Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sluggish PC


  • This topic is locked This topic is locked
43 replies to this topic

#1 TimB48

TimB48

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 09 February 2017 - 03:33 PM

This PC is slow and unresponsive from startup and can take up to 40 minutes for HDD activity to cease. On checking in task manager there is a process running "GFI anti malware" which is using a lot of resources. There is also "GFI Languard" which appears to be a legitimate programme. I have tried uninstalling the anti malware without success. An error message appears from windows installer "error opening installation log file. Verify that the specified log file location exists and is writeable".

GFI do not have an anti malware programme, which leads me to be believe this is not what appears to be.

Your assistance would be appreciated.



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,937 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:28 PM

Posted 09 February 2017 - 06:10 PM

Hello TimB48 and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

GFI Languard is indeed a legitimate program but let’s run some scans.

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

===================================================

Run Security Check

Download Security Check by screen317 from here.

  • save it to your Desktop.
  • double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • a Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED!, try rebooting the system and then run SecurityCheck again.

 

Logs to include with next post:

Frst.txt
Addition.txt
checkup.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 satchfan

satchfan

  • Malware Response Team
  • 2,937 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:28 PM

Posted 13 February 2017 - 03:28 AM

Hi TimB48

It has been several days since I replied to your request for help with your computer problems.

Please let me know if you are having problems and still need help.

Thanks

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#4 TimB48

TimB48
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 13 February 2017 - 06:56 AM

Sorry have not had time to follow through with your advice but will be doing so today. Will post results as soon as I can, thank you.



#5 TimB48

TimB48
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 13 February 2017 - 07:02 AM

Unable to download "security check". Link shows account suspended. Any other source to download from?



#6 satchfan

satchfan

  • Malware Response Team
  • 2,937 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:28 PM

Posted 13 February 2017 - 08:31 AM

I too am busy but please let me know what is happening if your response is going to be more than 2 days after my post. Thanks

 

Apologies about the link - try this.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 TimB48

TimB48
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 13 February 2017 - 02:48 PM

Here is the result from Farbar. I will run Security Check tomorrow now I have managed to download it.

 

 

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2017
Ran by Ron (13-02-2017 15:41:31)
Running from G:\Ron
Windows 10 Pro Version 1511 (X64) (2016-02-04 23:46:39)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2022913626-2766758768-741264458-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2022913626-2766758768-741264458-1002 - Limited - Enabled)
DefaultAccount (S-1-5-21-2022913626-2766758768-741264458-503 - Limited - Disabled)
Guest (S-1-5-21-2022913626-2766758768-741264458-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2022913626-2766758768-741264458-1005 - Limited - Enabled)
Ron (S-1-5-21-2022913626-2766758768-741264458-1000 - Administrator - Enabled) => C:\Users\Ron
UpdatusUser (S-1-5-21-2022913626-2766758768-741264458-1003 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Managed Antivirus Managed Antivirus (Enabled - Up to date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Managed Antivirus Managed Antivirus (Enabled - Up to date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
ABBYY FineReader 10 Professional Edition (HKLM-x32\...\{F1000000-0001-0000-0000-074957833700}) (Version: 10.501.159.70013 - ABBYY)
ABBYY FineReader 11 (HKLM-x32\...\{F11000FE-0010-0000-0000-074957833700}) (Version: 11.11.136 - ABBYY)
ABBYY FineReader 9.0 Professional Edition (HKLM-x32\...\{F9000000-0001-0000-0000-074957833700}) (Version: 9.00.162.55015 - ABBYY)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Advanced Monitoring Agent Network Management (HKLM\...\{F88FE7C0-2B64-405B-9197-25F8BE135460}_is1) (Version: 28.0.0.883 - LogicNow, Ltd.)
Amazon 1Button App (x32 Version: 2.3.4 - Amazon) Hidden <==== ATTENTION
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Ask Toolbar Updater (HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.5.36191 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.5.36191 - Ask.com) <==== ATTENTION
Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon CanoScan 9000F II On-screen Manual (HKLM-x32\...\Canon CanoScan 9000F II On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon iP3500 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3500_series) (Version:  - )
Canon iP3500 series User Registration (HKLM-x32\...\Canon iP3500 series User Registration) (Version:  - )
Canon iP7200 series On-screen Manual (HKLM-x32\...\Canon iP7200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version:  - Canon Inc.)
Canon iP7200 series User Registration (HKLM-x32\...\Canon iP7200 series User Registration) (Version:  - Canon Inc.‎)
Canon iP8700 series On-screen Manual (HKLM-x32\...\Canon iP8700 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon iP8700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP8700_series) (Version:  - Canon Inc.)
Canon iP8700 series User Registration (HKLM-x32\...\Canon iP8700 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.1.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.1.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.3.0 - Canon Inc.)
CanoScan 9000F Mark II Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ9604) (Version:  - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
Creative Audio Pack (HKLM-x32\...\Creative Audio Pack) (Version:  - )
Creative Media Toolbox 6 (HKLM-x32\...\{F1A14CB2-A048-45A6-AFDA-3571296E1D76}) (Version: 6.02 - Creative Technology Limited)
Creative Media Toolbox 6 (Shared Components) (HKLM-x32\...\Uninstaller_B4736000_Creative Media Toolbox 6) (Version: 2.80.12 - Creative Labs)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EVGA Precision X 3.0.3 (HKLM-x32\...\PrecisionX) (Version: 3.0.3 - EVGA Corporation)
GFI LanGuard 11 Agent (x32 Version: 11.4.2015.0130 - GFI Software Ltd) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LG Burning Tool (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.6009 - CyberLink Corp.)
LG Burning Tool (x32 Version: 6.2.6009 - CyberLink Corp.) Hidden
LG CyberLink BD Advisor (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: 2.0.4606 - CyberLink Corp.)
LG CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
LG CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2820 - CyberLink Corp.)
LG CyberLink Media Suite (x32 Version: 8.0.2820 - CyberLink Corp.) Hidden
LG CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1622_37397b - CyberLink Corp.)
LG CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3402 - CyberLink Corp.)
LG CyberLink MediaShow (x32 Version: 4.1.3402 - CyberLink Corp.) Hidden
LG CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3424.52 - CyberLink Corp.)
LG CyberLink PowerDVD (x32 Version: 10.0.3424.52 - CyberLink Corp.) Hidden
LG CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2820a - CyberLink Corp.)
LG CyberLink PowerProducer (x32 Version: 5.0.2.2820a - CyberLink Corp.) Hidden
LG CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3718 - CyberLink Corp.)
LG CyberLink YouCam (x32 Version: 2.0.3718 - CyberLink Corp.) Hidden
LG Tool Kit (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
LightScribe System Software (HKLM-x32\...\{90538B62-F392-4DE1-B886-7B48123866E9}) (Version: 1.18.26.7 - LightScribe)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Managed Antivirus (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 6.2.5528 - GFI Software)
Managed Antivirus (x32 Version: 6.2.5528 - GFI Software) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Business 2016 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\OneDriveSetup.exe) (Version: 17.3.6764.0111 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM-x32\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nero 2016 (HKLM-x32\...\{9AFD4E43-C353-40B8-BDC6-6A80F66FA142}) (Version: 17.0.01500 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2000 - Nero AG)
Nmap 5.51 (HKLM-x32\...\Nmap) (Version:  - )
Nuance PaperPort 14 (HKLM-x32\...\{14CB3B82-FBDC-4462-919E-86147983F09B}) (Version: 14.5.0000 - Nuance Communications, Inc.)
Nuance PDF Create 7 (HKLM\...\{AAA715B7-02F9-4F2D-92C9-80EC63835AA1}) (Version: 7.10.6408 - Nuance Communications, Inc.)
Nuance PDF Create 7 (HKLM-x32\...\{AAA715B7-02F9-4F2D-92C9-80EC63835AA1}) (Version: 7.10.6408 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{FC984E39-43D0-4AB2-ACC7-A7B87977B009}) (Version: 7.20.3274 - Nuance Communications, Inc.)
NVIDIA 3D Vision Controller Driver 320.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.18 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0001 - Nuance Communications, Inc.)
PDF Creator (HKLM\...\PDF Creator) (Version:  - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF Writer Packages (HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\PDF Writer Packages) (Version:  - ) <==== ATTENTION
PDF Writer Packages (HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\PDF Writer Packages) (Version:  - ) <==== ATTENTION
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Picture Package Music Transfer (HKLM-x32\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.1.00.11270 - Sony Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Prerequisite installer (x32 Version: 17.0.0002 - Nero AG) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Rapport (x32 Version: 3.5.1804.81 - Trusteer) Hidden
Scansoft PDF Create (x32 Version:  - ) Hidden
Sony Picture Utility (HKLM-x32\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 3.0.02.12110 - Sony Corporation)
Stashimi Stub Installer (x32 Version: 18.001.1 - Nero AG) Hidden
Suite (x32 Version: 1.00.0000 - CyberLink Corp.) Hidden
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1804.81 - Trusteer)
Ulead Straight-to-Disc SDK (HKLM-x32\...\{07224AA9-2F2F-46A2-9A56-3B7B603B5E6C}) (Version: 3.5 - )
Ultimate Reference Suite (HKLM-x32\...\Ultimate Reference Suite) (Version: 2012.0.0.0 - Encyclopaedia Britannica, Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
USB Sound Blaster HD (HKLM-x32\...\{3BE06146-8ADC-47D7-9AD5-E5CABF1FF90C}) (Version: 1.0 - Creative Technology Limited)
VideoPlayer v2.0.6 (HKLM-x32\...\VideoPlayer) (Version: v2.0.6 - TUGUU SL) <==== ATTENTION
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Migration Assistant (HKLM-x32\...\{D8BC400A-9D14-468B-A674-1D76A987AAFC}) (Version: 1.0.1.3 - Apple Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2022913626-2766758768-741264458-1000_Classes\CLSID\{03E88EFD-E7E0-AD3D-5094-B211A02E169B}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00DC13BD-5C84-466D-A7EF-EEEB67B5C08D} - \SystemSockets\SystemSockets -> No File <==== ATTENTION
Task: {02BFF7A6-9B59-46A9-9E82-2E9D91785294} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {02FB6C75-1ECD-4A75-8FEF-A1FA71D55AFB} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe 
Task: {043B149E-2A68-47E3-919C-AFAD2EF791CC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {0AB2B1E4-7D97-4003-A448-DC7197A2C35A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-15] (Piriform Ltd)
Task: {0E065707-7BF0-4F65-90D5-4C042BF6AA99} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-rongreen7878@hotmail.co.uk => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {19842236-D45B-4A61-8C2D-8974F1356886} - System32\Tasks\4484 => Wscript.exe C:\Users\Ron\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {1A9449A9-D24E-438B-90B5-79ACD39D29F4} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {20E0FA52-D42A-4FC6-8C44-94BBCC89A5F8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {217A115F-E56D-46D8-BA93-8679C3D6CF07} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {23224B54-1EC5-4DF2-84E1-4E5804959640} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {26C5CAAD-6394-4EBA-895F-EA6C519C20A6} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{635C69AD-C337-4538-AF3E-1646141956B2}.exe  <==== ATTENTION
Task: {279D2E50-AF6F-42CF-B7FB-360CB2506F66} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {284E2F6B-0BD9-439A-BE49-824395A13496} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {28A26D1F-D868-43DC-B393-CEB8346B1BCE} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe 
Task: {2A40B456-4777-40CE-A6C2-990938ACB33B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {2F94F563-8B0B-4070-88EF-AD16CD97AF0B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {309E63AB-C428-4A92-AC23-F38649ECE53F} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-11-23] (Adobe Systems Incorporated)
Task: {30CA5E66-7ED2-4D1A-B71C-EAD2E38B2464} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {30FFBC21-4308-4B35-8CDB-C6497047F3A5} - \ProtectedSearch\Protected Search -> No File <==== ATTENTION
Task: {36E4D18E-6813-4C63-A3B3-13D28880003A} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {3F244821-98B6-431D-A5BE-6A031CD40497} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {41E14234-D002-4E8D-903A-FF13B8D97C08} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {44F80265-1D24-4C3D-89BC-8DDC8FD31D15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {45E60FA5-1B9B-45C5-8CC1-FA8218D23BFA} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {4BA09583-FC4F-422F-B0F9-F3AC6F3100CC} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {4CB8894E-9F05-4090-9DCD-D98EAB07BFA7} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {59569323-50B3-46AA-AC01-F75D03A37B7A} - System32\Tasks\AdobeAAMUpdater-1.0-RonsNo2-Ron => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {5F2DE7E8-3752-4ED4-8846-6A0EEA8BB52A} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2015-06-04] (Nero AG)
Task: {60522D17-AA4B-44E8-BC98-4D17A83D6DBF} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {683027FD-8A7D-4F41-918F-F3C9A7539899} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {6E4E1EE2-9027-4E29-80F9-3BDFA4EF4BCB} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {73B00244-B9E4-42B2-9921-45C5032158B0} - \AdobeFlashPlayerUpdate -> No File <==== ATTENTION
Task: {7AFBD763-99F7-48BB-BB65-9DA6F9553C9A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {7DBCAAE3-4EA5-4755-AA40-B177AD9EAB87} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {802A147A-8A5A-46DE-ACD9-C473929FC71F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8517BF08-06D4-4856-A042-1FDD216FB991} - System32\Tasks\{295FE63D-83AF-4F70-8684-11975BFC9EF5} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exe" -c UNINSTALL /l0x0009
Task: {8EE0E165-8049-4FD9-9E71-39165C0F9AFE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe 
Task: {8FF20BAB-A60A-41AA-BFDA-F468D198F595} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {9B0DA976-3ED0-4F29-A893-00F0FBAADC31} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A21D9072-8368-4339-86A7-86A2142B0C0F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-11-23] (Adobe Systems Incorporated)
Task: {AA166754-F86D-428F-BD49-E23F48464692} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {AABF8971-34A8-45A3-B754-B2C9351D2909} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {AB313BA1-F9FA-4970-9508-16B07B32A2F0} - \AdobeFlashPlayerUpdate 2 -> No File <==== ATTENTION
Task: {AC584293-11A6-48EB-9D5C-7286FA79B784} - \BrowserSafeguard -> No File <==== ATTENTION
Task: {B1569056-1190-46A5-9057-D6C89DBA2637} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {B874FA52-7577-499B-991F-0DFACA7D1F09} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B9128E5D-B944-4C22-AED7-F6AC19E9C4B2} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {BB8DB4CD-E36F-4E4C-9663-EC535DF3E631} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {BBB6D74F-92D3-4805-9468-4047270E0DF8} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe 
Task: {BEE5BCEF-5B32-40F2-ACB1-0A53FF1B2D31} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C0F585CF-EBE1-496C-848F-4C6E693E9027} - System32\Tasks\QtraxPlayer => "C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe" 3859010362.portal.qtrax.com
Task: {C27B9EDA-37F1-4C25-A7C9-17B460CD6077} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C2FC4D06-DC03-453B-AB7C-D5869E1700EC} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe 
Task: {C57FA6E8-C4CB-4B8C-AE60-21E71A967AE1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {C8E038E5-BCDD-49E0-9D38-44CF11B36962} - \Browser Updater\Browser Updater -> No File <==== ATTENTION
Task: {CA953812-973D-4EC6-93B3-5F672B2D01E8} - System32\Tasks\{F8BC2B27-B5EA-44FE-93B2-628451DA0C04} => C:\Program Files (x86)\Pinnacle\MediaCenter\PMC.exe 
Task: {CEF995FE-8FC9-49F5-96DC-5771690B01A4} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe 
Task: {D24E6C8C-5C9C-4EA7-A35B-2BBD8DF0447C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {D765A4E2-F5E6-4B85-AD16-2011129C57DF} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-06-22] (Oracle Corporation)
Task: {D9355858-8F97-4636-AE75-AAF71B5791F8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe 
Task: {E92F428F-97F6-4BA4-BE04-417D489A1B5C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {EEE01588-3C26-4ABA-9E62-AC37F7A5DDC0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {EF56D041-A656-431F-8078-9F76774DA14A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F1D70436-CEB0-4AE3-8098-EF92E1803F85} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe 
Task: {FB548BEB-31F6-487F-8D85-C71FD24EF4CD} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {FD5BA760-0CB7-47E9-BC8C-E3FC3F12FFFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {FDC8FB0F-67D6-4F9A-AD7D-983FE26DE3BB} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {FEB96025-7869-4D92-A325-27D819CD01D8} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{635C69AD-C337-4538-AF3E-1646141956B2}.exe <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-05-29 10:21 - 2011-10-04 21:43 - 00087552 _____ () C:\WINDOWS\System32\custmon64i.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-08 01:16 - 2009-07-02 14:02 - 00244904 ____R () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-12-19 13:26 - 2012-03-28 12:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2015-10-30 07:18 - 2015-10-30 07:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-02-04 23:23 - 2016-12-29 12:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-11-10 15:12 - 2016-10-25 09:42 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-11-10 15:12 - 2016-10-25 09:42 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-26 16:09 - 2016-12-28 17:03 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-02-05 07:12 - 2016-02-05 07:12 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 16:08 - 2016-07-01 03:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-11-10 15:12 - 2016-10-25 04:49 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-10 15:12 - 2016-10-25 04:44 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-10 15:12 - 2016-10-25 04:45 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-10 15:12 - 2016-10-25 04:48 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-09-17 16:20 - 2013-01-25 10:08 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2014-09-17 16:20 - 2013-01-25 10:06 - 00328704 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2016-12-06 11:13 - 2015-08-03 09:39 - 00292352 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\systray\SysTray.exe
2016-04-19 10:56 - 2016-04-19 10:56 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-01-30 11:23 - 2015-01-30 11:23 - 00434288 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\11\apistrings.dll
2015-01-30 11:26 - 2015-01-30 11:26 - 00128624 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\11\httpserverattplugin.dll
2015-01-30 11:29 - 2015-04-16 11:31 - 00325744 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\11\patchautodownload.dll
2015-02-03 13:18 - 2015-02-03 13:18 - 00407664 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\11\modlop.dll
2015-01-30 11:30 - 2015-01-30 11:30 - 00241776 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\11\scanmngsys.dll
2015-01-30 11:31 - 2015-01-30 11:31 - 00064624 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\11\schedcompactdb.dll
2015-01-30 11:31 - 2015-01-30 11:31 - 00089200 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\11\schedupdates.dll
2016-12-06 11:05 - 2015-06-26 03:13 - 00184184 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\managedav\Definitions\libBase64.dll
2016-12-06 11:05 - 2015-06-26 03:13 - 00175992 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\managedav\Definitions\libMachoUniv.dll
2015-06-02 14:51 - 2015-06-02 14:51 - 00545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-09-01 17:13 - 2016-09-01 17:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2009-12-15 13:46 - 2009-12-15 13:46 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-12-15 13:49 - 2009-12-15 13:49 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2016-04-19 10:56 - 2016-04-19 10:56 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 10:56 - 2016-04-19 10:56 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [131]
AlternateDataStreams: C:\ProgramData\Temp:FD9CE1F3 [240]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\amazon.co.uk -> hxxps://amazon.co.uk
IE trusted site: HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\driversupport.com -> hxxps://apps.driversupport.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:34 - 2016-12-06 11:10 - 00003083 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 localhost
127.0.0.1 192.150.14.69
127.0.0.1 192.150.18.101
127.0.0.1 192.150.18.108
127.0.0.1 192.150.22.40
127.0.0.1 192.150.8.100
127.0.0.1 192.150.8.118
127.0.0.1 209-34-83-73.ood.opsource.net
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
 
