Page 1 of 2 12 LastLast
Results 1 to 10 of 13
  1. #1
    Member
    Join Date
    Feb 2007
    Posts
    25
    Points
    1

    Default UAC - User Account Command Issue

    Unable to delete files, Load or Update New Software. Receiving message “Do you want to allow this app to make changes to your computer?” The only option to select is “no.” “Yes” is greyed out. System will not allow me to make changes to user account through control panel or any other program. Unauthorized to make changes. BitLocker is on my system but I’m not authorized to turn it off. Can’t reset to original system.

  2. #2
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi aallen,

    Welcome to Help2Go!

    Please note that I moved your topic to a more appropriate forum.

    Providing the logs produced by the following utility will give me an idea of what is going on with your computer.

    Please download Farbar Recovery Scan Tool to your desktop from one of the links below:

    For x32 (x86) bit systems download Farbar Recovery Scan Tool.
    For x64 bit systems download Farbar Recovery Scan Tool x64.

    • Right click on the FRST.exe and choose Run as administrator.
    • When the tool opens click Yes to disclaimer.
    • Under Optional Scan make sure there is a checkmark in the box for Addition.txt to ensure it creates that 2nd log.
    • Press Scan button.
    • Please attach both logs in your next reply.


    Please post the logs requested (do not attach).

    Thank you!

    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  3. #3
    Member
    Join Date
    Feb 2007
    Posts
    25
    Points
    1

    Default

    Hi DonnaB,


    Thanks so much for responding to my post.
    I was unable to run this scan as administrator. When I attempt to do so, I receive the pop up message "Do you want to allow this app to make changes to changes to your device. The only option to choose is "no." The "yes" is grayed out.

    I was able to run these reports but not as administrator.
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
    Ran by Allen's PC (ATTENTION: The user is not administrator) on AALLEN (14-06-2018 18:51:06)
    Running from C:\Users\Allen's PC\Downloads
    Loaded Profiles: Allen's PC & QBDataServiceUser27 (Available Profiles: Allen's PC & QBDataServiceUser27)
    Platform: Windows 10 Pro Version 1803 17134.48 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Edge)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    Failed to access process -> smss.exe
    Failed to access process -> csrss.exe
    Failed to access process -> wininit.exe
    Failed to access process -> csrss.exe
    Failed to access process -> services.exe
    Failed to access process -> winlogon.exe
    Failed to access process -> lsass.exe
    Failed to access process -> svchost.exe
    Failed to access process -> fontdrvhost.exe
    Failed to access process -> fontdrvhost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> dwm.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> WRSA.exe
    Failed to access process -> atiesrxx.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> atieclxx.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> dasHost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> RtkAudioService64.exe
    Failed to access process -> WTabletServicePro.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> RAVBg64.exe
    Failed to access process -> RAVBg64.exe
    Failed to access process -> svchost.exe
    Failed to access process -> spoolsv.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> armsvc.exe
    Failed to access process -> ACService.exe
    Failed to access process -> AGMService.exe
    Failed to access process -> AdobeUpdateService.exe
    Failed to access process -> svchost.exe
    Failed to access process -> AGSService.exe
    Failed to access process -> AppleMobileDeviceService.exe
    Failed to access process -> mDNSResponder.exe
    Failed to access process -> DbxSvc.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> DymoPnpService.exe
    Failed to access process -> EvtEng.exe
    Failed to access process -> HPCommRecovery.exe
    Failed to access process -> HPWMISVC.exe
    Failed to access process -> ibtsiva.exe
    Failed to access process -> MBAMService.exe
    Failed to access process -> McSvHost.exe
    Failed to access process -> mfemms.exe
    Failed to access process -> svchost.exe
    Failed to access process -> PEFService.exe
    Failed to access process -> PMBDeviceInfoProvider.exe
    Failed to access process -> QBCFMonitorService.exe
    Failed to access process -> QBIDPService.exe
    Failed to access process -> svchost.exe
    Failed to access process -> RegSrvc.exe
    Failed to access process -> RichVideo64.exe
    Failed to access process -> svchost.exe
    Failed to access process -> SecurityHealthService.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> ZeroConfigService.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> wlanext.exe
    Failed to access process -> conhost.exe
    Failed to access process -> mfevtps.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> unsecapp.exe
    Failed to access process -> WmiPrvSE.exe
    Failed to access process -> svchost.exe
    Failed to access process -> mfefire.exe
    Failed to access process -> McAPExe.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    Failed to access process -> QBDBMgrN.exe
    Failed to access process -> svchost.exe
    Failed to access process -> GamesAppIntegrationService.exe
    Failed to access process -> HPSupportSolutionsFrameworkService.exe
    Failed to access process -> McCSPServiceHost.exe
    Failed to access process -> ModuleCoreService.exe
    Failed to access process -> SgrmBroker.exe
    Failed to access process -> svchost.exe
    Failed to access process -> SearchIndexer.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Webroot) C:\Program Files\Webroot\WRSA.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
    Failed to access process -> WacomHost.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> Wacom_Tablet.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    Failed to access process -> svchost.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.9328.1700.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    (Microsoft Corporation) C:\Windows\System32\browser_broker.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    Failed to access process -> mfevtps.exe
    (Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
    (HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\ScanToPCActivationApp.exe
    Failed to access process -> iPodService.exe
    (Amazon Services LLC) C:\Users\Allen's PC\AppData\Local\Amazon Music\Amazon Music Helper.exe
    (HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\HPNetworkCommunicatorCom.exe
    (HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    (Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2017\QBW32.EXE
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
    (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
    () C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
    (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
    (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
    (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    Failed to access process -> svchost.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9330.20915.0_x64__8wekyb3d8bbwe\HxTsr.exe
    Failed to access process -> svchost.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe
    () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\Video.UI.exe
    Failed to access process -> OSPPSVC.EXE
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
    Failed to access process -> svchost.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    Failed to access process -> svchost.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    Failed to access process -> SearchProtocolHost.exe
    Failed to access process -> WmiPrvSE.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8853248 2016-03-23] (Realtek Semiconductor)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
    HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
    HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-11] (HP Inc.)
    HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-12-22] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-05-09] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
    HKLM-x32\...\Run: [ReminderApp_EEAC3053-7055-4143-B8A0-306758055099] => C:\Program Files (x86)\Nova Development\Print Artist Platinum 24\ReminderApp.exe [144728 2011-03-09] ()
    HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
    HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [3688336 2018-04-25] (Webroot)
    HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409424 2018-04-24] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [533616 2017-02-15] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [324720 2017-02-15] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [72192 2008-02-22] (ArcSoft Inc.)
    HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [3029936 2017-09-20] (Sony Corporation)
    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3643712 2018-06-04] (Dropbox, Inc.)
    HKLM\...\RunOnce: [DEL_RTKINST_REG] => CMD /C del "C:\Program Files\Realtek\Audio\HDA\RtkInst.reg" /F
    HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
    HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
    HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
    HKLM\...\Policies\Explorer: [NoFind] 0
    HKLM\...\Policies\Explorer: [NoFile] 0
    HKLM\...\Policies\Explorer: [HideClock] 0
    HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKLM\...\Policies\Explorer: [NoSetFolders] 0
    HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
    HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
    HKLM\...\Policies\Explorer: [NoDFSTab] 0
    HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKLM\...\Policies\Explorer: [NoLogoff] 0
    HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKLM\...\Policies\Explorer: [NoResolveSearch] 0
    HKLM\...\Policies\Explorer: [NoSaveSettings] 0
    HKLM\...\Policies\Explorer: [NoHardwareTab] 0
    HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKLM\...\Policies\Explorer: [NoDesktop] 0
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1825360 2011-01-28] (Sanford, L.P.)
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Run: [Amazon Music] => C:\Users\Allen's PC\AppData\Local\Amazon Music\Amazon Music.exe*裋縧Ḁ蠀C:\Users\Allen's PC\AppData\Local\Amazon Music\Data\App Cach
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Run: [HP OfficeJet Pro 8710 (NET)] => C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\ScanToPCActivationApp.exe [3736584 2015-08-31] (HP Inc.)
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Run: [Amazon Music Helper] => C:\Users\Allen's PC\AppData\Local\Amazon Music\Amazon Music Helper.exe [3051960 2018-05-16] (Amazon Services LLC)
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Run: [AppSync] => C:\Users\Allen's PC\AppData\Roaming\AppSync\AppSync.exe do://update?from=startup
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Policies\system: [DisableCMD] 0
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Policies\system: [NoDispAppearancePage] 0
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Policies\system: [NoDispBackgroundPage] 0
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Policies\Explorer: [NoShellSearchButton] 0
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Policies\Explorer: [NoFind] 0
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Policies\Explorer: [NoSetFolders] 0
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\MountPoints2: {1c2ffe50-92e6-11e6-9992-ac2b6eb10b33} - "F:\LaunchU3.exe" -a
    HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
    HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
    HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
    HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    SSODL: EldosMountNotificator-cbfs6 - {125D002F-11E4-4F03-AA17-1B4F7E5B865C} - C:\WINDOWS\system32\cbfsMntNtf6.dll (/n software, Inc.)
    SSODL-x32: EldosMountNotificator-cbfs6 - {125D002F-11E4-4F03-AA17-1B4F7E5B865C} - C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll (/n software, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2017-04-19]
    ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2017-02-25]
    ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2017-02-25]
    ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2017-02-25]
    ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2017\QBW32.EXE (Intuit Inc.)
    GroupPolicy: Restriction ? <==== ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{7632e30d-e432-44b9-9a49-b0aa8f8e9976}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{ef743616-6e02-41e1-bfd5-06d5cdb8a1d1}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.paradiskus.com/?741D294D0B624D5FD2FE65900EB4C667=H1xAXFBMX11aVVQEEUleSAoRAjMIEFJfX1hHX1ZHWV9SVUFcVkJdSA4MGwhcRF9ZWFE0XFBFWFYpJzAqJy5WL1glNTwtNSxcKVc3LlBELVwt
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
    URLSearchHook: [S-1-5-21-251725971-1601566599-338782807-1004] ATTENTION => Default URLSearchHook is missing
    SearchScopes: HKLM -> {F659D0E4-9FB5-40B3-9366-27E0511D25EA} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {F659D0E4-9FB5-40B3-9366-27E0511D25EA} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-251725971-1601566599-338782807-1001 -> DefaultScope {C024D466-C4C6-43C0-B599-9815FE3BBC94} URL = hxxp://go.paradiskus.com/?F77C1C97379DECC6855DC828442EBB9E=H1xAXFBMX11aVVQNEQQwBw9cQ1hYQVxZWFdDVVVHX1ldU1QJDB0LU1tRRV9RMl9fWlZKLic2KSgxWDNfJTM_IioiQC5XMS1fWyNAKg&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-251725971-1601566599-338782807-1001 -> {C024D466-C4C6-43C0-B599-9815FE3BBC94} URL = hxxp://go.paradiskus.com/?F77C1C97379DECC6855DC828442EBB9E=H1xAXFBMX11aVVQNEQQwBw9cQ1hYQVxZWFdDVVVHX1ldU1QJDB0LU1tRRV9RMl9fWlZKLic2KSgxWDNfJTM_IioiQC5XMS1fWyNAKg&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-251725971-1601566599-338782807-1001 -> {F659D0E4-9FB5-40B3-9366-27E0511D25EA} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2017-04-19] (Webroot)
    BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2018-06-04] (Webroot)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2017-04-19] (Webroot)
    BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2018-06-04] (Webroot)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
    Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2017-04-19] (Webroot)
    Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2017-04-19] (Webroot)
    Handler-x32: intu-help-qb10 - {E795042F-8A29-42E4-B265-2C7AB38E8AEE} - C:\Program Files (x86)\Intuit\QuickBooks 2017\HelpAsyncPluggableProtocol.dll [2016-08-23] (Intuit, Inc.)
    Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll [2018-04-11] (Microsoft Corporation)
    Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll [2016-09-23] (McAfee, Inc.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-09-23] (McAfee, Inc.)
    Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)

