NasDaq,

 

Okay...it didnt take too long.  Its been about 2 hours now and IE just locked up on me again after cleaning everything up.  Is there anything I can run to help you to help me?

 

JoeFixes


JoeFixes
(But only if its Broke)

#9 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,380 posts

Posted 06 April 2019 - 06:23 AM

Hi,

If the TechSimith application is required the I would look into these errors listed in the Addition.txt log

Error: (04/03/2019 09:34:29 AM) (Source: TechSmith Updater) (EventID: 0) (User: )
Description: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))


May be by reinstalling the application while your Antivirus is disable may solve that problem.
===

Run the Chkdsk program.
How to:
https://www.howtogee...-windows-vista/

Use the /F switch there are others that you can try.
===

Let me know if the problem persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#10 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 08 April 2019 - 08:02 AM

I dont know what techsmith is.....as far as I know...i dont need it.  Can you advise me on how to remove it?


JoeFixes
(But only if its Broke)

#11 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,380 posts

Posted 09 April 2019 - 05:30 AM



Hi,

Use this removal tool.

Please download the free version of Revo Uninstaller Portable from here and save the compressed file to your computer's Desktop.
  • Double-click the compressed file RevoUninstaller_Portable and extract the files within it (it will be created a folder with the same name);
  • Within that folder, right-click the file RevoUPort and select Run as administrator to open the tool;
  • Click Yes to accept the UAC security warning that may appear;
  • Click OK to accept the License Agreement and Copyright;
  • Select 'The Program to Remove' and click Uninstall. Follow the instructions to complete the removal process;
  • In 'Search Mode' set it to 'Advanced' and click on the Scan button. The tool will search for leftovers;
  • Click on Select All and then on Delete and then Yes to delete the selected items;
    Note: You may have to repeat this step to delete all the leftovers (Registry items, files and folders);
  • Click the Finish button and restart the computer to complete the removal process.
Stay safe.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#12 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 11 April 2019 - 08:00 AM

Nasdaq,

 

I finally got a chance to run the REVO Uninstaller.  But the program TECHSMITH does not show up on the list.  Can I ask where you were able to see that this program was installed?

 

joefixes


JoeFixes
(But only if its Broke)

#13 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,380 posts

Posted 12 April 2019 - 05:59 AM

Hi,

It's in you installed program list.

The name may be Snagit.

Snagit 13 (HKLM-x32\...\{2D2045B7-AF91-409C-87F6-99E263CDC13F}) (Version: 13.0.3 - TechSmith Corporation) Hidden
Snagit 13 (HKLM-x32\...\{5acd453a-fa98-417a-b893-31468cbdd0e5}) (Version: 13.0.3.7115 - TechSmith Corporation)

Can you see it in the Add/REmove program list or with Revo Uninstaller?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#14 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 12 April 2019 - 08:54 AM

Ahhhh..okay!  SnagIt is the program...and I do use it regularly.  So i would not be able to uninstall that one.  I will try re-installing it to see if it helps the problem.  We can close this topic out though....if the problem persists I would return....but for now, i have become accustomed to using Chrome or FireFox.

 

JoeFixes


JoeFixes
(But only if its Broke)

#15 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,380 posts

Posted 13 April 2019 - 05:30 AM

Since the issue appears to be resolved this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760
Back to Resolved or inactive Malware Removal


  1. SpywareInfo Forum
  2. Spyware, thiefware, browser hijackers, and other advertising parasites
  3. Malware Removal
  4. Resolved or inactive Malware Removal
  5. Privacy Policy
Member of UNITE
Support SpywareInfo Forum - click the button