WiredWX Hobby Weather ToolsLog in

 

Cannot run FRST

Here is  Addition txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by joans (28-06-2018 14:01:00)
Running from C:\Users\joans\Desktop
Windows 10 Home Version 1803 17134.112 (X64) (2018-06-10 10:19:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3292101828-2372436370-1214882896-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3292101828-2372436370-1214882896-503 - Limited - Disabled)
Guest (S-1-5-21-3292101828-2372436370-1214882896-501 - Limited - Disabled)
joans (S-1-5-21-3292101828-2372436370-1214882896-1006 - Administrator - Enabled) => C:\Users\joans
PCPitstopSVC (S-1-5-21-3292101828-2372436370-1214882896-1007 - Administrator - Enabled) => C:\Users\PCPitstopSVC
WDAGUtilityAccount (S-1-5-21-3292101828-2372436370-1214882896-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: PC Matic Super Shield (Enabled - Up to date) {4FA50ECA-6D1E-553A-06EB-C13191BCA12A}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: PC Matic Super Shield (Enabled - Up to date) {F4C4EF2E-4B24-5AB4-3C5B-FA43EA3BEB97}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{657DF44E-16FB-46D9-A2E6-476E54F694D3}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{94EBC126-1FC8-4528-859F-591460B2E7C2}) (Version: 3.4.0.4 - Intel) Hidden
7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Agent Ransack x64 (HKLM\...\{F46C91EA-16DE-46D6-BE3B-C94BDF641567}) (Version: 8.0.867.1 - Mythicsoft Ltd)
Apple Application Support (32-bit) (HKLM-x32\...\{C56BA005-F02C-461B-ACA5-A0CE3E32578F}) (Version: 6.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C8087B7C-8496-45BE-92FB-91D31EB73969}) (Version: 6.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{64695C4A-C68F-46B5-A734-50EBF124A68E}) (Version: 11.3.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Athentech Perfectly Clear (HKLM\...\{20778D45-52FE-467E-B422-1D2097582A28}) (Version: 1.0.0.117 - Corel Corporation) Hidden
Athentech Perfectly Clear (HKLM-x32\...\_{5CF88B4A-5805-4F7C-B059-23C6C9D0604D}) (Version: 1.0.0.117 - Corel Corporation)
Athentech Perfectly Clear (HKLM-x32\...\{5CF88B4A-5805-4F7C-B059-23C6C9D0604D}) (Version: 1.0.0.117 - Corel Corporation) Hidden
Auto FX Free version 3.4.0 (HKLM-x32\...\{A5004993-D4BE-451E-AA5C-FA9058027930}_is1) (Version: 3.4.0 - Auto FX Software)
Belarc Advisor 8.6b (HKLM-x32\...\Belarc Advisor) (Version: 8.6.2.0 - Belarc Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Casper 8.0 (HKLM\...\{3EF580B0-E4FA-408E-A4A5-F20CAAD48B98}) (Version: 8.0.46120 - Future Systems Solutions, Inc.)
Corel KPT Collection (HKLM-x32\...\_{B16DC136-9583-4C54-BE27-F001BBC546B1}) (Version: 1.0.0.109 - Corel Corporation)
Corel KPT Collection (HKLM-x32\...\{B16DC136-9583-4C54-BE27-F001BBC546B1}) (Version: 1.0.0.109 - Corel Corporation) Hidden
Corel PaintShop Pro X7  (HKLM-x32\...\_{176F50D6-6857-49CE-B731-65F757EE3F0D}) (Version: 17.3.0.30 - Corel Corporation)
Corel PaintShop Pro X7 (HKLM-x32\...\{17196252-8555-4E35-9C06-F743143D76D4}) (Version: 17.0.0.199 - Corel Corporation) Hidden
Creative Content (HKLM-x32\...\_{AA43E09C-5CFF-4879-B632-A112D6AD869B}) (Version: 1.0.0.114 - Corel Corporation) Hidden
Creative Content (HKLM-x32\...\{AA43E09C-5CFF-4879-B632-A112D6AD869B}) (Version: 1.0.0.114 - Corel Corporation) Hidden
Custom Variety Pack (HKLM\...\{ABE4D060-5260-453F-A742-933194AEB045}) (Version: 2.00.0004 - Auto FX Software)
CutePDF Writer 3.2 (HKLM\...\CutePDF Writer Installation) (Version:  3.2 - Acro Software Inc.)
CyberLink PowerRecover (HKLM\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.6008 - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.6008 - CyberLink Corp.)