    FireFox:
    ========
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
    FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2016-10-25] [Legacy] [not signed]
    FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [2016-09-23] ()
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-04-24] (Adobe Systems)
    FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
    FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2017-02-15] (Citrix Systems, Inc.)
    FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2011-01-28] ( Sanford L.P.)
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [2016-09-23] ()
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-12-22] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-04-24] (Adobe Systems)
    FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR Profile: C:\Users\Allen's PC\AppData\Local\Google\Chrome\User Data\Default [2018-01-22]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [104960 2008-02-22] (ArcSoft Inc.)
    R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-04-24] (Adobe Systems Incorporated)
    R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-13] (Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-13] (Dropbox, Inc.)
    R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-06-04] (Dropbox, Inc.)
    R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [32336 2011-01-28] (Sanford, L.P.)
    R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-12-22] (WildTangent)
    R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
    R2 HP Comm Recover; c:\Program Files\HPCommRecovery\HPCommRecovery.exe [44032 2016-03-02] (HP Inc.) [File not signed]
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321056 2017-06-01] (HP Inc.)
    R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (HP Inc.)
    R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [542320 2017-12-06] (Intel Corporation)
    R3 lmhosts; C:\WINDOWS\System32\svchost.exe [51288 2018-04-11] (Microsoft Corporation)
    R3 lmhosts; C:\WINDOWS\SysWOW64\svchost.exe [44520 2018-04-11] (Microsoft Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [993824 2016-09-23] (McAfee, Inc.)
    S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [352104 2015-09-29] (McAfee, Inc.)
    R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
    R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
    S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc.)
    S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
    S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-04-26] (McAfee, Inc.)
    R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-06-23] (McAfee, Inc.)
    R3 mfevtp; C:\windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.)
    R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-06-17] (McAfee, Inc.)
    S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268928 2017-12-20] ()
    R2 NlaSvc; C:\WINDOWS\System32\svchost.exe [51288 2018-04-11] (Microsoft Corporation)
    R2 NlaSvc; C:\WINDOWS\SysWOW64\svchost.exe [44520 2018-04-11] (Microsoft Corporation)
    R2 nsi; C:\WINDOWS\system32\svchost.exe [51288 2018-04-11] (Microsoft Corporation)
    R2 nsi; C:\WINDOWS\SysWOW64\svchost.exe [44520 2018-04-11] (Microsoft Corporation)
    R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (Intel Security, Inc.)
    R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [498096 2017-09-20] (Sony Corporation)
    S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2016-08-23] (Intuit Inc.) [File not signed]
    R3 QuickBooksDB27; C:\Program Files (x86)\Intuit\QuickBooks 2017\QBDBMgrN.exe [814080 2016-08-23] (Intuit, Inc.)
    R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
    S3 RoxMediaDBVHS; C:\Program Files (x86)\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe [1112720 2012-07-30] (Corel Corporation)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-03-23] (Realtek Semiconductor)
    S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-04-12] (Microsoft Corporation)
    S3 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105344 2018-04-11] (Microsoft Corporation)
    R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [3688336 2018-04-25] (Webroot)
    R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [1764296 2017-12-13] (Wacom Technology, Corp.)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3758720 2017-12-20] (Intel® Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 amdkmdan; C:\WINDOWS\system32\DRIVERS\atikmnag.sys [20267024 2016-02-04] (Advanced Micro Devices, Inc.)
    R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [82704 2016-02-04] (Advanced Micro Devices, Inc.)
    R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-12-14] (Advanced Micro Devices)
    R1 cbfs6; C:\WINDOWS\system32\drivers\cbfs6.sys [460992 2016-09-21] (/n software, Inc.)
    R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [78632 2016-04-27] (McAfee, Inc.)
    S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
    R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136128 2017-12-06] (Intel Corporation)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-06-14] (Malwarebytes)
    R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [419616 2016-04-27] (McAfee, Inc.)
    R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [349480 2016-04-27] (McAfee, Inc.)
    S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83608 2016-04-27] (McAfee, Inc.)
    R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [493352 2016-04-27] (McAfee, Inc.)
    R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [843048 2016-04-27] (McAfee, Inc.)
    R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [519456 2016-08-01] (McAfee, Inc.)
    S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [100136 2016-08-01] (McAfee, Inc.)
    R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [243488 2016-04-27] (McAfee, Inc.)
    R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [8623040 2018-02-05] (Intel Corporation)
    R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-07-10] (Corel Corporation)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2016-02-04] (Realtek )
    R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2016-03-28] (Realsil Semiconductor Corporation)
    S3 USB28xxBGA; C:\WINDOWS\system32\DRIVERS\emBDA64A.sys [738328 2012-05-04] (eMPIA Technology, Inc.)
    S3 USB28xxOEM; C:\WINDOWS\system32\DRIVERS\emOEM64A.sys [1226136 2012-05-04] (eMPIA Technology, Inc.)
    R3 vpnpbus; C:\WINDOWS\System32\drivers\vpnpbus.sys [18624 2016-09-21] (/n software, Inc.)
    S3 WacHidRouterPro; C:\WINDOWS\System32\drivers\wachidrouter.sys [115192 2017-11-21] (Wacom Technology, Corp.)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Corporation)
    R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [128216 2018-04-25] (Webroot)
    R3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [68896 2018-05-02] (Webroot)
    U0 SR; no ImagePath
    U2 srservice; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-06-14 18:51 - 2018-06-14 18:52 - 000042803 _____ C:\Users\Allen's PC\Downloads\FRST.txt
    2018-06-14 18:49 - 2018-06-14 18:49 - 002413056 _____ (Farbar) C:\Users\Allen's PC\Downloads\FRST64 (2).exe
    2018-06-14 18:44 - 2018-06-14 18:51 - 000000000 ____D C:\FRST
    2018-06-14 18:43 - 2018-06-14 18:43 - 002413056 _____ (Farbar) C:\Users\Allen's PC\Downloads\FRST64 (1).exe
    2018-06-14 18:42 - 2018-06-14 18:42 - 002413056 _____ (Farbar) C:\Users\Allen's PC\Downloads\FRST64.exe
    2018-06-14 06:11 - 2018-06-14 06:11 - 000000000 ___HD C:\OneDriveTemp
    2018-06-13 16:27 - 2018-06-13 16:29 - 000000211 _____ C:\Users\Allen's PC\Desktop\Blue Cross Connect Physicians.url
    2018-06-13 15:03 - 2018-06-13 15:03 - 000000000 ____D C:\Users\Allen's PC\AppData\Local\GoToAssist Remote Support Customer
    2018-06-11 15:48 - 2018-06-11 15:48 - 000000017 _____ C:\Users\Allen's PC\AppData\Local\resmon.resmoncfg
    2018-06-09 15:12 - 2018-06-09 15:12 - 000000779 _____ C:\Users\Allen's PC\Documents\Pictures - Shortcut.lnk
    2018-06-09 14:55 - 2018-06-09 14:55 - 000000843 _____ C:\Users\Allen's PC\Documents\Creative Cloud Files - Shortcut.lnk
    2018-06-09 08:56 - 2018-06-09 08:57 - 000000000 ___HD C:\adobeTemp
    2018-06-07 21:36 - 2018-06-07 21:36 - 000000000 ____D C:\Users\Allen's PC\AppData\Roaming\ATI
    2018-06-07 21:36 - 2018-06-07 21:36 - 000000000 ____D C:\Users\Allen's PC\AppData\Local\ATI
    2018-06-07 21:36 - 2018-06-07 21:36 - 000000000 ____D C:\ProgramData\ATI
    2018-06-06 14:14 - 2018-06-06 14:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2018-06-04 05:18 - 2018-06-04 05:18 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
    2018-06-04 05:18 - 2018-06-04 05:18 - 000050232 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
    2018-06-04 05:18 - 2018-06-04 05:18 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
    2018-06-04 05:18 - 2018-06-04 05:18 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
    2018-06-03 10:08 - 2018-06-03 10:08 - 000000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
    2018-06-03 10:08 - 2018-06-03 10:08 - 000000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
    2018-06-03 10:03 - 2018-06-03 10:03 - 000000000 ____D C:\WINDOWS\PCHEALTH
    2018-05-29 21:11 - 2018-05-29 21:11 - 000497658 _____ C:\Users\Allen's PC\Documents\Shemya Diploma.pdf
    2018-05-28 20:53 - 2018-06-13 12:11 - 000000000 ____D C:\Users\Allen's PC\AppData\Local\D3DSCache
    2018-05-27 08:56 - 2018-05-27 16:57 - 000000000 ____D C:\Users\Allen's PC\AppData\Local\PlaceholderTileLogoFolder
    2018-05-27 08:17 - 2018-05-27 08:17 - 000001417 _____ C:\Users\Allen's PC\Desktop\Microsoft Edge.lnk
    2018-05-27 08:17 - 2018-05-27 08:17 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
    2018-05-27 08:14 - 2018-05-27 08:14 - 000000020 ___SH C:\Users\Allen's PC\ntuser.ini
    2018-05-27 08:12 - 2018-06-14 06:00 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2018-05-27 08:11 - 2018-05-27 08:11 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2018-05-27 08:06 - 2018-05-27 08:11 - 000011433 _____ C:\WINDOWS\diagwrn.xml
    2018-05-27 08:06 - 2018-05-27 08:11 - 000011433 _____ C:\WINDOWS\diagerr.xml
    2018-05-27 07:44 - 2018-05-27 07:44 - 000001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2018-05-27 07:39 - 2018-06-14 06:11 - 000000000 ____D C:\Users\Allen's PC
    2018-05-27 07:39 - 2018-06-14 06:01 - 000000000 ____D C:\Users\QBDataServiceUser27.AALLEN
    2018-05-27 07:39 - 2018-06-05 10:34 - 000002385 _____ C:\Users\Allen's PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2018-05-27 07:39 - 2018-05-27 07:51 - 000000000 ____D C:\Users\Allen's PC\Documents\hp.system.package.metadata
    2018-05-27 07:39 - 2016-10-13 04:43 - 000000000 ____D C:\Users\Allen's PC\Documents\hp.applications.package.appdata
    2018-05-27 07:38 - 2018-06-14 06:04 - 000931380 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2018-05-27 06:30 - 2018-05-27 06:33 - 000000000 ____D C:\WINDOWS\ServiceProfiles
    2018-05-27 06:27 - 2018-05-27 06:27 - 025848832 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 022707712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 022002688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 019399168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 013570560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 012712960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 011903488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 007583232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 006569952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 006044104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 005782528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 002961408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 002841312 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 001636352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 001454016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 001426328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 001380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 000860160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 000786168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
    2018-05-27 06:27 - 2018-05-27 06:27 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 000559968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MixedReality.Broker.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Analog.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2018-05-27 06:27 - 2018-05-27 06:27 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 021389360 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 009159064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2018-05-27 06:26 - 2018-05-27 06:26 - 008623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 007436624 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 005951488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 004372992 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 004070400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 003732800 _____ C:\WINDOWS\system32\Windows.Mirage.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 003655168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2018-05-27 06:26 - 2018-05-27 06:26 - 003440640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 003389952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 003283400 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 003086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 002897408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2018-05-27 06:26 - 2018-05-27 06:26 - 002835864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2018-05-27 06:26 - 2018-05-27 06:26 - 002753040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 002700800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 002486976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 002422168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2018-05-27 06:26 - 2018-05-27 06:26 - 002366976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2018-05-27 06:26 - 2018-05-27 06:26 - 002170368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 001953280 _____ C:\WINDOWS\system32\rdpnano.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 001817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 001664512 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 001634800 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 001565592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 001534976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 001456616 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2018-05-27 06:26 - 2018-05-27 06:26 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2018-05-27 06:26 - 2018-05-27 06:26 - 001191168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 001174424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2018-05-27 06:26 - 2018-05-27 06:26 - 001160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 001063320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2018-05-27 06:26 - 2018-05-27 06:26 - 001034624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
    2018-05-27 06:26 - 2018-05-27 06:26 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2018-05-27 06:26 - 2018-05-27 06:26 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
    2018-05-27 06:26 - 2018-05-27 06:26 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000885848 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000826776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
    2018-05-27 06:26 - 2018-05-27 06:26 - 000788216 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000776880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000733992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000709816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2018-05-27 06:26 - 2018-05-27 06:26 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
    2018-05-27 06:26 - 2018-05-27 06:26 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
    2018-05-27 06:26 - 2018-05-27 06:26 - 000665320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000652184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs4.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000606448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000604568 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
    2018-05-27 06:26 - 2018-05-27 06:26 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs3.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000567136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
    2018-05-27 06:26 - 2018-05-27 06:26 - 000474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs2.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000473496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs1.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000434584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
    2018-05-27 06:26 - 2018-05-27 06:26 - 000399768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000382872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
    2018-05-27 06:26 - 2018-05-27 06:26 - 000288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.th.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000269216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win81.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2018-05-27 06:26 - 2018-05-27 06:26 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win8rtm.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
    2018-05-27 06:26 - 2018-05-27 06:26 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
    2018-05-27 06:22 - 2018-05-27 06:42 - 000000000 ____D C:\Program Files (x86)\MSBuild
    2018-05-27 06:22 - 2018-05-27 06:22 - 000000000 ____D C:\Program Files\Reference Assemblies
    2018-05-27 06:22 - 2018-05-27 06:22 - 000000000 ____D C:\Program Files\MSBuild
    2018-05-27 06:22 - 2018-05-27 06:22 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
    2018-05-27 06:22 - 2018-05-27 06:22 - 000000000 ____D C:\inetpub
    2018-05-27 06:21 - 2018-05-27 06:21 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
    2018-05-27 06:21 - 2018-05-27 06:21 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
    2018-05-27 06:21 - 2018-05-27 06:21 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
    2018-05-27 06:21 - 2018-05-27 06:21 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2018-05-27 06:21 - 2018-05-27 06:21 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
    2018-05-27 06:21 - 2018-05-27 06:21 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
    2018-05-27 06:20 - 2018-05-27 06:20 - 004492288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
    2018-05-27 06:20 - 2018-05-27 06:20 - 003398144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
    2018-05-27 06:20 - 2018-05-27 06:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll
    2018-05-27 06:20 - 2018-05-27 06:20 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsFilt.dll
    2018-05-27 06:20 - 2018-05-27 06:20 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll
    2018-05-27 06:20 - 2018-05-27 06:20 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XPSSHHDR.dll
    2018-05-27 06:20 - 2018-05-27 06:20 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
    2018-05-27 06:20 - 2018-05-27 06:20 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
    2018-05-27 03:47 - 2018-05-27 03:47 - 000000000 ____D C:\ProgramData\USOShared
    2018-05-27 03:46 - 2018-04-11 18:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
    2018-05-27 03:44 - 2018-06-14 18:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2018-05-27 03:44 - 2018-05-27 07:47 - 000579288 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2018-05-25 15:36 - 2018-05-25 15:37 - 000000226 _____ C:\Users\Allen's PC\Desktop\Charles Wudtee Photography.url
    2018-05-19 06:51 - 2018-05-27 08:13 - 000000000 ___DC C:\WINDOWS\Panther
    2018-05-16 06:41 - 2018-05-16 06:41 - 000000072 ___SH C:\bootTel.dat
    2018-05-16 06:41 - 2018-05-16 06:41 - 000000000 __SHD C:\found.000
    2018-05-15 10:27 - 2018-05-15 10:27 - 4071240625 _____ C:\WINDOWS\MEMORY.DMP