There are 38 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 212.159.6.10 - 212.159.6.9
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: WRSVC => "C:\Program Files\Webroot\WRSA.exe" -ul
HKLM\...\StartupApproved\Run: => "VX6000"
HKLM\...\StartupApproved\Run32: => "BDRegion"
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKLM\...\StartupApproved\Run32: => "PPort14reminder"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "LGODDFU"
HKLM\...\StartupApproved\Run32: => "LifeCam"
HKLM\...\StartupApproved\Run32: => "UCam_Menu"
HKLM\...\StartupApproved\Run32: => "UpdateP2GoShortCut"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "PDFCreHook"
HKLM\...\StartupApproved\Run32: => "PDFProHook"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "PDF7 Registry Controller"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "SBAMTray"
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\StartupApproved\StartupFolder: => "Picture Motion Browser Media Check Tool.lnk"
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\StartupApproved\Run: => "LightScribe Control Panel"
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\StartupApproved\Run: => "Sidebar"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [{9BD4909F-24D9-4C8E-8D22-9CCF47595340}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{20FC35BC-CAF1-47DF-B25C-098A700FF953}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DC9B8AE2-E726-4843-AE9E-FE7060017AC4}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3B65B012-B361-4BFC-A2C9-3E3581CDB033}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6D247807-FABE-45E3-B563-0C2AE2A74055}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{3EC7B904-ED40-49A7-8E39-8B313BD4D838}] => C:\Users\Ron\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{BE416981-0CE4-4043-8D48-4662C16092E0}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D8D583C3-8A15-41FA-B9A7-1A8973DCADBB}] => LPort=1900
FirewallRules: [{175A0502-FADE-4AF1-9053-74E1FB89C6D2}] => LPort=2869
FirewallRules: [{EB5693F4-0BD1-44E6-AB0A-D634FF951CC8}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F957BB7E-3E06-482A-BACF-AE9575168B41}] => C:\SoloApp\IEDriverServer.exe
FirewallRules: [{B94205CF-B696-4156-BD0A-903DB79FF234}] => C:\SoloApp\IEDriverServer.exe
FirewallRules: [{2892FF94-4615-4433-8CC2-C0A392113E11}] => C:\SoloApp\chromedriver.exe
FirewallRules: [{4443AD46-DCB2-492F-B420-A036629E07A6}] => C:\SoloApp\chromedriver.exe
FirewallRules: [{3B3B7B83-20C9-4AA8-82C3-ABA6A9EB308A}] => C:\SoloApp\WebDriver.dll
FirewallRules: [{8FA26414-EAB2-4325-875E-9FBF58055B82}] => C:\SoloApp\WebDriver.dll
FirewallRules: [{D8BBB845-CC30-4B49-B97A-AA2634D15BC0}] => C:\SoloApp\SoloApp.exe
FirewallRules: [{B7AA72A0-ED38-42EE-8956-A6EB3779FB30}] => C:\SoloApp\SoloApp.exe
FirewallRules: [{F5BB2328-8F45-4F39-9166-6B4EEF34BF6D}] => C:\SoloApp\IEDriverServer.exe
FirewallRules: [{BC4553C3-41F0-4FA9-9ACE-FEA7E09F0D73}] => C:\SoloApp\IEDriverServer.exe
FirewallRules: [{79D97064-E7AB-4A3C-8D68-AFE2A34C5231}] => C:\SoloApp\chromedriver.exe
FirewallRules: [{0C411C81-A177-42B7-94FE-32EB8D8E1286}] => C:\SoloApp\chromedriver.exe
FirewallRules: [{02E33348-AD4F-44F0-B75C-D79C26C84F2D}] => C:\SoloApp\WebDriver.dll
FirewallRules: [{315CBF37-EC0E-4BF8-B6A6-9C3A02AC177D}] => C:\SoloApp\WebDriver.dll
FirewallRules: [{8FE99C76-8EE9-4FF1-85E4-4282374CCD54}] => C:\SoloApp\SoloApp.exe
FirewallRules: [{610F2580-9C4D-40A2-ABBF-2EAEF78F25FA}] => C:\SoloApp\SoloApp.exe
FirewallRules: [{69F8F007-AC78-4C1F-853A-C9C852C69491}] => C:\SoloApp\IEDriverServer.exe
FirewallRules: [{A0529077-12AC-477A-8C21-E7C92EDAAB22}] => C:\SoloApp\IEDriverServer.exe
FirewallRules: [{5C530356-5B37-48E3-8636-6E109C0F337D}] => C:\SoloApp\chromedriver.exe
FirewallRules: [{E324B950-A95E-4EDA-9226-2F817F536269}] => C:\SoloApp\chromedriver.exe
FirewallRules: [{FDB9ACE5-9DD5-40D8-AA48-3A88C879DAB3}] => C:\SoloApp\WebDriver.dll
FirewallRules: [{F0486B44-8228-4382-9C3D-B880221191E7}] => C:\SoloApp\WebDriver.dll
FirewallRules: [{92F49293-F980-402A-B044-64EEC7DE5BB6}] => C:\SoloApp\SoloApp.exe
FirewallRules: [{DB58C52C-0DDB-4D69-B120-42AB1D1BDED4}] => C:\SoloApp\SoloApp.exe
FirewallRules: [{DC6DBC9A-59E4-4639-87EF-E1760896CB4F}] => C:\SoloApp\IEDriverServer.exe
FirewallRules: [{6FD1A278-6190-48A1-94B7-D7B77B168A40}] => C:\SoloApp\IEDriverServer.exe
FirewallRules: [{6384B0EB-9D50-47E0-A999-7B0B542705B9}] => C:\SoloApp\chromedriver.exe
FirewallRules: [{725DBE58-1498-41CA-8A07-85EEAE37A333}] => C:\SoloApp\chromedriver.exe
FirewallRules: [{89B07B68-8936-44B4-AD55-7658A71FC386}] => C:\SoloApp\WebDriver.dll
FirewallRules: [{5EDFC566-8163-4FC0-BA23-A83DDE7B43DE}] => C:\SoloApp\WebDriver.dll
FirewallRules: [{4AD9BFF6-25C1-4D46-AE17-9C1E58352EFE}] => C:\SoloApp\SoloApp.exe
FirewallRules: [{2D5C5976-C29E-4E44-973C-539F75C64929}] => C:\SoloApp\SoloApp.exe
FirewallRules: [{ED15F2BC-ADDD-414F-8C18-7634BBC5E740}] => C:\SoloApp\IEDriverServer.exe
FirewallRules: [{5F6DDE4C-0003-4262-A6BB-1478B1B13BDE}] => C:\SoloApp\IEDriverServer.exe
FirewallRules: [{ABD0193D-E97B-4040-A89E-7F570F9F36B5}] => C:\SoloApp\chromedriver.exe
FirewallRules: [{870A4AE2-43BD-4AD2-B578-F0AF541189C8}] => C:\SoloApp\chromedriver.exe
FirewallRules: [{875AD864-2061-443D-801E-5C05C501B47A}] => C:\SoloApp\WebDriver.dll
FirewallRules: [{415F67D1-3A06-4A49-8C47-E14CEB86E684}] => C:\SoloApp\WebDriver.dll
FirewallRules: [{83ECD8B1-92E3-4A44-8907-726AE755F3D3}] => C:\SoloApp\SoloApp.exe
FirewallRules: [{A910B961-DCAD-4309-B75D-BA2E99CD8680}] => C:\SoloApp\SoloApp.exe
FirewallRules: [{BD1E2314-6988-43AE-A436-978B0ED9260E}] => C:\SoloApp\IEDriverServer.exe
FirewallRules: [{144A064E-F596-4F8B-BF78-552B5CABC596}] => C:\SoloApp\IEDriverServer.exe
FirewallRules: [{3F9CC656-7B5D-44C2-B0CC-E2F578692ABA}] => C:\SoloApp\chromedriver.exe
FirewallRules: [{6E94D564-AF2F-43BB-B18F-4368918964E8}] => C:\SoloApp\chromedriver.exe
FirewallRules: [{0A4B9F03-AFB0-4634-B3C3-0927371A9279}] => C:\SoloApp\WebDriver.dll
FirewallRules: [{10D1E358-3505-47BD-81F3-28ABA17C934E}] => C:\SoloApp\WebDriver.dll
FirewallRules: [{1D74395D-C7E4-4344-97DF-09713A368389}] => C:\SoloApp\SoloApp.exe
FirewallRules: [{9BF3AA74-29E7-46B7-A07C-5884C0795A22}] => C:\SoloApp\SoloApp.exe
FirewallRules: [{FAF947DA-FA60-4677-B8A4-2C6FABC52134}] => C:\SoloApp\IEDriverServer.exe
FirewallRules: [{03F1D274-A2F7-4A9D-8D51-7488DAE1969A}] => C:\SoloApp\IEDriverServer.exe
FirewallRules: [{15B2C5FD-0684-45D3-9F15-3B5A8256AE84}] => C:\SoloApp\chromedriver.exe
FirewallRules: [{5AFB9D2E-8463-487F-B42C-A42C4897E8A2}] => C:\SoloApp\chromedriver.exe
FirewallRules: [{AC3D92E9-5DC2-4205-93C6-BB0FC16940DB}] => C:\SoloApp\WebDriver.dll
FirewallRules: [{7F0E26E7-7E70-4656-91BC-B58DC1DCDA72}] => C:\SoloApp\WebDriver.dll
FirewallRules: [{98B80692-5113-416D-949F-F3F672618A54}] => C:\SoloApp\SoloApp.exe
FirewallRules: [{2F23CCC6-752C-4D8E-8C8F-D2804F28B588}] => C:\SoloApp\SoloApp.exe
FirewallRules: [{E5A7EC4C-975A-4A54-BE8C-EAAFFB0C63E1}] => C:\SoloApp\IEDriverServer.exe
FirewallRules: [{102EFEA1-9DE0-4911-ACDE-376A4FD41B9B}] => C:\SoloApp\IEDriverServer.exe
FirewallRules: [{44F5D863-4B63-47EB-9DED-591D2E348B1C}] => C:\SoloApp\chromedriver.exe
FirewallRules: [{F95A99BE-CAB1-47D8-B757-B43001D63E99}] => C:\SoloApp\chromedriver.exe
FirewallRules: [{FDA876D0-30EB-4075-A24B-F774BB812EA1}] => C:\SoloApp\WebDriver.dll
FirewallRules: [{24C7AEA6-1C8B-4FC9-8FFD-257AD1C3CECD}] => C:\SoloApp\WebDriver.dll
FirewallRules: [{AB9CCF25-41B8-4519-897B-3BD190DB7603}] => C:\SoloApp\SoloApp.exe
FirewallRules: [{4919359F-D487-457A-9901-29D1F63F816C}] => C:\SoloApp\SoloApp.exe
FirewallRules: [{0BB1FF51-D853-4C79-B0A5-20806C76314C}] => C:\SoloApp\IEDriverServer.exe
FirewallRules: [{3DADD89B-6589-42DD-B649-956B88391A22}] => C:\SoloApp\IEDriverServer.exe
FirewallRules: [{22444B0E-C248-45B7-8FB0-019851D9939F}] => C:\SoloApp\chromedriver.exe
FirewallRules: [{DF7BD435-F792-4208-A8EE-254E1A765E12}] => C:\SoloApp\chromedriver.exe
FirewallRules: [{09F0AFA2-3E5C-4391-98A7-C6C6FA47C24C}] => C:\SoloApp\WebDriver.dll
FirewallRules: [{0D12E8F6-92E0-4198-B0AB-D1721ABE1DFF}] => C:\SoloApp\WebDriver.dll
FirewallRules: [{47FC12F9-61FC-4D80-B12F-136199693BE2}] => C:\SoloApp\SoloApp.exe
FirewallRules: [{89746B22-BDB3-4716-B345-1BE13057FFDF}] => C:\SoloApp\SoloApp.exe
FirewallRules: [{02A7D1B8-2F35-4B3E-AE04-9D6C03F8D815}] => C:\SoloApp\IEDriverServer.exe
FirewallRules: [{53F51C3D-44D1-45E2-A845-A1720849657E}] => C:\SoloApp\IEDriverServer.exe
FirewallRules: [{84061E6A-2384-4528-89B6-FF3782E5E772}] => C:\SoloApp\chromedriver.exe
FirewallRules: [{6E6A6B21-ABE7-4224-8557-DBC1474D4C70}] => C:\SoloApp\chromedriver.exe
FirewallRules: [{2FE591A5-7CB1-49F7-9579-2824332C5348}] => C:\SoloApp\WebDriver.dll
FirewallRules: [{22A3C879-BC59-4666-83F1-7808C96F9EF8}] => C:\SoloApp\WebDriver.dll
FirewallRules: [{F8289EC6-A62B-4ADE-9F72-9B9998B9935B}] => C:\SoloApp\SoloApp.exe
FirewallRules: [{F4F1EEC7-921D-49DF-881E-D03884682403}] => C:\SoloApp\SoloApp.exe
FirewallRules: [{B0C89A03-1A45-4A7C-B74B-FCDD30F93AC1}] => C:\SoloApp\IEDriverServer.exe
FirewallRules: [{FD9CA79E-5264-47CD-917D-F3404ECB250D}] => C:\SoloApp\IEDriverServer.exe
FirewallRules: [{3B1481AE-0E70-422E-AA5F-2ED063537FCD}] => C:\SoloApp\chromedriver.exe
FirewallRules: [{908264EC-87F2-4B77-8925-D7EB27CFBBCA}] => C:\SoloApp\chromedriver.exe
FirewallRules: [{030B5439-52B9-4524-9D51-EB651CAEECE3}] => C:\SoloApp\WebDriver.dll
FirewallRules: [{445DF67C-6E08-4A14-A2AF-4FC3C7A0450B}] => C:\SoloApp\WebDriver.dll
FirewallRules: [{4B4CFEC6-6EEA-4FE0-BB8B-B15C2D8A0195}] => C:\SoloApp\SoloApp.exe
FirewallRules: [{C481DE85-FE7A-4F5A-B4E9-14EB0E446310}] => C:\SoloApp\SoloApp.exe
FirewallRules: [{531917A9-C251-4254-B7EF-FEE7EEFD6B91}] => C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{37B784AF-CE46-4936-B498-4537434FC148}] => C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{BB4846C5-8ED8-4CD5-BD80-6A255E014046}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{3D469F8A-4AB0-42BD-879B-E75C129E23D9}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{A5F003D9-946A-4C3A-AC26-37E5B24EB9A0}] => C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{7978713E-1E2A-4819-A564-6CBEFECA2728}] => C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{E85D831B-454E-4AF8-A56E-8FB604D44683}] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{18855A1B-1FAC-4E47-A455-671C131F5719}] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{910109BB-D859-4850-B98D-33E6CA5595BE}] => C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{BE33889E-476C-40A7-BBAC-969309DC26B7}] => C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{36582B7E-F387-4B63-A8A8-964044E30756}] => C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{21633CA8-0ED4-407A-BECE-4EB8517FF1ED}] => C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{37AC8EDE-EA5C-4B0D-A7D0-97E93D3F6FC8}] => C:\Program Files (x86)\Common Files\Apple\Windows Migration Assistant\MigrationAssistant.exe
FirewallRules: [{B5DAB2F9-58C2-40BD-96DB-0B87B008511E}] => C:\Program Files (x86)\Common Files\Apple\Windows Migration Assistant\MigrationAssistant.exe
FirewallRules: [{DAF8E89B-D802-406E-960A-EC42D91862A9}] => C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{B9CD4850-F020-499D-BFB7-4CD01235FCCB}] => C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{4F2BDCF0-7014-4AEA-B6CE-9AF999379DFD}] => C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\StartNBR.exe
FirewallRules: [{62FC7A3C-47D1-4A40-830B-DFFA5692FA82}] => C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{62C9366D-7C1E-498A-A1A5-A7FF6BFF32CA}] => C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\nero.exe
FirewallRules: [{5E87CD8B-6CF2-4B29-97D3-15220AAB5C7C}] => C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBAMSvc.exe
FirewallRules: [{85757857-260B-41CC-84FC-A594DFAE48A7}] => C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBAMSvc.exe
FirewallRules: [{2058AEF8-4003-4D3D-AB22-376E43812A72}] => C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBAMSvc.exe
FirewallRules: [{01C73FA4-BC21-472C-A545-E67BB58A09BC}] => C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBAMSvc.exe
FirewallRules: [{84829FE3-3CE6-42D9-91CD-EB5E60EFCF38}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E4455578-FAF4-4DA4-AE3D-532F67DC4672}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{CEFB95F2-014F-4B79-AE6D-0E45ACC5FA3B}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{78C1ED57-F3B0-4E44-ACCD-727805850AE0}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{93CAD9BB-8D91-4A7A-B312-82AF37D03AF0}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E774B5D9-8750-453E-B3AD-F5434FE4B436}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{931DE6A0-7FF2-4BB4-A641-A251F4B8E5C9}] => C:\Program Files\Advanced Monitoring Agent Network Management\NetworkManagement.exe
FirewallRules: [{DF168D07-E4EE-4854-A7B1-8BC88C196B15}] => C:\Program Files\Advanced Monitoring Agent Network Management\NetworkManagement.exe
 