FaceFilter v3.02 Standard (HKLM-x32\...\{6020758E-57A9-41E3-AF20-8EE311EA6156}) (Version: 3.02.1506.1 - Reallusion Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HP Officejet 5740 series Basic Device Software (HKLM\...\{7FAA9D15-FF0B-4593-8D4A-0B941FD1977A}) (Version: 34.2.117.50647 - Hewlett-Packard Co.)
HP Officejet 5740 series Help (HKLM-x32\...\{F17D53C7-DCE8-469C-9690-CF8F5903519C}) (Version: 34.0.0 - Hewlett Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ICA (HKLM-x32\...\{176F50D6-6857-49CE-B731-65F757EE3F0D}) (Version: 17.0.0.199 - Corel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel(R) Corporation) Hidden
Intel(R) Computing Improvement Program (HKLM\...\{F6B5BD59-21F0-47F8-A6C6-63BAEB1A6569}) (Version: 2.1.03720 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1037 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 24.20.100.6136 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.8.0.1006 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000060-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.60.0 - Intel Corporation)
Intel®️ Driver & Support Assistant (HKLM-x32\...\{917c2887-4ed0-4389-9b51-616905bcf34f}) (Version: 3.4.0.4 - Intel)
Intel®️ PROSet/Wireless Software (HKLM-x32\...\{fefa9370-e735-4821-9cbc-48bd843e7ac3}) (Version: 19.80.0 - Intel Corporation)
IPM_PSP_COM (HKLM-x32\...\{174F9DF8-AC60-486A-8FF4-A22831D48E0D}) (Version: 17.0.0.199 - Corel Corporation) Hidden
IPM_PSP_COM64 (HKLM\...\{17704FA2-B1D2-4D5C-A23D-BDA0D2BC9CC7}) (Version: 17.0.0.199 - Corel Corporation) Hidden
iTunes (HKLM\...\{BE065D5C-5EB5-4F39-A112-32897C297935}) (Version: 12.7.5.9 - Apple Inc.)
Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
MadOnion.com/3DMark2001 SE (HKLM-x32\...\{91B323B5-A79C-4D23-BD6D-046C565F9BCF}) (Version:  - )
Microsoft Office XP Standard (HKLM-x32\...\{91120409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3292101828-2372436370-1214882896-1006\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.8.0 - Mozilla)
Mozilla Thunderbird 52.8.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.8.0 (x86 en-US)) (Version: 52.8.0 - Mozilla)
Nero 7 Premium (HKLM-x32\...\{22FB6750-ADDF-4726-B67F-6901E1991033}) (Version: 7.03.0993 - Nero AG)
PC Matic 3.0.0.9 (HKLM-x32\...\PC Matic_is1) (Version: 3.0.0.9 - PC Pitstop LLC)
PC Matic Super Shield 3.0.4.0 (HKLM-x32\...\PC Pitstop SuperShield_is1) (Version: 3.0.4.0 - PC Pitstop)
PC Pitstop Info Center 1.0.0.19 (HKLM-x32\...\PCPitstopInfoCenter_is1) (Version: 1.0.0.19 - PC Pitstop LLC.)
PSPPContent (HKLM-x32\...\{17289BF4-5826-447B-A20A-738044D0B3E5}) (Version: 17.0.0.199 - Corel Corporation) Hidden
PSPPHelp (HKLM-x32\...\{1735F0DE-B173-4116-BABC-653A12FB9238}) (Version: 17.00.0000 - Corel Corporation) Hidden
PSPPro64 (HKLM\...\{17511557-C430-486A-AB5A-87A8134B2613}) (Version: 17.0.0.199 - Corel Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.19.627.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8237 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
Setup (HKLM-x32\...\{17088A4E-3CF3-4F12-926D-2A9E8085B8EC}) (Version: 17.0.0.199 - Corel Corporation) Hidden
Stardock Start10 (HKLM-x32\...\Stardock Start10) (Version: 1.60 - Stardock Software, Inc.)
SupportAPP (HKLM\...\{0000A0AB-3A12-1EF4-A21C-9ADE1843AB04}) (Version: 1.1 - )
TweakUAC (HKLM-x32\...\TweakUAC_is1) (Version: 1.1 - WinAbility Software Corp.)
Ultimate Creative Collection (X7) (HKLM-x32\...\_{3378B396-212B-4739-A8D0-71CD52F4568E}) (Version: 1.0.0.116 - Corel Corporation)