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-06-14 18:37 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2018-06-14 18:37 - 2017-05-04 09:59 - 000000000 ____D C:\Users\Allen's PC\AppData\Roaming\WTablet
    2018-06-14 06:21 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness
    2018-06-14 06:16 - 2018-02-13 10:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2018-06-14 06:13 - 2017-06-25 13:34 - 000000000 ____D C:\Users\Allen's PC\AppData\Temp
    2018-06-14 06:13 - 2017-02-06 19:43 - 000000000 ___RD C:\Users\Allen's PC\Creative Cloud Files
    2018-06-14 06:13 - 2017-02-06 18:37 - 000000000 ____D C:\Users\Allen's PC\AppData\Local\Adobe
    2018-06-14 06:11 - 2016-08-14 16:33 - 000000000 ___RD C:\Users\Allen's PC\OneDrive
    2018-06-14 06:04 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
    2018-06-14 06:00 - 2017-11-24 08:33 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2018-06-14 06:00 - 2017-01-19 17:16 - 000273688 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
    2018-06-14 06:00 - 2017-01-19 17:16 - 000230592 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
    2018-06-13 21:19 - 2018-02-04 11:18 - 000000000 ____D C:\Users\Allen's PC\Desktop\Resumes
    2018-06-13 15:55 - 2017-11-11 01:01 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2018-06-13 05:42 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps
    2018-06-12 23:07 - 2016-10-13 04:31 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
    2018-06-12 22:17 - 2018-02-13 20:10 - 000000000 ____D C:\Users\Allen's PC\AppData\Local\Packages
    2018-06-12 07:40 - 2017-01-19 17:15 - 000000000 ____D C:\ProgramData\WRData
    2018-06-11 18:31 - 2016-10-13 04:56 - 000000000 ____D C:\Users\Allen's PC\AppData\Local\ConnectedDevicesPlatform
    2018-06-11 16:35 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2018-06-11 11:02 - 2016-08-21 11:25 - 000000000 ____D C:\Users\Allen's PC\Documents\Outlook Files
    2018-06-10 19:31 - 2018-02-13 22:58 - 000000000 ____D C:\Users\Allen's PC\AppData\Local\PackageStaging
    2018-06-10 07:15 - 2018-04-11 18:30 - 000000000 ____D C:\WINDOWS\CbsTemp
    2018-06-10 07:11 - 2018-03-14 21:42 - 000000000 ____D C:\Users\Allen's PC\AppData\Roaming\AppSync
    2018-06-09 07:53 - 2017-06-30 06:50 - 000000674 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-251725971-1601566599-338782807-1001.job
    2018-06-09 07:53 - 2017-06-30 06:50 - 000000578 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-251725971-1601566599-338782807-1001.job
    2018-06-09 06:51 - 2017-07-09 02:49 - 000000000 ____D C:\Users\Allen's PC\AppData\Local\GoToMeeting
    2018-06-07 19:24 - 2016-05-27 20:06 - 000000000 ____D C:\Program Files (x86)\McAfee
    2018-06-06 14:16 - 2016-05-27 17:04 - 000000000 ____D C:\Program Files (x86)\Dropbox
    2018-06-05 18:29 - 2018-04-11 18:41 - 000835056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2018-06-05 18:29 - 2018-04-11 18:41 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2018-06-05 11:39 - 2015-10-30 02:24 - 000000199 _____ C:\WINDOWS\win.ini
    2018-06-03 11:13 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2018-05-30 07:27 - 2018-03-26 23:18 - 000000232 _____ C:\Users\Allen's PC\Desktop\MUSIC DOWNLOAD.url
    2018-05-29 06:53 - 2017-08-31 05:46 - 000000174 _____ C:\Users\Allen's PC\Desktop\CHASE BANK.url
    2018-05-28 16:34 - 2018-02-15 10:21 - 000000188 _____ C:\Users\Allen's PC\Desktop\Hootsuite.url
    2018-05-28 16:34 - 2017-09-20 17:24 - 000000186 _____ C:\Users\Allen's PC\Desktop\Hotmail.url
    2018-05-28 16:33 - 2017-02-22 14:41 - 000000180 _____ C:\Users\Allen's PC\Desktop\Yahoo Mail.url
    2018-05-28 06:43 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\appcompat
    2018-05-27 11:15 - 2017-02-02 21:17 - 000000190 _____ C:\Users\Allen's PC\Desktop\jaallen photography.com.url
    2018-05-27 10:27 - 2017-02-23 13:26 - 000002124 __RSH C:\ProgramData\ntuser.pol
    2018-05-27 08:19 - 2017-03-08 23:50 - 000000000 ____D C:\Users\Allen's PC\AppData\Local\Amazon Music
    2018-05-27 08:14 - 2017-03-16 21:31 - 000000000 ___RD C:\Users\Allen's PC\3D Objects
    2018-05-27 08:14 - 2015-11-02 13:02 - 000000000 __RHD C:\Users\Public\AccountPictures
    2018-05-27 08:05 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\Registration
    2018-05-27 07:58 - 2018-04-11 18:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2018-05-27 07:56 - 2016-10-13 04:48 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
    2018-05-27 07:46 - 2017-03-08 23:51 - 000000000 ____D C:\Users\Allen's PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music
    2018-05-27 07:38 - 2016-10-13 04:33 - 000888618 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
    2018-05-27 06:43 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
    2018-05-27 06:43 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
    2018-05-27 06:42 - 2018-04-11 18:41 - 000000000 ____D C:\WINDOWS\Setup
    2018-05-27 06:42 - 2018-04-11 18:38 - 000000000 __RHD C:\Users\Public\Libraries
    2018-05-27 06:42 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\spool
    2018-05-27 06:42 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\oobe
    2018-05-27 06:42 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\NDF
    2018-05-27 06:42 - 2018-04-11 18:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
    2018-05-27 06:42 - 2018-01-19 23:44 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
    2018-05-27 06:42 - 2018-01-04 08:54 - 000000000 ____D C:\WINDOWS\system32\appmgmt
    2018-05-27 06:42 - 2017-12-21 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechUtilities
    2018-05-27 06:42 - 2017-12-14 17:14 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor 2
    2018-05-27 06:42 - 2017-12-14 17:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Boris FX Continuum CYBERLINK
    2018-05-27 06:42 - 2017-11-24 08:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2018-05-27 06:42 - 2017-10-29 20:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home
    2018-05-27 06:42 - 2017-07-07 14:19 - 000000000 ____D C:\Program Files\UNP
    2018-05-27 06:42 - 2017-06-25 13:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
    2018-05-27 06:42 - 2017-06-10 07:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2018-05-27 06:42 - 2017-03-16 05:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
    2018-05-27 06:42 - 2017-03-16 05:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    2018-05-27 06:42 - 2017-03-08 09:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\proDAD
    2018-05-27 06:42 - 2017-02-25 22:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
    2018-05-27 06:42 - 2017-02-06 20:00 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
    2018-05-27 06:42 - 2017-01-26 19:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DYMO
    2018-05-27 06:42 - 2017-01-19 17:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
    2018-05-27 06:42 - 2016-10-27 19:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Easy VHS to DVD 3
    2018-05-27 06:42 - 2016-10-13 04:31 - 000000000 ____D C:\Program Files\AMD
    2018-05-27 06:42 - 2016-08-14 19:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nova Development
    2018-05-27 06:42 - 2016-08-14 18:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    2018-05-27 06:42 - 2016-05-27 19:50 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2018-05-27 06:42 - 2016-05-27 19:45 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
    2018-05-27 06:42 - 2016-05-27 19:45 - 000000000 ____D C:\Program Files (x86)\Intel
    2018-05-27 06:42 - 2016-05-27 19:44 - 000000000 ____D C:\Program Files\Intel
    2018-05-27 06:42 - 2016-05-27 17:04 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
    2018-05-27 06:42 - 2015-10-30 04:05 - 000000000 ____D C:\WINDOWS\ShellNew
    2018-05-27 06:42 - 2015-10-30 02:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
    2018-05-27 06:34 - 2016-10-13 04:30 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
    2018-05-27 06:33 - 2017-06-25 13:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ovt
    2018-05-27 06:33 - 2017-03-13 19:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2018-05-27 06:33 - 2017-03-08 09:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue
    2018-05-27 06:33 - 2016-10-13 04:31 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
    2018-05-27 06:33 - 2016-10-13 04:30 - 000000000 ____D C:\Program Files\Realtek
    2018-05-27 06:28 - 2018-04-12 04:37 - 000000000 ____D C:\WINDOWS\Containers
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\vi-VN
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ur-PK
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ug-CN
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\tt-RU
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\tk-TM
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\te-IN
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\sw-KE
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\sq-AL
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\quz-PE
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\prs-AF
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\pa-IN
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\or-IN
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\nn-NO
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ne-NP
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\mt-MT
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\mr-IN
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\mn-MN
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ml-IN
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\mk-MK
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\lo-LA
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\lb-LU
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ky-KG
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\kok-IN
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\kn-IN
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\km-KH
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ka-GE
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\is-IS
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\id-ID
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\hy-AM
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\gu-IN
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\gd-GB
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ga-IE
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\fil-PH
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\fa-IR
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\cy-GB
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\bn-IN
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\bn-BD
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\be-BY
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\as-IN
    2018-05-27 06:28 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\af-ZA
    2018-05-27 06:28 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\TextInput
    2018-05-27 06:28 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
    2018-05-27 06:28 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\ta-in
    2018-05-27 06:28 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\si-lk
    2018-05-27 06:28 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\setup
    2018-05-27 06:28 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
    2018-05-27 06:28 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\am-et
    2018-05-27 06:28 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\Provisioning
    2018-05-27 06:28 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\bcastdvr
    2018-05-27 06:28 - 2018-04-11 18:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
    2018-05-27 06:28 - 2018-04-11 18:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2018-05-27 06:22 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
    2018-05-27 06:22 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\inetsrv
    2018-05-27 06:20 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
    2018-05-27 06:20 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
    2018-05-27 06:20 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
    2018-05-27 06:20 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
    2018-05-27 06:20 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
    2018-05-27 06:20 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\lv-LV
    2018-05-27 06:20 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\lt-LT
    2018-05-27 06:20 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\et-EE
    2018-05-27 06:20 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\es-MX
    2018-05-27 06:20 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\en-GB
    2018-05-27 03:47 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\USOPrivate
    2018-05-27 03:47 - 2016-10-13 04:31 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
    2018-05-27 03:46 - 2016-10-13 04:30 - 000001863 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Audio Control Panel.lnk
    2018-05-27 03:46 - 2016-10-13 04:30 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
    2018-05-26 17:02 - 2017-03-08 23:51 - 000001291 _____ C:\Users\Allen's PC\Desktop\Amazon Music.lnk
    2018-05-25 15:43 - 2017-01-31 15:57 - 000000179 _____ C:\Users\Allen's PC\Desktop\Facebook.url
    2018-05-25 07:40 - 2016-05-27 17:04 - 000000948 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
    2018-05-25 07:40 - 2016-05-27 17:04 - 000000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
    2018-05-17 06:29 - 2018-03-20 11:22 - 003239455 _____ C:\Users\Allen's PC\Documents\Crew Label.pra
    2018-05-16 20:57 - 2017-11-11 00:59 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