==================== Restore Points =========================
 
31-12-2016 14:40:16 Scheduled Checkpoint
30-01-2017 13:50:12 Scheduled Checkpoint
07-02-2017 12:23:38 Installed Rapport
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/13/2017 03:29:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PPLINKS.EXE, version: 14.5.13264.1414, time stamp: 0x51922cea
Faulting module name: ntdll.dll, version: 10.0.10586.672, time stamp: 0x580efaf8
Exception code: 0xc000000d
Fault offset: 0x000ea21c
Faulting process id: 0x22d8
Faulting application start time: 0x01d2860db82bc1b4
Faulting application path: C:\Users\Ron\PaperPort\PPLINKS.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 5c10417c-1c1e-404d-91c7-dda1cb455645
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/13/2017 01:05:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1063
 
Error: (02/13/2017 01:05:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1063
 
Error: (02/13/2017 01:05:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/13/2017 11:14:02 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location G:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (02/13/2017 11:13:42 AM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1714.The older version of Adobe Refresh Manager cannot be removed.  Contact your technical support group.  System Error 1612.
 
Error: (02/11/2017 03:36:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 10
 
Error: (02/09/2017 04:57:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: RONSNO2)
Description: Package Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.
 
Error: (02/09/2017 04:37:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PPLINKS.EXE, version: 14.5.13264.1414, time stamp: 0x51922cea
Faulting module name: ntdll.dll, version: 10.0.10586.672, time stamp: 0x580efaf8
Exception code: 0xc000000d
Fault offset: 0x000ea21c
Faulting process id: 0x26ac
Faulting application start time: 0x01d282ef7f404b7e
Faulting application path: C:\Users\Ron\PaperPort\PPLINKS.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: f0aab4f5-9e02-44c9-8162-c5223f79cd90
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/09/2017 04:06:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: RONSNO2)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.
 
 
System errors:
=============
Error: (02/13/2017 11:19:06 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: Microsoft .Net Native Framework Package 1.2.23205.0.
 
Error: (02/13/2017 11:12:26 AM) (Source: DCOM) (EventID: 10016) (User: RONSNO2)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user RonsNo2\Ron SID (S-1-5-21-2022913626-2766758768-741264458-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/13/2017 11:12:26 AM) (Source: DCOM) (EventID: 10016) (User: RONSNO2)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user RonsNo2\Ron SID (S-1-5-21-2022913626-2766758768-741264458-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/13/2017 11:12:26 AM) (Source: DCOM) (EventID: 10016) (User: RONSNO2)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user RonsNo2\Ron SID (S-1-5-21-2022913626-2766758768-741264458-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/13/2017 11:12:26 AM) (Source: DCOM) (EventID: 10016) (User: RONSNO2)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user RonsNo2\Ron SID (S-1-5-21-2022913626-2766758768-741264458-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/13/2017 11:12:14 AM) (Source: DCOM) (EventID: 10016) (User: RONSNO2)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user RonsNo2\Ron SID (S-1-5-21-2022913626-2766758768-741264458-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/13/2017 11:12:14 AM) (Source: DCOM) (EventID: 10016) (User: RONSNO2)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user RonsNo2\Ron SID (S-1-5-21-2022913626-2766758768-741264458-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/13/2017 11:12:14 AM) (Source: DCOM) (EventID: 10016) (User: RONSNO2)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user RonsNo2\Ron SID (S-1-5-21-2022913626-2766758768-741264458-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/13/2017 11:12:14 AM) (Source: DCOM) (EventID: 10016) (User: RONSNO2)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user RonsNo2\Ron SID (S-1-5-21-2022913626-2766758768-741264458-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/13/2017 11:12:01 AM) (Source: DCOM) (EventID: 10016) (User: RONSNO2)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user RonsNo2\Ron SID (S-1-5-21-2022913626-2766758768-741264458-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2017-01-31 04:20:39.636
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-31 03:42:29.716
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-30 16:06:55.438
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-27 13:21:25.668
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-01-27 13:21:25.640
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-01-27 13:21:25.531
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-01-27 13:21:25.325
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-01-27 13:21:25.257
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-01-27 13:21:25.187
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-01-27 13:21:24.315
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 20%
Total physical RAM: 16346.09 MB
Available physical RAM: 12951.74 MB
Total Virtual: 32730.09 MB
Available Virtual: 28912.71 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:930.97 GB) (Free:806.45 GB) NTFS
Drive f: (Second Drive) (Fixed) (Total:232.88 GB) (Free:158.7 GB) NTFS
Drive g: (CORSAIR) (Removable) (Total:7.52 GB) (Free:4.81 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: FA85FEBC)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6D9E0F84)
Partition 1: (Active) - (Size=84 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
 
========================================================
Disk: 2 (Size: 7.5 GB) (Disk ID: 04DD5721)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0C)
 
==================== End of Addition.txt ============================
 
 
Frst.txt
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2017
Ran by Ron (administrator) on RONSNO2 (13-02-2017 15:40:00)
Running from G:\Ron
Loaded Profiles: Ron & UpdatusUser (Available Profiles: Ron & UpdatusUser & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\System32\mqsvc.exe
(ABBYY) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Remote Monitoring) C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe
(VIA Technologies, Inc.) C:\WINDOWS\System32\ViakaraokeSrv.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Nuance Communications, Inc.) C:\Users\Ron\PaperPort\PDFProFiltSrvPP.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(ABBYY (BIT Software)) C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(GFI Software Development Ltd.) C:\Program Files (x86)\Advanced Monitoring Agent\patchman\11\lnssatt.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBAMSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(LogicNow Ltd) C:\Program Files\Advanced Monitoring Agent Network Management\NetworkManagement.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ABBYY) C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\USB Sound Blaster HD\Volume Panel\VolPanlu.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
() C:\Program Files (x86)\Advanced Monitoring Agent\systray\SysTray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Nuance Communications, Inc.) C:\Users\Ron\PaperPort\pptd40nt.exe
(Microsoft Corporation) C:\WINDOWS\System32\wbem\WMIADAP.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-12-15] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-09-28] (cyberlink)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-11-08] (Bitleader)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [Bonus.SSR.FR11] => C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [1348176 2012-09-17] (ABBYY)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\USB Sound Blaster HD\Volume Panel\VolPanlu.exe [241757 2010-12-08] (Creative Technology Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Users\Ron\PaperPort\pptd40nt.exe [36168 2013-05-14] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Users\Ron\PaperPort\IndexSearch.exe [18248 2013-05-14] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort14reminder] => "C:\Users\Ron\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\14\Config\Ereg\Ereg.ini"
HKLM-x32\...\Run: [PDFProHook] => C:\Users\Ron\PDFViewer\pdfpro7hook.exe [641864 2013-03-20] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFCreHook] => C:\Users\Ron\PDFCreate\pdfcreate7hook.exe [605512 2013-03-26] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF7 Registry Controller] => C:\Users\Ron\PDFCreate\RegistryController.exe [140616 2013-03-26] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Scheduling Agent] => C:\Program Files (x86)\Creative\MediaToolbox6\Manage Recording Schedule\MTScdAgt.exe [1730086 2007-04-12] (Creative Technology Ltd)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282632 2013-07-23] (CANON INC.)
HKLM-x32\...\Run: [AdvancedMonitoringSysTray] => C:\Program Files (x86)\Advanced Monitoring Agent\systray\Launcher.exe [292352 2015-08-03] ()
HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBAMTray.exe [3232152 2013-05-28] (Managed Antivirus)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2012-07-02] (Hewlett-Packard Company)
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1084688 2016-04-21] (Apple Inc.)
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2012-07-02] (Hewlett-Packard Company)
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk [2016-12-05]
ShortcutTarget: Picture Motion Browser Media Check Tool.lnk -> C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-12-05]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-2022913626-2766758768-741264458-1003] => Proxy is enabled.
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 212.159.6.10 212.159.6.9
Tcpip\..\Interfaces\{b13c0eed-3d81-4b48-9724-2530b5c23389}: [DhcpNameServer] 212.159.6.10 212.159.6.9
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://i.search.metacrawler.com/?f=1&a=ironmc2&cd=2XzuyEtN2Y1L1QzuzytDtB0BtAyEtAtDzyyCzy0CyD0DtDyCtN0D0Tzu0CyCzzzztN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu&cr=2119043354&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.zen.co.uk/
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-2022913626-2766758768-741264458-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2022913626-2766758768-741264458-1000 -> {7F95CAF9-7AE4-4BDC-9049-C8ECBFDD791E} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie10
SearchScopes: HKU\S-1-5-21-2022913626-2766758768-741264458-1000 -> {A5CC386B-5E2C-4BB6-987B-3F83BA73B5C2} URL = hxxp://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2022913626-2766758768-741264458-1003 -> DefaultScope {078E3EC5-40A1-9944-9069-40FB647AC928} URL = 
SearchScopes: HKU\S-1-5-21-2022913626-2766758768-741264458-1003 -> {86DFF96B-C809-43E3-9861-4B6BD83EED2C} URL = hxxp://www.flickr.com/search/?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Users\Ron\PDFViewer\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-21] (Oracle Corporation)
BHO-x32: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Users\Ron\PDFCreate\Bin\ZeonIEFavClient.dll [2011-03-25] (Zeon Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-21] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Users\Ron\PDFCreate\Bin\ZeonIEFavClient.dll [2011-03-25] (Zeon Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-2022913626-2766758768-741264458-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2022913626-2766758768-741264458-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-2022913626-2766758768-741264458-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {34DC66DB-E913-40A1-A2DD-53A1B9E90CAC} hxxps://col0-sec.mail.live.com/mail/resources/MailMigrationTool.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
 