Ultimate Creative Collection (X7) (HKLM-x32\...\{3378B396-212B-4739-A8D0-71CD52F4568E}) (Version: 1.0.0.116 - Corel Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{5009B7EE-8A15-4A23-B404-15E31D02DA67}) (Version: 2.43.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{57D07AAD-97E2-4E16-89C4-1A3C51BC9C98}) (Version: 1.16.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0-2) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-07-24] (Nero AG)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9929e26743d53831\igfxDTCM.dll [2018-06-04] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers2_S-1-5-21-3292101828-2372436370-1214882896-1006: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll [2017-03-02] (Mythicsoft Ltd)
ContextMenuHandlers4_S-1-5-21-3292101828-2372436370-1214882896-1006: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll [2017-03-02] (Mythicsoft Ltd)
ContextMenuHandlers5_S-1-5-21-3292101828-2372436370-1214882896-1006: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll [2017-03-02] (Mythicsoft Ltd)
ContextMenuHandlers6_S-1-5-21-3292101828-2372436370-1214882896-1006: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll [2017-03-02] (Mythicsoft Ltd)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {176B22D1-5813-4638-92C8-B7E2C17D7832} - System32\Tasks\Future Systems Solutions\Casper\Casper 8.0 Update Notification Task => C:\Program Files\Future Systems Solutions\Casper 8.0\CASPER.EXE [2016-09-12] (Future Systems Solutions, Inc.)
Task: {443A876C-9F1F-4D78-B702-8263809AA83C} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {6371AF6F-7C01-4B15-B739-BE3494402430} - System32\Tasks\Future Systems Solutions\Casper\My System Drive Backup => C:\Program Files\Future Systems Solutions\Casper 8.0\CASPER.EXE [2016-09-12] (Future Systems Solutions, Inc.)
Task: {64C8CBDC-9110-4DEF-8C48-366CB8CD8BBB} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {7D32A83A-01C4-4E01-8718-93F12FE5426A} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {80ED25E2-D9B9-4B3D-8887-FAE021D272E3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-10] (Adobe Systems Incorporated)
Task: {945F7C11-5278-4D8E-B602-AC61A127AD9C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-06-06] (Google Inc.)
Task: {E6376B11-6CAB-4CA6-9E6C-5D0757FB9AA8} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {E899175B-CC6F-4ED5-9403-572FB8E8022C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-06-06] (Google Inc.)
Task: {E939B08D-AD57-49A7-BBB7-10C1EEFAD530} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {EF41EFCE-9756-46BE-83D2-3718DF7E09C8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Windows\system32\MRT.exe [2018-06-16] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-06-10 13:33 - 2017-05-26 06:47 - 000090096 _____ () C:\WINDOWS\System32\cpwmon64_v32.dll
2018-05-15 18:59 - 2018-05-15 18:59 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-05-15 18:58 - 2018-05-15 18:58 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-04-06 20:54 - 2018-04-06 20:54 - 000185064 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
2018-04-12 09:34 - 2018-04-12 09:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-04-12 09:34 - 2018-04-12 09:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 09:34 - 2018-04-12 09:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-06-16 14:10 - 2018-06-08 18:56 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-06-10 12:57 - 2018-06-10 12:59 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-06-10 12:57 - 2018-06-10 12:59 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-06-10 12:57 - 2018-06-10 12:59 - 022374400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-06-10 12:57 - 2018-06-10 12:59 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\skypert.dll