    ==================== Files in the root of some directories =======

    2017-01-26 19:51 - 2017-01-26 19:53 - 000035114 _____ () C:\Program Files (x86)\DLS8Uninstall.log
    2017-01-19 17:17 - 2017-04-19 23:24 - 018102328 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
    2017-04-16 11:31 - 2017-04-16 11:31 - 000000112 _____ () C:\Users\Allen's PC\AppData\Roaming\JP2K CS6 Prefs
    2018-06-11 15:48 - 2018-06-11 15:48 - 000000017 _____ () C:\Users\Allen's PC\AppData\Local\resmon.resmoncfg

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    ATTENTION: ==> Could not access BCD. The user is not administrator

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
    Ran by Allen's PC (14-06-2018 18:53:13)
    Running from C:\Users\Allen's PC\Downloads
    Windows 10 Pro Version 1803 17134.48 (X64) (2018-05-27 13:13:43)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-251725971-1601566599-338782807-500 - Administrator - Disabled)
    Allen's PC (S-1-5-21-251725971-1601566599-338782807-1001 - Limited - Enabled) => C:\Users\Allen's PC
    DefaultAccount (S-1-5-21-251725971-1601566599-338782807-503 - Limited - Disabled)
    Guest (S-1-5-21-251725971-1601566599-338782807-501 - Limited - Disabled)
    QBDataServiceUser27 (S-1-5-21-251725971-1601566599-338782807-1004 - Limited - Enabled) => C:\Users\QBDataServiceUser27.AALLEN
    WDAGUtilityAccount (S-1-5-21-251725971-1601566599-338782807-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Webroot SecureAnywhere (Enabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
    AS: Webroot SecureAnywhere (Enabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
    FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-c7cbe862-92de-42d8-9bc7-226487b03e4b) (Version: 3.0.2.118 - WildTangent) Hidden
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
    Adobe Bridge CC 2018 (HKLM-x32\...\KBRG_8_0_1) (Version: 8.0.1 - Adobe Systems Incorporated)
    Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.5.0.331 - Adobe Systems Incorporated)
    Adobe Lightroom Classic CC (HKLM-x32\...\LTRM_7_1) (Version: 7.1 - Adobe Systems Incorporated)
    Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_0_1) (Version: 19.0.1 - Adobe Systems Incorporated)
    Amazon Music (HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Amazon Amazon Music) (Version: 6.6.1.1350 - Amazon Services LLC)
    AMD Catalyst Install Manager (HKLM\...\{5236F20D-A975-7092-7EFB-8EDFC64046E7}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
    ArcSoft PhotoImpression 6 (HKLM-x32\...\{063E409E-3D7C-4A4A-95AB-2F124B9224B3}) (Version: - ArcSoft)
    Awakening: The Dreamless Castle (HKLM-x32\...\WTA-bfc42a35-bffe-45ee-9512-171f2e9f1756) (Version: 3.0.2.51 - WildTangent) Hidden
    Azkend 2: The World Beneath (HKLM-x32\...\WTA-f2762fcc-5e44-40fb-81a3-7833747d094e) (Version: 2.2.0.98 - WildTangent) Hidden
    Barn Yarn Collector's Edition (HKLM-x32\...\WTA-e6b02e6d-2e17-4e45-8fe3-a26a8aea0e96) (Version: 3.0.2.48 - WildTangent) Hidden
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Boris FX Continuum Plug-ins 11 for Cyberlink (HKLM\...\{7E607B62-1788-40CB-BADB-DC1511627F6C}_is1) (Version: - Boris FX, Inc.)
    Canon SELPHY CP1200 (HKLM\...\Canon SELPHY CP1200) (Version: 1.1.0.1 - Canon INC.)
    Cisco WebEx Meetings (HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
    Citrix Receiver 4.7 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.7.0.13011 - Citrix Systems, Inc.)
    CRS Photo Scanner (HKLM-x32\...\{93B8C73B-C8FB-4B60-A22E-1C40AE661AB7}) (Version: 1.00.0000 - OVT)
    CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.3.6307 - CyberLink Corp.)
    CyberLink PowerDirector 15 (HKLM-x32\...\{FA285575-B543-4E6E-A573-A4F534AC9965}) (Version: 15.0.2003.0 - CyberLink Corp.)
    CyberLink PowerDirector 16 (HKLM-x32\...\{EE9EC028-49D2-4349-B0A3-9B2E752A4958}) (Version: 16.0.2101.0 - CyberLink Corp.)
    CyberLink PowerDirector Content Pack Essential (HKLM-x32\...\{F2D0453E-3783-490D-9D48-7CC648C4ADFB}) (Version: 1.0 - CyberLink Corp.)
    CyberLink WaveEditor 2 (HKLM-x32\...\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 5620 - CyberLink Corp.)
    Delicious: Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-9fbca15a-32f0-49ed-9c4b-ae5eaac6cfea) (Version: 3.0.2.59 - WildTangent) Hidden
    DirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B2}) (Version: 1.00.0000 - Sonic Solutions) Hidden
    DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
    Dropbox (HKLM-x32\...\Dropbox) (Version: 51.4.66 - Dropbox, Inc.)
    Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
    DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.3.0.1242 - Sanford, L.P.)
    Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
    Entwined: The Perfect Murder (HKLM-x32\...\WTA-d74ac5b9-cc09-461a-ab84-1f6c330b291b) (Version: 3.0.2.59 - WildTangent) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
    GoTo Opener (HKLM-x32\...\{8B2D47CC-1558-4939-B27F-41E30530072A}) (Version: 1.0.467 - LogMeIn, Inc.)
    GoToMeeting 8.29.1.8953 (HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\GoToMeeting) (Version: 8.29.1.8953 - LogMeIn, Inc.)
    Green City: Go South (HKLM-x32\...\WTA-3e67d843-c691-412e-9524-e692e362b0f5) (Version: 3.0.2.59 - WildTangent) Hidden
    Home Makeover (HKLM-x32\...\WTA-890a8713-5295-4969-9b84-75e0da5cc146) (Version: 3.0.2.59 - WildTangent) Hidden
    Hoyle Illusions Mahjongg (HKLM-x32\...\WTA-9363b3e8-4f10-4338-95d5-eb03d733a294) (Version: 3.0.2.59 - WildTangent) Hidden
    HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.2 - HP)
    HP Dropbox Plugin (HKLM-x32\...\{3E261474-8DF2-463B-984E-0B6396F58D1C}) (Version: 36.0.39.57346 - HP)
    HP ePrint SW (HKLM-x32\...\{88970959-baf7-4864-a39a-69a58e8ae5cf}) (Version: 5.0.18701 - HP)
    HP Google Drive Plugin (HKLM-x32\...\{9469285B-AB76-434A-8533-2EE643318F2E}) (Version: 36.0.39.57346 - HP)
    HP OfficeJet Pro 8710 Basic Device Software (HKLM\...\{FD93EB2A-3768-4B16-BDDF-3E2F5667A0A0}) (Version: 38.1.1881.57490 - HP Inc.)
    HP OfficeJet Pro 8710 Help (HKLM-x32\...\{92B8A892-1D92-407A-BF5E-26DCE71B9B12}) (Version: 38.0.0 - HP)
    HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8318.5320 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.4.19.3 - HP)
    HP Support Solutions Framework (HKLM-x32\...\{5F084DD8-AF2C-4004-9C92-820C32E4BD55}) (Version: 12.7.22.13 - HP)
    HP System Event Utility (HKLM-x32\...\{09D0DB68-90EA-4015-983E-A0BD777D5A02}) (Version: 1.4.9 - HP Inc.)
    HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - HP Inc.)
    I.R.I.S. OCR (HKLM-x32\...\{093C645A-294E-41E4-904C-DDF13DC47A27}) (Version: 12.3.6.12 - HP)
    IGT Slots Fire Rubies (HKLM-x32\...\WTA-286c4edb-6ef4-4aef-8dbf-0506e704009d) (Version: 3.0.2.59 - WildTangent) Hidden
    Imperial Island: Birth of an Empire (HKLM-x32\...\WTA-c1dc01af-8197-4881-9970-3b421e75ffcd) (Version: 3.0.2.59 - WildTangent) Hidden
    Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{4DA9DC19-4E1D-4B10-A726-A5F2A1BC7265}) (Version: 18.1.1546.2762 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{ed4a5da7-ac62-4aa5-9502-7b4de55e8cb5}) (Version: 20.20.2 - Intel Corporation)
    iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
    Jewel Match Snowscapes (HKLM-x32\...\WTA-d9e71c16-edcb-459e-8fa9-9ba9d059daf4) (Version: 3.0.2.118 - WildTangent) Hidden
    Little Boy: Walter's Scooter (HKLM-x32\...\WTA-e04ac3a7-bfcd-445c-ae0c-1521769cab30) (Version: 3.0.2.59 - WildTangent) Hidden
    Lost Souls: Timeless Fables Collector's Edition (HKLM-x32\...\WTA-bb50046d-8b83-44f5-8efa-12d86ced168b) (Version: 3.0.2.59 - WildTangent) Hidden
    Magic Heroes: Save Our Park (HKLM-x32\...\WTA-7f6eca51-03ae-4455-aefe-2a9d83d65098) (Version: 3.0.2.59 - WildTangent) Hidden
    Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
    Manor Memoirs Collector's Edition (HKLM-x32\...\WTA-3e1e5214-3edf-4d8e-a889-afa8da3713c4) (Version: 3.0.2.59 - WildTangent) Hidden
    McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 15.0.179 - McAfee, Inc.)
    MergeModule_x64 (HKLM\...\{12DCC5A7-0100-4433-B4FF-217A3C5DC83B}) (Version: 9.3.00 - Sony Corporation) Hidden