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-2022913626-2766758768-741264458-1000 -> hxxp://www.google.co.uk/
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-02-02] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-02-02] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-08-28] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Users\Ron\PDFViewer\bin\nppdf.dll [2011-07-15] (Zeon Corporation)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> amazon.co.uk/gp/bit/amazonserp/?ie=UTF8__PARAM__
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default [2017-02-09]
CHR Extension: (Adobe Acrobat) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-27]
CHR Extension: (AdBlock) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-27]
CHR Extension: (Chrome Media Router) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-09]
CHR HKU\S-1-5-21-2022913626-2766758768-741264458-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2022913626-2766758768-741264458-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [meagncggdmaklghgpmpljnedbdoepioa] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jlceijfdfeghdhmmbhbcffanmcggoojf] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Professional.10.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [814344 2009-12-22] (ABBYY)
R2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [821840 2012-07-19] (ABBYY)
R2 ABBYY.Licensing.FineReader.Professional.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [759072 2008-10-27] (ABBYY (BIT Software))
R2 Advanced Monitoring Agent; C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe [8833536 2016-08-29] (Remote Monitoring)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-09-18] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-09-17] (Creative Labs) [File not signed]
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2014-09-18] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 gfi_lanss11_attservice; C:\Program Files (x86)\Advanced Monitoring Agent\patchman\11\lnssatt.exe [167024 2015-01-30] (GFI Software Development Ltd.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2012-06-27] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NetworkManagement; C:\Program Files\Advanced Monitoring Agent Network Management\NetworkManagement.exe [281240 2016-09-07] (LogicNow Ltd)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 PDFProFiltSrvPP; C:\Users\Ron\PaperPort\PDFProFiltSrvPP.exe [77640 2013-05-14] (Nuance Communications, Inc.)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2401264 2017-01-22] (IBM Corp.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] () [File not signed]
R2 SBAMSvc; C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBAMSvc.exe [3681016 2013-05-28] (ThreatTrack Security, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2005-01-31] (Ulead Systems, Inc.) [File not signed]
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation)
S2 HitmanPro37CrusaderBoot; "C:\Users\Ron\Desktop\hitmanpro_x64.exe" /crusader:boot [X] <==== ATTENTION
S3 scan; C:\Program Files (x86)\iYogi\TechGenie\scan.dll [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ComproHID; C:\WINDOWS\System32\DRIVERS\ComproHID64.sys [9088 2007-10-01] (Compro Tech., Inc.)
S3 ComproHID; C:\Windows\SysWOW64\DRIVERS\ComproHID64.sys [9088 2007-10-01] (Compro Tech., Inc.)
R3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [40584 2015-08-27] (ThreatTrack Security)
R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [14456 2016-12-01] (GFI Software)
R3 gfiutil; C:\WINDOWS\System32\drivers\gfiutil.sys [32400 2016-03-04] (ThreatTrack Security)
R3 ksaud; C:\WINDOWS\system32\drivers\ksaud.sys [1558528 2013-03-26] (Creative Technology Ltd.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-02-13] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [380872 2017-01-22] (IBM Corp.)
R1 RapportCerberus_1804047; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1804047.sys [1264776 2017-02-07] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [580648 2017-01-22] (IBM Corp.)
R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [250728 2017-01-22] (IBM Corp.)
S3 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [504456 2017-01-22] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [603464 2017-01-22] (IBM Corp.)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [16152 2014-05-31] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-13 15:39 - 2017-02-13 15:40 - 00000000 ____D C:\FRST
2017-02-13 12:35 - 2017-02-13 12:35 - 00480194 _____ C:\Users\Ron\Documents\Emailing_ Ron Green_jpg.eml
2017-02-13 11:07 - 2017-02-13 11:07 - 00000000 ___HD C:\OneDriveTemp
2017-02-09 17:05 - 2017-02-09 17:06 - 04188767 _____ C:\Users\Ron\Downloads\yeeveo.webm
2017-02-09 17:05 - 2017-02-09 17:05 - 04188767 _____ C:\Users\Ron\Downloads\aya6ds.webm
2017-02-09 17:05 - 2017-02-09 17:05 - 04151468 _____ C:\Users\Ron\Downloads\9spmmi.webm
2017-02-09 17:05 - 2017-02-09 17:05 - 04130886 _____ C:\Users\Ron\Downloads\s9q2ta.webm
2017-02-09 16:37 - 2017-02-13 15:29 - 00000000 ____D C:\Users\Ron\AppData\Local\CrashDumps
2017-02-09 15:52 - 2016-12-29 12:43 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-09 15:51 - 2017-02-09 15:51 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-09 15:51 - 2016-12-29 13:06 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-09 15:51 - 2016-12-29 12:44 - 00546752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-02-09 15:51 - 2016-12-29 12:44 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-02-09 15:51 - 2016-09-09 18:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-09 15:51 - 2016-09-09 18:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-09 15:51 - 2016-09-09 18:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-09 15:51 - 2016-09-09 18:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-09 15:50 - 2017-02-09 15:52 - 00000000 ____D C:\WINDOWS\LastGood
2017-02-09 14:51 - 2017-02-11 14:25 - 00000000 ____D C:\ProgramData\AdvancedMonitoringAgentNetworkManagement
2017-02-09 14:51 - 2017-02-09 14:52 - 00000000 ____D C:\Program Files\Advanced Monitoring Agent Network Management
2017-02-09 14:41 - 2017-02-09 14:42 - 152447768 _____ (Apple Inc.) C:\Users\Ron\Downloads\iTunes6464Setup (2).exe
2017-02-09 14:38 - 2017-02-09 14:43 - 35749888 _____ C:\Users\Ron\Downloads\iTunes6464Setup.exe.g3hzhhd.partial
2017-02-09 14:38 - 2017-02-09 14:39 - 152447768 _____ (Apple Inc.) C:\Users\Ron\Downloads\iTunes6464Setup (1).exe
2017-02-09 14:34 - 2017-02-09 14:34 - 01129376 _____ (Google Inc.) C:\Users\Ron\Downloads\ChromeSetup (3).exe
2017-02-09 14:34 - 2017-02-09 14:34 - 01129376 _____ (Google Inc.) C:\Users\Ron\Downloads\ChromeSetup (2).exe
2017-02-09 14:31 - 2017-02-09 14:31 - 01129376 _____ (Google Inc.) C:\Users\Ron\Downloads\ChromeSetup (1).exe
2017-02-07 12:50 - 2017-02-07 12:50 - 00001112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-02-07 12:48 - 2017-02-07 12:48 - 12922384 _____ (TeamViewer GmbH) C:\Users\Ron\Downloads\TeamViewer_Setup_en (2).exe
2017-02-02 15:29 - 2017-02-02 15:29 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-02-02 15:29 - 2017-02-02 15:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-02-02 15:28 - 2017-02-02 15:29 - 00000000 ____D C:\Program Files\iTunes
2017-02-02 15:28 - 2017-02-02 15:28 - 00000000 ____D C:\Program Files\iPod
2017-02-02 15:23 - 2017-02-02 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-01-30 15:44 - 2016-12-21 09:01 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-30 15:44 - 2016-12-21 09:01 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-01-30 15:44 - 2016-12-21 08:25 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-01-30 15:44 - 2016-12-21 07:18 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-01-30 15:44 - 2016-12-21 06:56 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-01-30 15:44 - 2016-12-21 05:41 - 04895744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-01-30 15:44 - 2016-12-21 05:39 - 22373376 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-30 15:44 - 2016-12-21 05:15 - 07839232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-30 15:44 - 2016-12-21 05:06 - 03663872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-01-30 15:44 - 2016-12-21 05:03 - 18671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-30 15:44 - 2016-12-21 04:48 - 05658624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-30 15:44 - 2016-10-25 06:55 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-01-17 12:19 - 2017-01-17 12:19 - 00537031 _____ C:\Users\Ron\Documents\IMG_20170117_0002.pdf
2017-01-17 11:56 - 2017-01-17 11:56 - 00542831 _____ C:\Users\Ron\Documents\IMG_20170117_0001.pdf
2017-01-17 11:53 - 2017-01-17 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CanoScan 9000F Mark II
2017-01-17 11:53 - 2017-01-17 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon CanoScan 9000F Mark II Manual
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-13 15:35 - 2016-12-06 10:33 - 00000000 ____D C:\Program Files (x86)\Advanced Monitoring Agent
2017-02-13 15:29 - 2016-05-26 14:45 - 00000000 ____D C:\Users\Ron\AppData\Roaming\.oit
2017-02-13 15:28 - 2016-05-26 14:44 - 00000000 ____D C:\ProgramData\Nuance
2017-02-13 15:27 - 2012-11-08 00:50 - 00000000 ____D C:\ProgramData\Temp
2017-02-13 15:05 - 2016-02-04 23:26 - 01026508 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-13 15:05 - 2015-10-30 07:21 - 00000000 ____D C:\WINDOWS\INF
2017-02-13 14:55 - 2013-09-21 08:34 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-13 11:25 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-13 11:20 - 2015-10-30 07:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-13 11:18 - 2016-12-06 14:08 - 00000000 ____D C:\WINDOWS\Patches
2017-02-13 11:17 - 2016-12-06 10:19 - 00000000 ____D C:\Users\Ron\AppData\LocalLow\Adblock Plus for IE
2017-02-13 11:15 - 2014-07-16 23:23 - 00004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6B609F37-7F1E-472C-A515-E682AE2180A1}
2017-02-13 11:12 - 2014-06-25 13:09 - 00000000 ____D C:\Users\Ron\AppData\Local\Adobe
2017-02-13 11:08 - 2016-03-22 15:40 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-13 11:08 - 2016-01-29 12:04 - 00000000 ___RD C:\Users\Ron\iCloudDrive
2017-02-13 11:07 - 2016-01-28 15:11 - 00000000 ___RD C:\Users\Ron\OneDrive
2017-02-13 11:07 - 2013-06-04 13:36 - 00000350 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2017-02-11 16:09 - 2016-01-29 11:02 - 00000000 ____D C:\Users\Ron\Documents\Outlook Files
2017-02-11 16:08 - 2016-01-29 12:04 - 00000000 ____D C:\Users\Ron\AppData\Local\D257AB91-2D8E-449C-A50F-912B05C0550B.aplzod
2017-02-09 16:35 - 2013-05-23 10:49 - 00000000 ____D C:\Users\Ron\Documents\ALL SERIAL NUMBERS
2017-02-09 15:52 - 2016-02-04 23:23 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-09 15:52 - 2016-02-04 23:23 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-09 15:52 - 2016-02-04 23:22 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-09 15:52 - 2012-09-14 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-09 15:51 - 2016-02-04 23:22 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-09 14:45 - 2016-02-04 23:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-09 14:45 - 2016-02-04 23:38 - 00142832 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_38F51D56.sys
2017-02-09 14:45 - 2016-02-04 23:18 - 04916864 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-09 14:44 - 2016-02-04 23:26 - 00000000 ____D C:\Users\UpdatusUser
2017-02-09 14:44 - 2015-10-30 06:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2017-02-09 14:34 - 2016-02-07 12:17 - 00002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-09 14:34 - 2012-09-12 20:13 - 00002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 16:34 - 2016-02-04 23:26 - 00000000 ____D C:\Users\Ron
2017-02-07 12:51 - 2016-05-28 14:19 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-02-07 12:29 - 2016-02-05 16:02 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-07 12:24 - 2013-08-31 08:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2017-02-07 11:49 - 2016-12-06 14:04 - 00003270 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-07 11:49 - 2016-02-04 23:52 - 00002394 _____ C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-05 17:38 - 2012-12-19 13:26 - 00000000 ____D C:\ProgramData\CanonIJPLM
2017-02-02 16:09 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\rescache
2017-02-02 15:55 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-02 15:55 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-02 15:28 - 2016-01-29 11:54 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-02-01 15:56 - 2013-11-02 14:49 - 00000000 ____D C:\SoloApp
2017-01-31 03:32 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-30 15:51 - 2015-10-30 07:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-30 15:51 - 2013-08-17 08:27 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-30 15:48 - 2012-09-12 18:39 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-30 15:18 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-22 19:09 - 2015-06-12 20:59 - 00250728 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2017-01-22 19:09 - 2012-11-12 14:32 - 00504456 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2017-01-20 14:44 - 2015-11-09 15:37 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-17 11:57 - 2016-07-10 15:59 - 00000000 ___HD C:\ProgramData\CanonIJMIG
2017-01-17 11:55 - 2015-10-30 07:24 - 00000000 __RSD C:\WINDOWS\Media
2017-01-17 11:55 - 2015-10-04 14:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2017-01-17 11:55 - 2012-12-19 13:20 - 00000000 ____D C:\Program Files (x86)\Canon
2017-01-17 11:53 - 2016-03-17 10:00 - 00002451 _____ C:\Users\Public\Desktop\Canon CanoScan 9000F II On-screen Manual.lnk
2017-01-17 11:10 - 2015-10-30 07:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-17 11:08 - 2012-09-12 13:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-17 11:03 - 2015-02-03 16:09 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
 
==================== Files in the root of some directories =======
 
2013-01-01 18:29 - 2014-10-17 12:38 - 0000132 _____ () C:\Users\Ron\AppData\Roaming\Adobe BMP Format CS5 Prefs
2012-09-18 13:47 - 2012-09-18 13:49 - 0000132 _____ () C:\Users\Ron\AppData\Roaming\Adobe GIF Format CS5 Prefs
2014-09-18 15:01 - 2016-06-16 14:49 - 0002268 _____ () C:\Users\Ron\AppData\Roaming\MTScdAgt.dat
2013-07-28 16:21 - 2014-05-30 22:13 - 0000138 _____ () C:\Users\Ron\AppData\Roaming\WB.CFG
2013-06-17 14:21 - 2013-11-02 14:38 - 0000006 _____ () C:\Users\Ron\AppData\Roaming\WBPU-TTL.DAT
2013-07-24 13:38 - 2013-07-24 13:38 - 145394418 _____ () C:\Users\Ron\AppData\Local\ACCCx189.zip.aamdownload
2013-07-24 13:38 - 2013-07-24 13:38 - 0001811 _____ () C:\Users\Ron\AppData\Local\ACCCx189.zip.aamdownload.aamd
2014-05-01 11:53 - 2014-05-01 11:53 - 169928142 _____ () C:\Users\Ron\AppData\Local\ACCCx2_5_1_369.2.zip.aamdownload
2014-05-01 11:53 - 2014-05-01 11:53 - 0002071 _____ () C:\Users\Ron\AppData\Local\ACCCx2_5_1_369.2.zip.aamdownload.aamd
2013-01-02 22:37 - 2014-10-17 11:19 - 0010752 _____ () C:\Users\Ron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-12 13:57 - 2012-09-12 13:57 - 0000091 _____ () C:\Users\Ron\AppData\Local\fusioncache.dat
2014-12-18 15:31 - 2013-01-14 16:34 - 0007680 _____ () C:\Users\Ron\AppData\Local\Z@!-2da6ce39-a06e-4212-8bdb-b8dbdece5b93.tmp
2014-12-18 16:16 - 2013-01-14 16:34 - 0007680 _____ () C:\Users\Ron\AppData\Local\Z@!-b68f2c6f-74c7-4781-9985-185b0f541c8d.tmp
2014-12-18 15:31 - 2013-01-14 16:34 - 0007680 _____ () C:\Users\Ron\AppData\Local\Z@!-f6b9e1be-554e-4641-801f-9d2493a42229.tmp
2014-12-18 16:16 - 2013-01-14 16:34 - 0007168 _____ () C:\Users\Ron\AppData\Local\Z@S!-b3a61a74-a904-4315-83e8-11f28febbc72.tmp
2014-09-17 16:19 - 2009-11-17 07:54 - 0002844 _____ () C:\ProgramData\CfSB1240.ini
2014-09-17 16:19 - 2013-03-26 04:54 - 0002844 _____ () C:\ProgramData\CfSB1240A.ini
 
Some files in TEMP:
====================
2016-12-26 17:16 - 2016-09-07 05:39 - 0620176 _____ (Microsoft Corporation) C:\Users\Ron\AppData\Local\Temp\kernel32.dll
2017-01-17 11:51 - 2012-03-16 13:51 - 0864368 ____N (CANON INC.) C:\Users\Ron\AppData\Local\Temp\MSETUP4.EXE
2017-02-07 12:04 - 2017-02-07 12:18 - 1778472 _____ () C:\Users\Ron\AppData\Local\Temp\{77A17922-8A9E-4A4A-946A-1E9EFFD3770A}-56.0.2924.87_55.0.2883.87_chrome_updater.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-13 12:39
 
==================== End of FRST.txt ============================
 
Thank you.