2018-06-10 12:57 - 2018-06-10 12:57 - 000654848 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-04-06 20:54 - 2018-04-06 20:54 - 000818408 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
2018-04-06 20:54 - 2018-04-06 20:54 - 002309864 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_modeler.dll
2018-04-06 20:54 - 2018-04-06 20:54 - 000270056 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\pl_agent_lib.dll
2018-04-06 20:54 - 2018-04-06 20:54 - 000214760 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\foreground_window_input.dll
2018-04-06 20:54 - 2018-04-06 20:54 - 000279272 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_user_waiting_input.dll
2018-04-06 20:54 - 2018-04-06 20:54 - 000207080 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_events_input.dll
2018-04-06 20:54 - 2018-04-06 20:54 - 000277736 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_system_power_state_input.dll
2018-04-06 20:55 - 2018-04-06 20:55 - 000708328 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\sql_logger.dll
2018-06-06 11:19 - 2014-04-15 13:02 - 000524288 _____ () C:\Program Files (x86)\PCPitstop\Super Shield\SQLiteEncrypt.dll
2018-06-06 11:19 - 2018-06-23 10:32 - 000187136 _____ () C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRTen.dll
2017-07-18 03:30 - 2017-07-18 03:30 - 000863744 _____ () C:\WINDOWS\mod_frst.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-19 07:03 - 2017-03-19 07:01 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3292101828-2372436370-1214882896-1006\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-3292101828-2372436370-1214882896-1007\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "Microsoft Office.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "Corel Update Helper"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "DSATray"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1DA8E012-08CD-466F-AAA1-2826A354944F}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{3D0520D3-D90F-4167-A3F5-8B3C64409E09}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\bin\FaxApplications.exe
FirewallRules: [{3F6C9246-97C8-4F7E-AE29-F3F45C22D4E6}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\bin\DigitalWizards.exe
FirewallRules: [{A0768281-5E69-4393-AFEC-AE0D056EC338}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\bin\SendAFax.exe
FirewallRules: [{06B508B0-58DE-4035-896F-12694EA86110}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\Bin\DeviceSetup.exe
FirewallRules: [{B92C25D5-E44C-400F-9C5E-3DF8AD5ACD51}] => (Allow) LPort=5357
FirewallRules: [{14A7DA09-800E-431B-8D70-D894797C427A}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{EAA477B7-9ADE-44FD-8136-624A9F6A1C32}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{55E83FD5-72E2-4430-8CF1-84E6998D86C3}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{0CFF92C1-67D6-4227-992A-9B890F7EE957}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{8803DC9D-D598-4558-A785-AEE6568119A8}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{90CAF7E6-D68A-4162-8AC8-112444E7971E}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{B0C90E31-9C45-4B3F-B14F-0A95241D71B4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{40E66BC1-6B42-452E-9421-C0B40B10183C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{822D1B5F-B9D6-445A-B557-B8A576434C0B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AE8ADD4A-C703-4916-94B3-D0D019690E8B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1B08F14E-E3A0-4018-BCFB-D305EE025173}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{01B34065-0B3D-42EE-9E2D-4929305EFE04}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