    MergeModule_x86 (HKLM-x32\...\{42251A8D-C4AE-4D3B-8A50-948CB98A0969}) (Version: 10.5.00 - Sony Corporation) Hidden
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0006 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    NewBlue Titler Pro for Windows (HKLM-x32\...\NewBlue Titler Pro for Windows) (Version: 1.5 - NewBlue)
    NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
    NewBlue Video Essentials VI for Windows (HKLM-x32\...\NewBlue Video Essentials VI for Windows) (Version: 3.0 - NewBlue)
    NewBlue Video Essentials VII for Windows (HKLM-x32\...\NewBlue Video Essentials VII for Windows) (Version: 3.0 - NewBlue)
    NRDS_Win (HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\NRDS_Win) (Version: - )
    Online Plug-in (HKLM-x32\...\{EACEB844-8CDD-4F3B-9EA2-E299741D1652}) (Version: 14.7.0.13011 - Citrix Systems, Inc.) Hidden
    Paradiskus (HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Paradiskus) (Version: 964.0.0 - Paradiskus)
    Plagiarii (HKLM-x32\...\WTA-745a7a1f-31cc-4d2a-a238-134783e9ce43) (Version: 3.0.2.59 - WildTangent) Hidden
    PlayMemories Home (HKLM-x32\...\{D3981248-DBE7-4050-B666-A7FE5AFFC62C}) (Version: 5.5.00.09202 - Sony Corporation)
    PMB_ModeEditor (HKLM-x32\...\{E95982CA-945F-41F2-B156-A603897AB242}) (Version: 10.3.00 - Sony Corporation) Hidden
    PMB_ServiceUploader (HKLM-x32\...\{7D3A0097-9E0E-4073-801C-295BBDAEAED8}) (Version: 10.5.00 - Sony Corporation) Hidden
    Polar Bowler 1st Frame (HKLM-x32\...\WTA-6d366a42-680f-4ec4-afe5-63ab02ec6ff1) (Version: 3.0.2.59 - WildTangent) Hidden
    Print Artist Platinum 24 (HKLM-x32\...\{7568CBAC-FC7F-4EE9-8CAC-B4274FC93B4E}) (Version: 24.0.0.36 - Nova Development)
    proDAD Adorage 3.0 (64bit) (HKLM\...\proDAD-Adorage-3.0) (Version: 3.0.115.3 - proDAD GmbH)
    proDAD Vitascene 2.0 (HKLM-x32\...\proDAD-Vitascene-2.0) (Version: 2.0.243 - proDAD GmbH)
    Product Improvement Study for HP OfficeJet Pro 8710 (HKLM\...\{61812F25-2589-498B-AED9-40CBC641247E}) (Version: 38.1.1881.57490 - HP Inc.)
    PuppetShow: Return to Joyville (HKLM-x32\...\WTA-939f74e6-2e98-4f1f-afbc-4bd6164f06f7) (Version: 3.0.2.126 - WildTangent) Hidden
    Pyro Jump (HKLM-x32\...\WTA-3efafa27-e934-4267-8546-90e7a14c76d6) (Version: 3.0.2.59 - WildTangent) Hidden
    QuickBooks (HKLM-x32\...\{B52E01F1-D34E-4381-B590-28DFF3C0B647}) (Version: 27.0.4001.2702 - Intuit Inc.) Hidden
    QuickBooks Pro 2017 (HKLM-x32\...\{82F55A7D-6BEB-436B-A1DC-586E113782D7}) (Version: 27.0.4001.2702 - Intuit Inc.)
    QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
    QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7770 - Realtek Semiconductor Corp.)
    Regency Solitaire (HKLM-x32\...\WTA-9ddc8205-36bc-47ed-964e-23726fb5ac1a) (Version: 3.0.2.126 - WildTangent) Hidden
    Roxio Easy VHS to DVD 3 (HKLM-x32\...\{01EA1B5D-04A2-45BD-83BD-488D6EB7B942}) (Version: 3.0 - Roxio)
    Runefall (HKLM-x32\...\WTA-2ead1eb7-6645-451f-bec6-08a3a87a5196) (Version: 3.0.2.126 - WildTangent) Hidden
    Rush Hour! Gas Station (HKLM-x32\...\WTA-fd839947-1ec8-4347-8574-d85e253b0427) (Version: 3.0.2.59 - WildTangent) Hidden
    Self-service Plug-in (HKLM-x32\...\{5D678EB8-64FD-4681-AACF-3D18FBCA77A3}) (Version: 4.7.0.15674 - Citrix Systems, Inc.) Hidden
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Sky High Farm (HKLM-x32\...\WTA-ead2b444-17e4-404c-82c6-96736ede48cf) (Version: 3.0.2.59 - WildTangent) Hidden
    SmartSound Quicktracks 5 (HKLM-x32\...\{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.) Hidden
    SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
    Smilebox (HKU\S-1-5-21-251725971-1601566599-338782807-1001\...\Smilebox) (Version: - )
    Tasty Blue (HKLM-x32\...\WTA-134ecbde-07b8-4a41-b78d-0d35b4878b0f) (Version: 3.0.2.59 - WildTangent) Hidden
    TechUtilities (HKLM-x32\...\TechUtilities_is1) (Version: 2.0.3.9 - Seven Servos Software Pvt Ltd.)
    The Far Kingdoms (HKLM-x32\...\WTA-d8c2a1db-8d52-4b6b-9abf-4e84addf6e95) (Version: 1.1.2.4 - WildTangent) Hidden
    The Print Shop 3.0 Deluxe (HKLM-x32\...\{49B3B2D8-3429-492D-BAB5-5542048D5030}) (Version: 3.0.6 - Encore)
    The Print Shop 3.0 Fonts (HKLM-x32\...\{2C3060F6-F0DC-4F63-A70F-2070BE57EEDC}) (Version: 1.0 - Encore)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9C4F3AF4-21D8-43BD-A69C-517BB96012CF}) (Version: 2.12.0.0 - Microsoft Corporation)
    Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
    UpdateAssistant (HKLM-x32\...\{7C070E60-8769-4763-BBD8-7537A28A60D4}) (Version: 1.10.0.0 - Microsoft Corporation) Hidden
    Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
    Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
    Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.27-2 - Wacom Technology Corp.)
    Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.20.31 - Webroot)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
    WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.1.1.2 - WildTangent) Hidden
    Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-251725971-1601566599-338782807-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-2C7D22F76FD9}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
    CustomCLSID: HKU\S-1-5-21-251725971-1601566599-338782807-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Allen's PC\AppData\Local\GoToMeeting\7468\G2MOutlookAddin64.dll => No File
    CustomCLSID: HKU\S-1-5-21-251725971-1601566599-338782807-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
    ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\WINDOWS\system32\WRusr.dll [2018-06-14] (Webroot)
    ShellIconOverlayIdentifiers: [ ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\WINDOWS\system32\WRusr.dll [2018-06-14] (Webroot)
    ShellIconOverlayIdentifiers: [ ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\WINDOWS\system32\WRusr.dll [2018-06-14] (Webroot)
    ShellIconOverlayIdentifiers: [ ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\WINDOWS\system32\WRusr.dll [2018-06-14] (Webroot)
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] ()
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] ()
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] ()
    ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs6] -> {062405CC-AC00-4770-98FD-A03F5D2F7D63} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-21] (/n software, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs6] -> {062405CC-AC00-4770-98FD-A03F5D2F7D63} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-21] (/n software, Inc.)
    ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] ()
    ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2016-09-23] (McAfee, Inc.)
    ContextMenuHandlers1: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\WINDOWS\system32\WRusr.dll [2018-06-14] (Webroot)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
    ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-12-22] (Advanced Micro Devices, Inc.)
    ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
    ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] ()
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
    ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2016-09-23] (McAfee, Inc.)
    ContextMenuHandlers6: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\WINDOWS\system32\WRusr.dll [2018-06-14] (Webroot)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => <==== ATTENTION
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => <==== ATTENTION
    Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-251725971-1601566599-338782807-1001.job => C:\Users\Allen's PC\AppData\Local\GoToMeeting\8953\g2mupdate.exe
    Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-251725971-1601566599-338782807-1001.job => C:\Users\Allen's PC\AppData\Local\GoToMeeting\8953\g2mupload.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ShortcutWithArgument: C:\Users\Allen's PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AmazonShopping.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://www.amazon.com/gp/bit/amazonbookmark.html?tag=hp2-desktop-us-20&partner=HP
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square