#8 satchfan

satchfan

  • Malware Response Team
  • 2,937 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:28 PM

Posted 13 February 2017 - 03:51 PM

I'll wait for the other log and will check what you sent.

A very brief glance shows quite a lot of problems but as yet, not malware-related.

Can you tell me how you came to install Managed Antivirus and the reason for installing it.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#9 TimB48

TimB48
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 14 February 2017 - 07:50 AM

Here is the info from security check. -Sorry for the delay.

 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender                      
Managed Antivirus Managed Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 111  
 Java 8 Update 91  
 Java version 32-bit out of Date! 
 Adobe Flash Player 24.0.0.194  
 Google Chrome (56.0.2924.87) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 
I cannot provide any info as to the source of Managed Antivirus. This computer belongs to a 93 year old acquaintance of mine and he asked me to help him out as he found it was slow. The Managed Antivirus appears to have been installed around 6/12/16 and there were other items installed around that time, which I have been able to uninstall. Not being able to uninstall Managed Antivirus, I suspected the possibility of some virus or malware blocking it, which is why I have submitted this post. The gentleman has no recollection as to why it is installed but was having an issue at the time and possibly resorted to one of the "advertised fixes" he found on the web. If this turns out not to be virus or malware related can you please advise which group I should repost in, in order to resolve the issue. Thank You.


#10 satchfan

satchfan

  • Malware Response Team
  • 2,937 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:28 PM

Posted 14 February 2017 - 10:16 AM

For a 93 year old there are some very advanced programs on this computer and from my research, Managed Antivirus is part of Advanced Monitoring Agent Network Management which is not something that is usually found on a home PC.

 

There are also a lot of 'Policies' that have been changed, possibly by the aforementioned programs. We can fix these when programs are uninstalled.

 

This will include several stages so that said, let's get started and clear up some mess.

 

Download Revo Uninstaller

  • double click the installation file on the desktop to run the installer
  • let it install to the default location
  • double click the new Revo Uninstaller Icon on the desktop to start the program.

You will now see a list of installed programs that Revo Uninstaller can remove.

Uninstall the following:

Advanced Monitoring Agent Network Management
Adobe Photoshop CS5
Ask Toolbar Updater
Java 8 Update 111
Java 8 Update 91
Managed Antivirus
PDF Writer Packages
VideoPlayer v2.0.6

  • locate the program you are uninstalling
  • right-click the icon then choose Uninstall
  • click Yes to the warning and choose the Uninstall Mode
  • choose the Advanced option and then click Next
  • this will launch the programs built in uninstaller, (be patient, it can take several seconds)
  • once the uninstaller is done click Next
  • Revo Uninstaller will now scan for leftover information, (again, be patient as it can take several seconds)
  • once this scan is done click Next
  • you will then be presented of the leftover entries found by Revo Uninstaller
  • look at ALL of the entries to ensure they relate to the uninstall
  • next, click Select All > Delete to remove the entries
  • click Next
  • if there are any program file folders left over you will be presented with a list to be removed
  • again look at ALL of the entries to ensure they are related to the uninstall
  • click Select All > Delete to remove the entries
  • click Finish to go back to the uninstall list
  • when you have removed all of the programs listed, close the program.

================================================

You need to move Farbar Recovery Scan Tool to your desktop otherwise fixes will not work.

  • go to G:\Ron folder and locate Farbar Recovery Scan Tool
  • right click and select Cut
  • go to an empty spot on your desktop, right click and select Paste

Farbar Recovery Scan Tool should now be on your desktop.

================================================

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-2022913626-2766758768-741264458-1003] => Proxy is enabled.
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://i.search.metacrawler.com/?f=1&a=ironmc2&cd=2XzuyEtN2Y1L1QzuzytDtB0BtAyEtAtDzyyCzy0CyD0DtDyCtN0D0Tzu0CyCzzzztN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu&cr=2119043354&ir=
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2022913626-2766758768-741264458-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2022913626-2766758768-741264458-1000 -> {7F95CAF9-7AE4-4BDC-9049-C8ECBFDD791E} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie10
SearchScopes: HKU\S-1-5-21-2022913626-2766758768-741264458-1000 -> {A5CC386B-5E2C-4BB6-987B-3F83BA73B5C2} URL = hxxp://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2022913626-2766758768-741264458-1003 -> DefaultScope {078E3EC5-40A1-9944-9069-40FB647AC928} URL =
SearchScopes: HKU\S-1-5-21-2022913626-2766758768-741264458-1003 -> {86DFF96B-C809-43E3-9861-4B6BD83EED2C} URL = hxxp://www.flickr.com/search/?q={searchTerms}
Toolbar: HKU\S-1-5-21-2022913626-2766758768-741264458-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2022913626-2766758768-741264458-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
S2 HitmanPro37CrusaderBoot; "C:\Users\Ron\Desktop\hitmanpro_x64.exe" /crusader:boot [X] <==== ATTENTION
S3 scan; C:\Program Files (x86)\iYogi\TechGenie\scan.dll [X] <==== ATTENTION
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [16152 2014-05-31] ()
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
2017-02-11 16:08 - 2016-01-29 12:04 - 00000000 ____D C:\Users\Ron\AppData\Local\D257AB91-2D8E-449C-A50F-912B05C0550B.aplzod
2014-12-18 15:31 - 2013-01-14 16:34 - 0007680 _____ () C:\Users\Ron\AppData\Local\Z@!-2da6ce39-a06e-4212-8bdb-b8dbdece5b93.tmp
2014-12-18 16:16 - 2013-01-14 16:34 - 0007680 _____ () C:\Users\Ron\AppData\Local\Z@!-b68f2c6f-74c7-4781-9985-185b0f541c8d.tmp
2014-12-18 15:31 - 2013-01-14 16:34 - 0007680 _____ () C:\Users\Ron\AppData\Local\Z@!-f6b9e1be-554e-4641-801f-9d2493a42229.tmp
2014-12-18 16:16 - 2013-01-14 16:34 - 0007168 _____ () C:\Users\Ron\AppData\Local\Z@S!-b3a61a74-a904-4315-83e8-11f28febbc72.tmp
Task: {00DC13BD-5C84-466D-A7EF-EEEB67B5C08D} - \SystemSockets\SystemSockets -> No File <==== ATTENTION
Task: {02BFF7A6-9B59-46A9-9E82-2E9D91785294} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {19842236-D45B-4A61-8C2D-8974F1356886} - System32\Tasks\4484 => Wscript.exe C:\Users\Ron\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {20E0FA52-D42A-4FC6-8C44-94BBCC89A5F8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {23224B54-1EC5-4DF2-84E1-4E5804959640} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {26C5CAAD-6394-4EBA-895F-EA6C519C20A6} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{635C69AD-C337-4538-AF3E-1646141956B2}.exe  <==== ATTENTION
Task: {284E2F6B-0BD9-439A-BE49-824395A13496} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {30FFBC21-4308-4B35-8CDB-C6497047F3A5} - \ProtectedSearch\Protected Search -> No File <==== ATTENTION
Task: {4CB8894E-9F05-4090-9DCD-D98EAB07BFA7} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {73B00244-B9E4-42B2-9921-45C5032158B0} - \AdobeFlashPlayerUpdate -> No File <==== ATTENTION
Task: {7AFBD763-99F7-48BB-BB65-9DA6F9553C9A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {7DBCAAE3-4EA5-4755-AA40-B177AD9EAB87} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {802A147A-8A5A-46DE-ACD9-C473929FC71F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9B0DA976-3ED0-4F29-A893-00F0FBAADC31} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {AB313BA1-F9FA-4970-9508-16B07B32A2F0} - \AdobeFlashPlayerUpdate 2 -> No File <==== ATTENTION
Task: {AC584293-11A6-48EB-9D5C-7286FA79B784} - \BrowserSafeguard -> No File <==== ATTENTION
Task: {B874FA52-7577-499B-991F-0DFACA7D1F09} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {BEE5BCEF-5B32-40F2-ACB1-0A53FF1B2D31} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C27B9EDA-37F1-4C25-A7C9-17B460CD6077} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C8E038E5-BCDD-49E0-9D38-44CF11B36962} - \Browser Updater\Browser Updater -> No File <==== ATTENTION
Task: {EF56D041-A656-431F-8078-9F76774DA14A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FEB96025-7869-4D92-A325-27D819CD01D8} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{635C69AD-C337-4538-AF3E-1646141956B2}.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [131]
AlternateDataStreams: C:\ProgramData\Temp:FD9CE1F3 [240]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
IE trusted site: HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\amazon.co.uk -> hxxps://amazon.co.uk
IE trusted site: HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\driversupport.com -> hxxps://apps.driversupport.com
Managed Antivirus (x32 Version: 6.2.5528 - GFI Software) Hidden
Amazon 1Button App (x32 Version: 2.3.4 - Amazon) Hidden <==== ATTENTION
C:\WINDOWS\System32\DRIVERS\SWDUMon.sys
C:\Users\Ron\AppData\Local\Temp\kernel32.dll
C:\Users\Ron\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Ron\AppData\Local\Temp\{77A17922-8A9E-4A4A-946A-1E9EFFD3770A}-56.0.2924.87_55.0.2883.87_chrome_updater.exe
RemoveProxy:
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

================================================

Please run FRST again and make sure there is a checkmark next to "Addition.txt" before you hit “Scan”.

Logs to include with next post:

Fixlog.txt
New Frst.txt
New Addition.txt


Thanks

Satchfan

 

 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 TimB48

TimB48
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 14 February 2017 - 12:15 PM

One question before I proceed, Adobe Photoshop CS5 is in the list of items to be uninstalled. This is a program that this gentleman uses, will it be OK to reinstall once the clean up has been completed.



#12 satchfan

satchfan

  • Malware Response Team
  • 2,937 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:28 PM

Posted 14 February 2017 - 03:45 PM

Adobe Photoshop CS5 is in the list of items to be uninstalled. This is a program that this gentleman uses, will it be OK to reinstall once the clean up has been completed.

That's up to him but it is not a genuine copy and this forum, as well as all the other well-respected malware removal forums, does not condone the use of illegal software so please remove it and continue with the other instructions.

 

Nina


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#13 TimB48

TimB48
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 15 February 2017 - 09:29 AM

Results for FRST

 

CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-2022913626-2766758768-741264458-1003] => Proxy is enabled.
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://i.search.metacrawler.com/?f=1&a=ironmc2&cd=2XzuyEtN2Y1L1QzuzytDtB0BtAyEtAtDzyyCzy0CyD0DtDyCtN0D0Tzu0CyCzzzztN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu&cr=2119043354&ir=
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2022913626-2766758768-741264458-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2022913626-2766758768-741264458-1000 -> {7F95CAF9-7AE4-4BDC-9049-C8ECBFDD791E} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie10
SearchScopes: HKU\S-1-5-21-2022913626-2766758768-741264458-1000 -> {A5CC386B-5E2C-4BB6-987B-3F83BA73B5C2} URL = hxxp://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2022913626-2766758768-741264458-1003 -> DefaultScope {078E3EC5-40A1-9944-9069-40FB647AC928} URL =
SearchScopes: HKU\S-1-5-21-2022913626-2766758768-741264458-1003 -> {86DFF96B-C809-43E3-9861-4B6BD83EED2C} URL = hxxp://www.flickr.com/search/?q={searchTerms}
Toolbar: HKU\S-1-5-21-2022913626-2766758768-741264458-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2022913626-2766758768-741264458-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
S2 HitmanPro37CrusaderBoot; "C:\Users\Ron\Desktop\hitmanpro_x64.exe" /crusader:boot [X] <==== ATTENTION
S3 scan
; C:\Program Files (x86)\iYogi\TechGenie\scan.dll [X] <==== ATTENTION
S3
SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [16152 2014-05-31] ()
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
2017-02-11 16:08 - 2016-01-29 12:04 - 00000000 ____D C:\Users\Ron\AppData\Local\D257AB91-2D8E-449C-A50F-912B05C0550B.aplzod
2014-12-18 15:31 - 2013-01-14 16:34 - 0007680 _____ () C:\Users\Ron\AppData\Local\Z@!-2da6ce39-a06e-4212-8bdb-b8dbdece5b93.tmp
2014-12-18 16:16 - 2013-01-14 16:34 - 0007680 _____ () C:\Users\Ron\AppData\Local\Z@!-b68f2c6f-74c7-4781-9985-185b0f541c8d.tmp
2014-12-18 15:31 - 2013-01-14 16:34 - 0007680 _____ () C:\Users\Ron\AppData\Local\Z@!-f6b9e1be-554e-4641-801f-9d2493a42229.tmp
2014-12-18 16:16 - 2013-01-14 16:34 - 0007168 _____ () C:\Users\Ron\AppData\Local\Z@S!-b3a61a74-a904-4315-83e8-11f28febbc72.tmp
Task: {00DC13BD-5C84-466D-A7EF-EEEB67B5C08D} - \SystemSockets\SystemSockets -> No File <==== ATTENTION
Task: {02BFF7A6-9B59-46A9-9E82-2E9D91785294} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {19842236-D45B-4A61-8C2D-8974F1356886} - System32\Tasks\4484 => Wscript.exe C:\Users\Ron\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {20E0FA52-D42A-4FC6-8C44-94BBCC89A5F8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {23224B54-1EC5-4DF2-84E1-4E5804959640} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {26C5CAAD-6394-4EBA-895F-EA6C519C20A6} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{635C69AD-C337-4538-AF3E-1646141956B2}.exe  <==== ATTENTION
Task: {284E2F6B-0BD9-439A-BE49-824395A13496} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {30FFBC21-4308-4B35-8CDB-C6497047F3A5} - \ProtectedSearch\Protected Search -> No File <==== ATTENTION
Task: {4CB8894E-9F05-4090-9DCD-D98EAB07BFA7} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {73B00244-B9E4-42B2-9921-45C5032158B0} - \AdobeFlashPlayerUpdate -> No File <==== ATTENTION
Task: {7AFBD763-99F7-48BB-BB65-9DA6F9553C9A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {7DBCAAE3-4EA5-4755-AA40-B177AD9EAB87} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {802A147A-8A5A-46DE-ACD9-C473929FC71F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9B0DA976-3ED0-4F29-A893-00F0FBAADC31} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {AB313BA1-F9FA-4970-9508-16B07B32A2F0} - \AdobeFlashPlayerUpdate 2 -> No File <==== ATTENTION
Task: {AC584293-11A6-48EB-9D5C-7286FA79B784} - \BrowserSafeguard -> No File <==== ATTENTION
Task: {B874FA52-7577-499B-991F-0DFACA7D1F09} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {BEE5BCEF-5B32-40F2-ACB1-0A53FF1B2D31} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C27B9EDA-37F1-4C25-A7C9-17B460CD6077} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C8E038E5-BCDD-49E0-9D38-44CF11B36962} - \Browser Updater\Browser Updater -> No File <==== ATTENTION
Task: {EF56D041-A656-431F-8078-9F76774DA14A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FEB96025-7869-4D92-A325-27D819CD01D8} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{635C69AD-C337-4538-AF3E-1646141956B2}.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [131]
AlternateDataStreams: C:\ProgramData\Temp:FD9CE1F3 [240]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S
-1-5-21-2022913626-2766758768-741264458-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S
-1-5-21-2022913626-2766758768-741264458-1003\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S
-1-5-21-2022913626-2766758768-741264458-1003\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
IE trusted site
: HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\amazon.co.uk -> hxxps://amazon.co.uk
IE trusted site: HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\driversupport.com -> hxxps://apps.driversupport.com
Managed Antivirus (x32 Version: 6.2.5528 - GFI Software) Hidden
Amazon 1Button App (x32 Version: 2.3.4 - Amazon) Hidden <==== ATTENTION
C
:\WINDOWS\System32\DRIVERS\SWDUMon.sys
C
:\Users\Ron\AppData\Local\Temp\kernel32.dll
C
:\Users\Ron\AppData\Local\Temp\MSETUP4.EXE
C
:\Users\Ron\AppData\Local\Temp\{77A17922-8A9E-4A4A-946A-1E9EFFD3770A}-56.0.2924.87_55.0.2883.87_chrome_updater.exe
RemoveProxy:
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2017 01

Ran by Ron (15-02-2017 14:25:03)
Running from C:\Users\Ron\Desktop
Windows 10 Pro Version 1511 (X64) (2016-02-04 23:46:39)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2022913626-2766758768-741264458-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2022913626-2766758768-741264458-1002 - Limited - Enabled)
DefaultAccount (S-1-5-21-2022913626-2766758768-741264458-503 - Limited - Disabled)
Guest (S-1-5-21-2022913626-2766758768-741264458-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2022913626-2766758768-741264458-1005 - Limited - Enabled)
Ron (S-1-5-21-2022913626-2766758768-741264458-1000 - Administrator - Enabled) => C:\Users\Ron
UpdatusUser (S-1-5-21-2022913626-2766758768-741264458-1003 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Managed Antivirus Managed Antivirus (Disabled - Out of date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Managed Antivirus Managed Antivirus (Disabled - Out of date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
ABBYY FineReader 10 Professional Edition (HKLM-x32\...\{F1000000-0001-0000-0000-074957833700}) (Version: 10.501.159.70013 - ABBYY)
ABBYY FineReader 11 (HKLM-x32\...\{F11000FE-0010-0000-0000-074957833700}) (Version: 11.11.136 - ABBYY)
ABBYY FineReader 9.0 Professional Edition (HKLM-x32\...\{F9000000-0001-0000-0000-074957833700}) (Version: 9.00.162.55015 - ABBYY)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Advanced Monitoring Agent Network Management (HKLM\...\{F88FE7C0-2B64-405B-9197-25F8BE135460}_is1) (Version: 28.0.0.883 - LogicNow, Ltd.)
Amazon 1Button App (x32 Version: 2.3.4 - Amazon) Hidden <==== ATTENTION
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon CanoScan 9000F II On-screen Manual (HKLM-x32\...\Canon CanoScan 9000F II On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon iP3500 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3500_series) (Version:  - )
Canon iP3500 series User Registration (HKLM-x32\...\Canon iP3500 series User Registration) (Version:  - )
Canon iP7200 series On-screen Manual (HKLM-x32\...\Canon iP7200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version:  - Canon Inc.)
Canon iP7200 series User Registration (HKLM-x32\...\Canon iP7200 series User Registration) (Version:  - Canon Inc.‎)
Canon iP8700 series On-screen Manual (HKLM-x32\...\Canon iP8700 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon iP8700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP8700_series) (Version:  - Canon Inc.)
Canon iP8700 series User Registration (HKLM-x32\...\Canon iP8700 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.1.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.1.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.3.0 - Canon Inc.)
CanoScan 9000F Mark II Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ9604) (Version:  - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
Creative Audio Pack (HKLM-x32\...\Creative Audio Pack) (Version:  - )
Creative Media Toolbox 6 (HKLM-x32\...\{F1A14CB2-A048-45A6-AFDA-3571296E1D76}) (Version: 6.02 - Creative Technology Limited)
Creative Media Toolbox 6 (Shared Components) (HKLM-x32\...\Uninstaller_B4736000_Creative Media Toolbox 6) (Version: 2.80.12 - Creative Labs)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EVGA Precision X 3.0.3 (HKLM-x32\...\PrecisionX) (Version: 3.0.3 - EVGA Corporation)
GFI LanGuard 11 Agent (x32 Version: 11.4.2015.0130 - GFI Software Ltd) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LG Burning Tool (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.6009 - CyberLink Corp.)
LG Burning Tool (x32 Version: 6.2.6009 - CyberLink Corp.) Hidden
LG CyberLink BD Advisor (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: 2.0.4606 - CyberLink Corp.)
LG CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
LG CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2820 - CyberLink Corp.)
LG CyberLink Media Suite (x32 Version: 8.0.2820 - CyberLink Corp.) Hidden
LG CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1622_37397b - CyberLink Corp.)
LG CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3402 - CyberLink Corp.)
LG CyberLink MediaShow (x32 Version: 4.1.3402 - CyberLink Corp.) Hidden
LG CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3424.52 - CyberLink Corp.)
LG CyberLink PowerDVD (x32 Version: 10.0.3424.52 - CyberLink Corp.) Hidden
LG CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2820a - CyberLink Corp.)
LG CyberLink PowerProducer (x32 Version: 5.0.2.2820a - CyberLink Corp.) Hidden
LG CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3718 - CyberLink Corp.)
LG CyberLink YouCam (x32 Version: 2.0.3718 - CyberLink Corp.) Hidden
LG Tool Kit (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
LightScribe System Software (HKLM-x32\...\{90538B62-F392-4DE1-B886-7B48123866E9}) (Version: 1.18.26.7 - LightScribe)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Managed Antivirus (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 6.2.5528 - GFI Software)
Managed Antivirus (x32 Version: 6.2.5528 - GFI Software) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Business 2016 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\OneDriveSetup.exe) (Version: 17.3.6764.0111 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM-x32\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nero 2016 (HKLM-x32\...\{9AFD4E43-C353-40B8-BDC6-6A80F66FA142}) (Version: 17.0.01500 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2000 - Nero AG)
Nmap 5.51 (HKLM-x32\...\Nmap) (Version:  - )
Nuance PaperPort 14 (HKLM-x32\...\{14CB3B82-FBDC-4462-919E-86147983F09B}) (Version: 14.5.0000 - Nuance Communications, Inc.)