21-06-2018 17:15:00 Scheduled Checkpoint
25-06-2018 15:57:00 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/28/2018 11:38:35 AM) (Source: Casper) (EventID: 1008) (User: DESKTOP-R5BVS6I)
Description: Copy failed. A problem was encountered while attempting to copy Boot (C:) to Backup_C (H:). The copy did not complete.

Error: 6841.
Time Elapsed: 00:20:06

Error: (06/28/2018 10:45:06 AM) (Source: Casper) (EventID: 1008) (User: DESKTOP-R5BVS6I)
Description: Copy failed. A problem was encountered while attempting to copy Boot (C:) to Backup_C (H:). The copy did not complete.

Error: 6841.
Time Elapsed: 00:20:16

Error: (06/27/2018 07:37:04 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\wbem\wmiprvse.exe; Description = PC Pitstop Restore Point; Error = 0x800706be).

Error: (06/27/2018 03:24:27 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (06/27/2018 01:12:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program svchost.exe version 10.0.17134.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 8f0

Start Time: 01d40dc3be217e02

Termination Time: 4294967295

Application Path: C:\Windows\System32\svchost.exe

Report Id: df433b93-4a8f-4b73-990d-4c2ed6f88b31

Faulting package full name: 

Faulting package-relative application ID:

Error: (06/27/2018 10:42:49 AM) (Source: Casper SmartSense) (EventID: 1010) (User: NT AUTHORITY)
Description: No active user detected for \\?\STORAGE#Volume#{0d8cf901-6c5c-11e8-8670-9cda3edee7b5}#0000004A75200000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.

Error: 50

Error: (06/27/2018 10:42:49 AM) (Source: Casper SmartSense) (EventID: 1010) (User: NT AUTHORITY)
Description: No active user detected for \\?\STORAGE#Volume#{0d8cf901-6c5c-11e8-8670-9cda3edee7b5}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.

Error: 50

Error: (06/27/2018 10:42:47 AM) (Source: Casper SmartSense) (EventID: 1010) (User: NT AUTHORITY)
Description: No active user detected for \\?\USBSTOR#Disk&Ven_WDC_WD64&Prod_00AACS-00G8B1&Rev_#DCAF32502658&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}.

Error: 50


System errors:
=============
Error: (06/28/2018 12:18:27 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-R5BVS6I)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-R5BVS6I\joans SID (S-1-5-21-3292101828-2372436370-1214882896-1006) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/28/2018 12:14:58 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-R5BVS6I)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-R5BVS6I\joans SID (S-1-5-21-3292101828-2372436370-1214882896-1006) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/28/2018 12:13:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/28/2018 12:13:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/28/2018 12:13:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Energy Server Service queencreek service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/28/2018 12:11:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscDataProtection
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/28/2018 12:09:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel(R) PROSet/Wireless Zero Configuration Service service terminated with the following error: 
%%2147770990

Error: (06/28/2018 12:08:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:06:52 PM on ‎6/‎28/‎2018 was unexpected.


CodeIntegrity:
===================================

Date: 2018-06-28 13:53:39.417
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-28 13:53:37.225
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-28 13:27:22.052
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-28 13:27:19.860
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-28 13:23:39.448
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-28 13:23:37.259
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-28 12:53:39.452
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-28 12:53:37.261
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-8100 CPU @ 3.60GHz
Percentage of memory in use: 27%
Total physical RAM: 8077.02 MB
Available physical RAM: 5883.18 MB
Total Virtual: 9357.02 MB
Available Virtual: 7201.91 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:904.42 GB) (Free:819.29 GB) NTFS
Drive d: (Recover) (Fixed) (Total:25 GB) (Free:6.5 GB) NTFS
Drive h: (Backup_C) (Fixed) (Total:297.83 GB) (Free:224.11 GB) NTFS
Drive i: (Movies) (Fixed) (Total:298.34 GB) (Free:265.43 GB) NTFS

\\?\Volume{7057a5b8-eac3-4dc9-94e5-a2fd42ea6dcc}\ () (Fixed) (Total:0.98 GB) (Free:0.59 GB) NTFS
\\?\Volume{b3d95e92-cc03-4399-a4a3-c7d3028aa12d}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6C68F81A)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: 8A93EB8C)
Partition 1: (Active) - (Size=297.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================