    ==================== Loaded Modules (Whitelisted) ==============

    2017-05-04 09:59 - 2017-12-13 13:49 - 002288072 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
    2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
    2017-09-26 03:52 - 2018-02-27 20:08 - 000614856 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
    2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
    2018-04-11 18:34 - 2018-04-11 18:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
    2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2013-09-05 00:17 - 2013-09-05 00:17 - 004300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2018-04-11 18:35 - 2018-04-12 04:20 - 002184704 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2018-04-22 07:46 - 2018-04-22 07:47 - 001922232 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.9328.1700.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
    2018-05-22 07:43 - 2018-05-22 07:44 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    2018-05-22 07:43 - 2018-05-22 07:44 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
    2018-05-22 07:43 - 2018-05-22 07:44 - 022374400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkyWrap.dll
    2018-05-22 07:43 - 2018-05-22 07:44 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\skypert.dll
    2018-05-22 07:43 - 2018-05-22 07:44 - 000654848 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
    2017-05-09 03:05 - 2017-05-09 03:05 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll
    2017-05-09 03:05 - 2017-05-09 03:05 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
    2018-05-04 19:18 - 2018-05-04 19:18 - 035477440 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\Coresync\Coresync.exe
    2018-05-19 09:24 - 2018-05-19 09:27 - 000084992 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
    2018-05-08 05:49 - 2018-05-08 05:50 - 001873120 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2018-06-08 20:58 - 2018-06-08 21:03 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    2018-06-08 20:58 - 2018-06-08 21:03 - 067232256 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
    2018-02-13 23:29 - 2018-02-13 23:37 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
    2018-05-30 07:28 - 2018-05-30 07:32 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
    2018-05-03 13:19 - 2018-05-03 13:24 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
    2018-05-30 07:28 - 2018-05-30 07:32 - 004214784 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
    2018-05-30 07:28 - 2018-05-30 07:32 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
    2018-03-30 05:20 - 2018-03-30 05:24 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
    2018-06-08 20:58 - 2018-06-08 21:03 - 014851072 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
    2018-05-30 07:28 - 2018-05-30 07:32 - 004058624 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngine.dll
    2018-06-08 20:58 - 2018-06-08 21:03 - 003266048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
    2018-05-30 07:28 - 2018-05-30 07:32 - 001393664 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
    2018-05-30 07:28 - 2018-05-30 07:32 - 004218080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2018-05-30 07:28 - 2018-05-30 07:32 - 000103424 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\BendRealityNode.dll
    2018-05-30 07:28 - 2018-05-30 07:32 - 000872448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
    2018-03-30 05:20 - 2018-03-30 05:24 - 000043008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
    2018-06-08 20:58 - 2018-06-08 21:03 - 000165376 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\SKU.dll
    2018-06-01 13:10 - 2018-06-01 13:11 - 027118080 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\Video.UI.exe
    2018-05-23 07:48 - 2018-05-23 07:48 - 000306176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\SharedUI.dll
    2018-05-23 07:48 - 2018-05-23 07:48 - 006748672 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\EntCommon.dll
    2018-04-07 06:43 - 2018-04-07 06:43 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <==== ATTENTION
    HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION
    HKU\S-1-5-21-251725971-1601566599-338782807-1001\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-10-30 02:24 - 2015-10-30 02:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-251725971-1601566599-338782807-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Allen's PC\Pictures\2016-12-02 23.37.57.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{430D2DF0-A9E5-4A85-B4E6-FB959617C120}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [{B8309D94-E3EA-416D-B7C8-DBA722B2C3AB}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [{5F7CBCD6-2FA0-4B00-8906-86350D63FB9D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
    FirewallRules: [{C0776B3F-887D-4AEB-8009-8C1C059AB80F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
    FirewallRules: [{52AB0CB5-7D27-4C9B-A584-B2123DE44AB8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
    FirewallRules: [{F6AD8E6F-9FAB-402D-91F9-5FDAA1E0ABB5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
    FirewallRules: [{96E5068C-F95E-41B9-BD5B-2D6140F455CA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
    FirewallRules: [{A2F5B1CC-93FC-4C28-911B-2C7A19C3175C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{49C4901A-18D8-4705-9B4D-89121500EFE2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{F9CDA210-6423-4528-AAC4-10E2201FE538}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{7C3ADB0E-19F6-4C2F-BFBD-BB9433EC147C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{3E32C40C-5C80-4AF4-BBCA-89E76CC799E7}] => (Allow) C:\Program Files\CyberLink\PowerDirector15\PDR10.EXE
    FirewallRules: [TCP Query User{D3A9340F-CEE5-4F1A-8F9A-012C14CC3108}C:\users\allen's pc\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\allen's pc\appdata\local\amazon music\amazon music helper.exe
    FirewallRules: [UDP Query User{1810875F-3B03-4626-B84D-265945DDAF01}C:\users\allen's pc\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\allen's pc\appdata\local\amazon music\amazon music helper.exe
    FirewallRules: [{93AD8C6E-75DC-4D11-9997-5D479FD450A7}] => (Allow) C:\Users\Allen's PC\AppData\Local\Temp\7zS2235\HP.EasyStart.exe
    FirewallRules: [{E56DCEE2-2A8A-4EB6-9DF3-2F882C770004}] => (Allow) C:\Users\Allen's PC\AppData\Local\Temp\7zS4CED\HP.EasyStart.exe
    FirewallRules: [{65E268F5-11B8-4C99-9A84-72EF7F4A3D9A}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\FaxApplications.exe
    FirewallRules: [{86C48F3B-27E1-4D08-A931-ED56D1C84B7C}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\DigitalWizards.exe
    FirewallRules: [{98E78A30-AB3F-47F6-8EF6-084B262760F9}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\SendAFax.exe
    FirewallRules: [{A36D0CE5-7914-4BF1-92CA-1C0237BA94E7}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\FaxPrinterUtility.exe
    FirewallRules: [{F888143C-F653-4029-95BD-12F623FD3223}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\DeviceSetup.exe
    FirewallRules: [{D358E87B-208A-4F2E-BEF2-302080A72E75}] => (Allow) LPort=5357
    FirewallRules: [{51C3A27E-D040-4AB9-A2A6-30BB515B779C}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [TCP Query User{BAD63FFE-35AA-4CA4-A741-29AE4E86B221}C:\users\allen's pc\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\allen's pc\appdata\local\amazon music\amazon music helper.exe
    FirewallRules: [UDP Query User{8C5A0565-65AF-4F22-AC07-977D38BF4EBF}C:\users\allen's pc\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\allen's pc\appdata\local\amazon music\amazon music helper.exe
    FirewallRules: [{F4CECC5F-F68C-42F4-8BED-DD86E4CC1F77}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{0C028F93-B1F5-43D7-909A-48DAF438622D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{0781293C-0CCA-415E-85A9-54B72C177F53}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{4736CB50-FFE7-4896-B2D4-71A4134011E6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{6A726B98-A3F3-4C8E-9016-1483304B1537}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{6C70EAF8-859A-463F-87AA-8875E7598FB5}] => (Allow) C:\Program Files\CyberLink\PowerDirector16\PDR10.EXE
    FirewallRules: [{B15DCBB0-E2B1-438E-A1BF-697DA7E05CDC}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    FirewallRules: [{9759D0E6-05ED-4CC7-AA87-3DB9D166D29C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    ATTENTION: System Restore is disabled
    Check "winmgmt" service or repair WMI.