Nuance PDF Create 7 (HKLM\...\{AAA715B7-02F9-4F2D-92C9-80EC63835AA1}) (Version: 7.10.6408 - Nuance Communications, Inc.)
Nuance PDF Create 7 (HKLM-x32\...\{AAA715B7-02F9-4F2D-92C9-80EC63835AA1}) (Version: 7.10.6408 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{FC984E39-43D0-4AB2-ACC7-A7B87977B009}) (Version: 7.20.3274 - Nuance Communications, Inc.)
NVIDIA 3D Vision Controller Driver 320.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.18 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0001 - Nuance Communications, Inc.)
PDF Creator (HKLM\...\PDF Creator) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Picture Package Music Transfer (HKLM-x32\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.1.00.11270 - Sony Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Prerequisite installer (x32 Version: 17.0.0002 - Nero AG) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Rapport (x32 Version: 3.5.1804.81 - Trusteer) Hidden
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
Scansoft PDF Create (x32 Version:  - ) Hidden
Sony Picture Utility (HKLM-x32\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 3.0.02.12110 - Sony Corporation)
Stashimi Stub Installer (x32 Version: 18.001.1 - Nero AG) Hidden
Suite (x32 Version: 1.00.0000 - CyberLink Corp.) Hidden
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1804.81 - Trusteer)
Ulead Straight-to-Disc SDK (HKLM-x32\...\{07224AA9-2F2F-46A2-9A56-3B7B603B5E6C}) (Version: 3.5 - )
Ultimate Reference Suite (HKLM-x32\...\Ultimate Reference Suite) (Version: 2012.0.0.0 - Encyclopaedia Britannica, Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
USB Sound Blaster HD (HKLM-x32\...\{3BE06146-8ADC-47D7-9AD5-E5CABF1FF90C}) (Version: 1.0 - Creative Technology Limited)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Migration Assistant (HKLM-x32\...\{D8BC400A-9D14-468B-A674-1D76A987AAFC}) (Version: 1.0.1.3 - Apple Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2022913626-2766758768-741264458-1000_Classes\CLSID\{03E88EFD-E7E0-AD3D-5094-B211A02E169B}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00DC13BD-5C84-466D-A7EF-EEEB67B5C08D} - \SystemSockets\SystemSockets -> No File <==== ATTENTION
Task: {02BFF7A6-9B59-46A9-9E82-2E9D91785294} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {02FB6C75-1ECD-4A75-8FEF-A1FA71D55AFB} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe 
Task: {043B149E-2A68-47E3-919C-AFAD2EF791CC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {0AB2B1E4-7D97-4003-A448-DC7197A2C35A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-15] (Piriform Ltd)
Task: {19842236-D45B-4A61-8C2D-8974F1356886} - System32\Tasks\4484 => Wscript.exe C:\Users\Ron\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {1A9449A9-D24E-438B-90B5-79ACD39D29F4} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {20E0FA52-D42A-4FC6-8C44-94BBCC89A5F8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {217A115F-E56D-46D8-BA93-8679C3D6CF07} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {23224B54-1EC5-4DF2-84E1-4E5804959640} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {26C5CAAD-6394-4EBA-895F-EA6C519C20A6} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{635C69AD-C337-4538-AF3E-1646141956B2}.exe  <==== ATTENTION
Task: {279D2E50-AF6F-42CF-B7FB-360CB2506F66} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {284E2F6B-0BD9-439A-BE49-824395A13496} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {28A26D1F-D868-43DC-B393-CEB8346B1BCE} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe 
Task: {2A40B456-4777-40CE-A6C2-990938ACB33B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {2F94F563-8B0B-4070-88EF-AD16CD97AF0B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-14] (Adobe Systems Incorporated)
Task: {309E63AB-C428-4A92-AC23-F38649ECE53F} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-11-23] (Adobe Systems Incorporated)
Task: {30CA5E66-7ED2-4D1A-B71C-EAD2E38B2464} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {30FFBC21-4308-4B35-8CDB-C6497047F3A5} - \ProtectedSearch\Protected Search -> No File <==== ATTENTION
Task: {36E4D18E-6813-4C63-A3B3-13D28880003A} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {3F244821-98B6-431D-A5BE-6A031CD40497} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {41E14234-D002-4E8D-903A-FF13B8D97C08} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {44F80265-1D24-4C3D-89BC-8DDC8FD31D15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {45E60FA5-1B9B-45C5-8CC1-FA8218D23BFA} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {4BA09583-FC4F-422F-B0F9-F3AC6F3100CC} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {4CB8894E-9F05-4090-9DCD-D98EAB07BFA7} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {5F2DE7E8-3752-4ED4-8846-6A0EEA8BB52A} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2015-06-04] (Nero AG)
Task: {60522D17-AA4B-44E8-BC98-4D17A83D6DBF} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {683027FD-8A7D-4F41-918F-F3C9A7539899} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {6E4E1EE2-9027-4E29-80F9-3BDFA4EF4BCB} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {73B00244-B9E4-42B2-9921-45C5032158B0} - \AdobeFlashPlayerUpdate -> No File <==== ATTENTION
Task: {7AFBD763-99F7-48BB-BB65-9DA6F9553C9A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {7DBCAAE3-4EA5-4755-AA40-B177AD9EAB87} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {802A147A-8A5A-46DE-ACD9-C473929FC71F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8517BF08-06D4-4856-A042-1FDD216FB991} - System32\Tasks\{295FE63D-83AF-4F70-8684-11975BFC9EF5} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exe" -c UNINSTALL /l0x0009
Task: {8EE0E165-8049-4FD9-9E71-39165C0F9AFE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe 
Task: {8FF20BAB-A60A-41AA-BFDA-F468D198F595} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {9B0DA976-3ED0-4F29-A893-00F0FBAADC31} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A21D9072-8368-4339-86A7-86A2142B0C0F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-11-23] (Adobe Systems Incorporated)
Task: {AA166754-F86D-428F-BD49-E23F48464692} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {AABF8971-34A8-45A3-B754-B2C9351D2909} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {AB313BA1-F9FA-4970-9508-16B07B32A2F0} - \AdobeFlashPlayerUpdate 2 -> No File <==== ATTENTION
Task: {AC584293-11A6-48EB-9D5C-7286FA79B784} - \BrowserSafeguard -> No File <==== ATTENTION
Task: {B1569056-1190-46A5-9057-D6C89DBA2637} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {B874FA52-7577-499B-991F-0DFACA7D1F09} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B9128E5D-B944-4C22-AED7-F6AC19E9C4B2} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {BB8DB4CD-E36F-4E4C-9663-EC535DF3E631} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {BBB6D74F-92D3-4805-9468-4047270E0DF8} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe 
Task: {BEE5BCEF-5B32-40F2-ACB1-0A53FF1B2D31} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C0F585CF-EBE1-496C-848F-4C6E693E9027} - System32\Tasks\QtraxPlayer => "C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe" 3859010362.portal.qtrax.com
Task: {C27B9EDA-37F1-4C25-A7C9-17B460CD6077} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C2FC4D06-DC03-453B-AB7C-D5869E1700EC} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe 
Task: {C57FA6E8-C4CB-4B8C-AE60-21E71A967AE1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {C8E038E5-BCDD-49E0-9D38-44CF11B36962} - \Browser Updater\Browser Updater -> No File <==== ATTENTION
Task: {CA953812-973D-4EC6-93B3-5F672B2D01E8} - System32\Tasks\{F8BC2B27-B5EA-44FE-93B2-628451DA0C04} => C:\Program Files (x86)\Pinnacle\MediaCenter\PMC.exe 
Task: {CEF995FE-8FC9-49F5-96DC-5771690B01A4} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe 
Task: {D24E6C8C-5C9C-4EA7-A35B-2BBD8DF0447C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {D765A4E2-F5E6-4B85-AD16-2011129C57DF} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-06-22] (Oracle Corporation)
Task: {D9355858-8F97-4636-AE75-AAF71B5791F8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe 
Task: {E92F428F-97F6-4BA4-BE04-417D489A1B5C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {EEE01588-3C26-4ABA-9E62-AC37F7A5DDC0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {EF56D041-A656-431F-8078-9F76774DA14A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F1D70436-CEB0-4AE3-8098-EF92E1803F85} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe 
Task: {FB548BEB-31F6-487F-8D85-C71FD24EF4CD} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {FD5BA760-0CB7-47E9-BC8C-E3FC3F12FFFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {FDC8FB0F-67D6-4F9A-AD7D-983FE26DE3BB} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {FEB96025-7869-4D92-A325-27D819CD01D8} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{635C69AD-C337-4538-AF3E-1646141956B2}.exe <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 07:18 - 2015-10-30 07:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-11-10 15:12 - 2016-10-25 09:42 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-11-10 15:12 - 2016-10-25 09:42 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-26 16:09 - 2016-12-28 17:03 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-11-10 15:12 - 2016-10-25 04:49 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-10 15:12 - 2016-10-25 04:44 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-10 15:12 - 2016-10-25 04:45 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-10 15:12 - 2016-10-25 04:48 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-19 10:56 - 2016-04-19 10:56 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-04 23:23 - 2016-12-29 12:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-02-05 07:12 - 2016-02-05 07:12 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 16:08 - 2016-07-01 03:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2013-05-29 10:21 - 2011-10-04 21:43 - 00087552 _____ () C:\WINDOWS\System32\custmon64i.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-02-09 14:20 - 2017-02-01 09:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-09 14:20 - 2017-02-01 09:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2015-10-30 07:18 - 2015-10-30 07:18 - 00218456 _____ () c:\windows\system32\WerEtw.dll
2015-06-02 14:51 - 2015-06-02 14:51 - 00545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2016-04-19 10:56 - 2016-04-19 10:56 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 10:56 - 2016-04-19 10:56 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [131]
AlternateDataStreams: C:\ProgramData\Temp:FD9CE1F3 [240]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\amazon.co.uk -> hxxps://amazon.co.uk
IE trusted site: HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\driversupport.com -> hxxps://apps.driversupport.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:34 - 2016-12-06 11:10 - 00003083 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 localhost
127.0.0.1 192.150.14.69
127.0.0.1 192.150.18.101
127.0.0.1 192.150.18.108
127.0.0.1 192.150.22.40
127.0.0.1 192.150.8.100
127.0.0.1 192.150.8.118
127.0.0.1 209-34-83-73.ood.opsource.net
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
 