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/13/2018 07:16:37 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: HxOutlook.exe, version: 16.0.9330.2091, time stamp: 0x5b05fea1
    Faulting module name: Mso20Imm.dll, version: 16.0.9330.2091, time stamp: 0x5b049ba2
    Exception code: 0xc0000005
    Fault offset: 0x000000000005fd54
    Faulting process id: 0xb04
    Faulting application start time: 0x01d4030bbd4e33a4
    Faulting application path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9330.20915.0_x64__8wekyb3d8bbwe\HxOutlook.exe
    Faulting module path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9330.20915.0_x64__8wekyb3d8bbwe\Mso20Imm.dll
    Report Id: eb7916d5-2ecb-4193-8b4f-4de51b1089e3
    Faulting package full name: microsoft.windowscommunicationsapps_17.9330.20915.0_x64__8wekyb3d8bbwe
    Faulting package-relative application ID: microsoft.windowslive.mail

    Error: (06/12/2018 10:19:35 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SystemSettings.exe, version: 10.0.17134.1, time stamp: 0x2a3c4e62
    Faulting module name: ntdll.dll, version: 10.0.17134.1, time stamp: 0x207580e2
    Exception code: 0xc0000409
    Fault offset: 0x000000000008aa2f
    Faulting process id: 0x4b54
    Faulting application start time: 0x01d4027bd6b7b9e3
    Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
    Report Id: e294930a-a244-427d-954f-9fbb520943e5
    Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
    Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

    Error: (06/12/2018 09:46:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Microsoft.Photos.exe version 2018.18041.15530.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 475c

    Start Time: 01d4024ec76fbb5d

    Termination Time: 4294967295

    Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

    Report Id: 227d9eaa-78dd-4f25-9c65-71272d3f1b17

    Faulting package full name: Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe

    Faulting package-relative application ID: App

    Error: (06/11/2018 12:22:50 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Setup.exe_InstallShield, version: 12.0.0.58849, time stamp: 0x45b1a378
    Faulting module name: ISRT.dll_unloaded, version: 12.0.0.58849, time stamp: 0x45b1a352
    Exception code: 0xc000041d
    Fault offset: 0x00043b70
    Faulting process id: 0x5ca4
    Faulting application start time: 0x01d401a8c8c20d7c
    Faulting application path: E:\Windows_OS\Driver\Setup.exe
    Faulting module path: ISRT.dll
    Report Id: d7fc0eb0-673b-4b53-a699-d5946a69391b
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (06/11/2018 12:22:47 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Setup.exe_InstallShield, version: 12.0.0.58849, time stamp: 0x45b1a378
    Faulting module name: ISRT.dll_unloaded, version: 12.0.0.58849, time stamp: 0x45b1a352
    Exception code: 0xc0000005
    Fault offset: 0x00043b70
    Faulting process id: 0x5ca4
    Faulting application start time: 0x01d401a8c8c20d7c
    Faulting application path: E:\Windows_OS\Driver\Setup.exe
    Faulting module path: ISRT.dll
    Report Id: 33a39e79-c87e-43bd-9761-c998a5ffd3a1
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (06/11/2018 11:01:23 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Setup.exe_InstallShield, version: 12.0.0.58849, time stamp: 0x45b1a378
    Faulting module name: ISRT.dll_unloaded, version: 12.0.0.58849, time stamp: 0x45b1a352
    Exception code: 0xc000041d
    Fault offset: 0x00043b70
    Faulting process id: 0x1a1c
    Faulting application start time: 0x01d4019d689ec517
    Faulting application path: E:\Windows_OS\Driver\Setup.exe
    Faulting module path: ISRT.dll
    Report Id: 316b7dea-33df-4336-9b3e-8c370ddd7a0a
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (06/11/2018 11:01:19 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Setup.exe_InstallShield, version: 12.0.0.58849, time stamp: 0x45b1a378
    Faulting module name: ISRT.dll_unloaded, version: 12.0.0.58849, time stamp: 0x45b1a352
    Exception code: 0xc0000005
    Fault offset: 0x00043b70
    Faulting process id: 0x1a1c
    Faulting application start time: 0x01d4019d689ec517
    Faulting application path: E:\Windows_OS\Driver\Setup.exe
    Faulting module path: ISRT.dll
    Report Id: 74b19f38-985d-4b6e-aad9-48b89dd37afc
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (06/11/2018 11:00:33 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Setup.exe_InstallShield, version: 12.0.0.58849, time stamp: 0x45b1a378
    Faulting module name: ISRT.dll_unloaded, version: 12.0.0.58849, time stamp: 0x45b1a352
    Exception code: 0xc000041d
    Fault offset: 0x00043b70
    Faulting process id: 0x51a8
    Faulting application start time: 0x01d4019d2ecad1d2
    Faulting application path: E:\Windows_OS\Driver\Setup.exe
    Faulting module path: ISRT.dll
    Report Id: a4f3e645-83c2-4b7b-8b30-3ba47197cb4c
    Faulting package full name:
    Faulting package-relative application ID:


    System errors:
    =============
    Error: (06/14/2018 06:38:00 PM) (Source: DCOM) (EventID: 10016) (User: AALLEN)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    and APPID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    to the user AALLEN\Allen's PC SID (S-1-5-21-251725971-1601566599-338782807-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

    Error: (06/14/2018 06:37:37 PM) (Source: DCOM) (EventID: 10001) (User: AALLEN)
    Description: Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXjytc7c0yvwb8n3cw0r82k4364sd1s7bv.mca as Unavailable/Unavailable. The error:
    "0"
    Happened while starting this command:
    "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca

    Error: (06/14/2018 06:11:36 AM) (Source: DCOM) (EventID: 10001) (User: AALLEN)
    Description: Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca as Unavailable/Unavailable. The error:
    "0"
    Happened while starting this command:
    "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca

    Error: (06/14/2018 06:11:35 AM) (Source: DCOM) (EventID: 10001) (User: AALLEN)
    Description: Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXjytc7c0yvwb8n3cw0r82k4364sd1s7bv.mca as Unavailable/Unavailable. The error:
    "298"
    Happened while starting this command:
    "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca

    Error: (06/14/2018 06:11:16 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (06/14/2018 06:11:16 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (06/14/2018 06:00:09 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 10:18:29 PM on ‎6/‎13/‎2018 was unexpected.

    Error: (06/14/2018 05:59:41 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
    Description: 3221225684A fatal error occurred processing the restoration data.


    CodeIntegrity:
    ===================================

    Date: 2018-06-14 06:31:51.636
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cbfsMntNtf6.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-06-14 06:31:51.196
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-06-14 06:31:51.181
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-06-14 06:31:51.165
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-06-14 06:31:51.150
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-06-14 06:31:51.132
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-06-14 06:31:51.117
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-06-14 06:31:51.101
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll that did not meet the Microsoft signing level requirements.

    ==================== Memory info ===========================

    Processor: AMD A8-7410 APU with AMD Radeon R5 Graphics
    Percentage of memory in use: 47%
    Total physical RAM: 7096.84 MB
    Available physical RAM: 3744.57 MB
    Total Virtual: 14776.84 MB
    Available Virtual: 9580.7 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:912.8 GB) (Free:775.14 GB) NTFS
    Drive d: (RECOVERY) (Fixed) (Total:17.48 GB) (Free:11.72 GB) NTFS

    \\?\Volume{31b9d254-ef65-4488-810c-362e0742fc49}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.55 GB) NTFS
    \\?\Volume{91d17a5a-2e39-4bd4-9eba-b8f70485a786}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32

    ==================== MBR & Partition Table ==================

    ==================== End of Addition.txt ============================

  4. #4
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi aallen,

    Weren't not going to be able to do much here since your acct has limited privileges. Let's see if we can enable the hidden administrator's acct.

    Click >>here<< and scroll down to where it says:

    Method 2 of 3

    Enable the hidden administrator account


    Please follow those instructions. I am hoping you will not need to be in an Admin acct to accomplish this task though I have a feeling you might need to be. If you are successful, please provide a fresh FRST scan for me to see using the Admin acct.

    Fingers crossed...
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  5. #5
    Member
    Join Date
    Feb 2007
    Posts
    25
    Points
    1

    Default

    Unable to enable this account. Access denied.

  6. #6
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Do you have the USB recovery media?

    How about a USB flash drive? It should be one that is blank.

    Let's try the following. If this does not work

    [img=http://i.imgur.com/iO3R662.png]Farbar Recovery Scan Tool (FRST) - Recovery Environment Scan
    Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

    Preparing the USB Flash Drive
    • Download the 64-bit version of FarbarRecoveryScanTool from >>HERE<<[/*]
    • Move the executable FRST64.exe onto your USB Flash Drive[/*]
    • Download the attached fixlist.txt, and move it on your USB Flash Drive as well.[/*]



    Boot into the Recovery Environment

    Restart your infected computer. When you see the spinning circle of dots, press or continuously tap the F8 key. This should open the Choose an option screen as shown below. If it does not, see if you can get to the Choose an option another way:

    [img=http://www.online-tech-tips.com/wp-content/uploads/2008/06/recovery-options-windows.jpg]

    Click on Troubleshoot and you should see the Troubleshoot screen as shown below:

    [img=http://cdn5.howtogeek.com/wp-content/uploads/2012/03/509x500ximage33.png.pagespeed.ic.Ka8cTrg5bI.png]

    In the Troubleshoot screen, click on Advanced options and you should get the Advanced options screen as shown below:

    [img=http://cdn5.howtogeek.com/wp-content/uploads/2012/03/650x381ximage34.png.pagespeed.ic.J3Dk0QcKYa.png]

    On the Advanced Options screen click Command Prompt.
    You might need to choose a user account. Please do so and enter the password if necessary, otherwise leave the password field blank and click to continue. A black Command window will open.

    Next:


    Once in the command prompt
    • In the command window type notepad and press Enter on your keyboard.[/*]
    • Notepad will open. Click File at the top left in the menu bar followed by Open.[/*]
    • Click Computer/This PC, write down your USB drive letter on a piece of paper and close Notepad.[/*]
    • Next type x:\frst64.exe in the command window.
      • Note: Replace letter x with the drive letter of your USB drive you wrote down earlier.[/*]
    • Press Enter on your keyboard. The tool will start to run.[/*]
    • When the tool opens click Yes to the disclaimer.[/*]
    • Click Fix.[/*]
    • A log (Fixlog.txt) will be saved to your USB drive. Reboot your computer.Copy the contents of Fixlog.txt and paste in your next reply[/*]
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  7. #7
    Member
    Join Date
    Feb 2007
    Posts
    25
    Points
    1

    Default

    Donna,
    I tried running a fixlog but received the message: :No fixlist.txt found. The fixlist should be in the same folder/directory the tool is located." I am not sure if I know where to find the initial fixlist to save to my USB. Could I get instructions on how to get to the fixlist.txt I did run a scan from the notepad command prompt. The results are below.

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
    Ran by SYSTEM on MININT-KG16ABQ (16-06-2018 17:19:18)
    Running from E:\
    Platform: WIN_10 (X64) Language: English (United States)
    Boot Mode: Recovery
    ATTENTION: Could not load system hive.
    ATTENTION: System hive is missing.

    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    ATTENTION: Software hive is missing.

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)


    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)


    ==================== Known DLLs (Whitelisted) =========================


    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION
    C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION
    C:\Windows\explorer.exe IS MISSING <==== ATTENTION
    C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION
    C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION
    C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION
    C:\Windows\System32\services.exe IS MISSING <==== ATTENTION
    C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION
    C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION
    C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION
    C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION
    C:\Windows\System32\rpcss.dll IS MISSING <==== ATTENTION
    C:\Windows\System32\dnsapi.dll IS MISSING <==== ATTENTION
    C:\Windows\SysWOW64\dnsapi.dll IS MISSING <==== ATTENTION
    C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION
    C:\Windows\System32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION
    C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} IS MISSING <==== ATTENTION
    C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION

    ==================== Restore Points =========================


    ==================== Memory info ===========================

    Percentage of memory in use: 11%
    Total physical RAM: 7096.84 MB
    Available physical RAM: 6279.2 MB
    Total Virtual: 7096.84 MB
    Available Virtual: 6320.43 MB

    ==================== Drives ================================

    Drive d: (RECOVERY) (Fixed) (Total:17.48 GB) (Free:11.72 GB) NTFS
    Drive e: () (Removable) (Total:14.52 GB) (Free:14.5 GB) FAT32
    Drive g: (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.55 GB) NTFS
    Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS

    \\?\Volume{91d17a5a-2e39-4bd4-9eba-b8f70485a786}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 973C63B3)

    Partition: GPT.

    ========================================================
    Disk: 1 (Protective MBR) (Size: 14.5 GB) (Disk ID: 00000000)

    Partition: GPT.

    ==================== End of FRST.txt ============================

  8. #8
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    I am sorry aallen. I posted the above instructions right after I peeled myself out of bed. No fixlog was found because I provided no fixlog. I see that you were able to get into the system through the recovery and run a scan. That is a good thing.

    Farbar Recovery Scan Tool (FRST) - Recovery Environment Scan
    Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

    Boot into the Recovery Environment

    Restart your infected computer. When you see the spinning circle of dots, press or continuously tap the F8 key. This should open the Choose an option screen. If it does not, see if you can get to the Choose an option another way:

    How to Troubleshoot Windows 10 failure to boot using Recovery Environment


    Click on Troubleshoot and you should see a second Troubleshoot screen.

    In the second Troubleshoot screen, click on Advanced options and you should get the second Advanced options screen.

    On the Advanced Options screen click Command Prompt.
    You might need to choose a user account. Please do so and enter the password if necessary, otherwise leave the password field blank and click to continue. A black Command window will open.

    Next:

    Once in the command prompt

    • In the command window type chkdsk c: /r and press Enter on your keyboard.
    • Wait for it to complete and then try getting another log as you did in your last post by pressing the Scan button on the open FRST program.
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  9. #9
    Member
    Join Date
    Feb 2007
    Posts
    25
    Points
    1

    Default

    Tried chkdsk c: /r a number of times but received message "The type of the file system is Raw. CHKDSK is not available for Raw drives." Changed to chkdsk e: /r. Don't know if this was the correct thing to do but ran a report from here. Results are here:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
    Ran by SYSTEM on MININT-50B6R5J (17-06-2018 16:11:58)
    Running from e:\
    Platform: WIN_10 (X64) Language: English (United States)
    Boot Mode: Recovery
    ATTENTION: Could not load system hive.
    ATTENTION: System hive is missing.

    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    ATTENTION: Software hive is missing.

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)


    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)


    ==================== Known DLLs (Whitelisted) =========================


    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION
    C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION
    C:\Windows\explorer.exe IS MISSING <==== ATTENTION
    C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION
    C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION
    C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION
    C:\Windows\System32\services.exe IS MISSING <==== ATTENTION
    C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION
    C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION
    C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION
    C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION
    C:\Windows\System32\rpcss.dll IS MISSING <==== ATTENTION
    C:\Windows\System32\dnsapi.dll IS MISSING <==== ATTENTION
    C:\Windows\SysWOW64\dnsapi.dll IS MISSING <==== ATTENTION
    C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION
    C:\Windows\System32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION
    C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} IS MISSING <==== ATTENTION
    C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION

    ==================== Restore Points =========================


    ==================== Memory info ===========================

    Percentage of memory in use: 11%
    Total physical RAM: 7096.84 MB
    Available physical RAM: 6279.49 MB
    Total Virtual: 7096.84 MB
    Available Virtual: 6326.1 MB

    ==================== Drives ================================

    Drive d: (RECOVERY) (Fixed) (Total:17.48 GB) (Free:11.72 GB) NTFS
    Drive e: () (Removable) (Total:14.52 GB) (Free:14.5 GB) FAT32
    Drive g: (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.55 GB) NTFS
    Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS

    \\?\Volume{91d17a5a-2e39-4bd4-9eba-b8f70485a786}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 973C63B3)

    Partition: GPT.

    ========================================================
    Disk: 1 (Protective MBR) (Size: 14.5 GB) (Disk ID: 00000000)

    Partition: GPT.

    ==================== End of FRST.txt ============================

  10. #10
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi aallen,

    This isn't looking very good. I am reaching out to one of my fellow associates for further advice.

    In the mean time please try the instructions for Method 1 of 3 in the following link which we used earlier. Boot into the recovery environment to access the command prompt there as you did for the chkdsk c: /r

    Enable the built-in administrator account in Windows 10

    May I ask...

    did you purchase this computer new out of the box? The reason I ask is because I don't understand why you do not have the administrators account that was/is created when you set up your new computer out of the box. Did you delete or change the acct to limited? This account creation information can be found in the first 2 paragraphs of the link I posted above.
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

Page 1 of 2 12 LastLast