There are 38 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 212.159.6.10 - 212.159.6.9
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: WRSVC => "C:\Program Files\Webroot\WRSA.exe" -ul
HKLM\...\StartupApproved\Run: => "VX6000"
HKLM\...\StartupApproved\Run32: => "BDRegion"
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKLM\...\StartupApproved\Run32: => "PPort14reminder"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "LGODDFU"
HKLM\...\StartupApproved\Run32: => "LifeCam"
HKLM\...\StartupApproved\Run32: => "UCam_Menu"
HKLM\...\StartupApproved\Run32: => "UpdateP2GoShortCut"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "PDFCreHook"
HKLM\...\StartupApproved\Run32: => "PDFProHook"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "PDF7 Registry Controller"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "SBAMTray"
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\StartupApproved\StartupFolder: => "Picture Motion Browser Media Check Tool.lnk"
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\StartupApproved\Run: => "LightScribe Control Panel"
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\StartupApproved\Run: => "Sidebar"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{9BD4909F-24D9-4C8E-8D22-9CCF47595340}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{20FC35BC-CAF1-47DF-B25C-098A700FF953}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DC9B8AE2-E726-4843-AE9E-FE7060017AC4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3B65B012-B361-4BFC-A2C9-3E3581CDB033}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6D247807-FABE-45E3-B563-0C2AE2A74055}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{3EC7B904-ED40-49A7-8E39-8B313BD4D838}] => (Allow) C:\Users\Ron\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{BE416981-0CE4-4043-8D48-4662C16092E0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D8D583C3-8A15-41FA-B9A7-1A8973DCADBB}] => (Allow) LPort=1900
FirewallRules: [{175A0502-FADE-4AF1-9053-74E1FB89C6D2}] => (Allow) LPort=2869
FirewallRules: [{EB5693F4-0BD1-44E6-AB0A-D634FF951CC8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F957BB7E-3E06-482A-BACF-AE9575168B41}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{B94205CF-B696-4156-BD0A-903DB79FF234}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{2892FF94-4615-4433-8CC2-C0A392113E11}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{4443AD46-DCB2-492F-B420-A036629E07A6}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{3B3B7B83-20C9-4AA8-82C3-ABA6A9EB308A}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{8FA26414-EAB2-4325-875E-9FBF58055B82}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{D8BBB845-CC30-4B49-B97A-AA2634D15BC0}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{B7AA72A0-ED38-42EE-8956-A6EB3779FB30}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{F5BB2328-8F45-4F39-9166-6B4EEF34BF6D}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{BC4553C3-41F0-4FA9-9ACE-FEA7E09F0D73}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{79D97064-E7AB-4A3C-8D68-AFE2A34C5231}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{0C411C81-A177-42B7-94FE-32EB8D8E1286}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{02E33348-AD4F-44F0-B75C-D79C26C84F2D}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{315CBF37-EC0E-4BF8-B6A6-9C3A02AC177D}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{8FE99C76-8EE9-4FF1-85E4-4282374CCD54}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{610F2580-9C4D-40A2-ABBF-2EAEF78F25FA}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{69F8F007-AC78-4C1F-853A-C9C852C69491}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{A0529077-12AC-477A-8C21-E7C92EDAAB22}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{5C530356-5B37-48E3-8636-6E109C0F337D}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{E324B950-A95E-4EDA-9226-2F817F536269}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{FDB9ACE5-9DD5-40D8-AA48-3A88C879DAB3}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{F0486B44-8228-4382-9C3D-B880221191E7}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{92F49293-F980-402A-B044-64EEC7DE5BB6}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{DB58C52C-0DDB-4D69-B120-42AB1D1BDED4}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{DC6DBC9A-59E4-4639-87EF-E1760896CB4F}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{6FD1A278-6190-48A1-94B7-D7B77B168A40}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{6384B0EB-9D50-47E0-A999-7B0B542705B9}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{725DBE58-1498-41CA-8A07-85EEAE37A333}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{89B07B68-8936-44B4-AD55-7658A71FC386}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{5EDFC566-8163-4FC0-BA23-A83DDE7B43DE}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{4AD9BFF6-25C1-4D46-AE17-9C1E58352EFE}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{2D5C5976-C29E-4E44-973C-539F75C64929}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{ED15F2BC-ADDD-414F-8C18-7634BBC5E740}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{5F6DDE4C-0003-4262-A6BB-1478B1B13BDE}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{ABD0193D-E97B-4040-A89E-7F570F9F36B5}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{870A4AE2-43BD-4AD2-B578-F0AF541189C8}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{875AD864-2061-443D-801E-5C05C501B47A}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{415F67D1-3A06-4A49-8C47-E14CEB86E684}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{83ECD8B1-92E3-4A44-8907-726AE755F3D3}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{A910B961-DCAD-4309-B75D-BA2E99CD8680}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{BD1E2314-6988-43AE-A436-978B0ED9260E}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{144A064E-F596-4F8B-BF78-552B5CABC596}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{3F9CC656-7B5D-44C2-B0CC-E2F578692ABA}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{6E94D564-AF2F-43BB-B18F-4368918964E8}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{0A4B9F03-AFB0-4634-B3C3-0927371A9279}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{10D1E358-3505-47BD-81F3-28ABA17C934E}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{1D74395D-C7E4-4344-97DF-09713A368389}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{9BF3AA74-29E7-46B7-A07C-5884C0795A22}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{FAF947DA-FA60-4677-B8A4-2C6FABC52134}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{03F1D274-A2F7-4A9D-8D51-7488DAE1969A}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{15B2C5FD-0684-45D3-9F15-3B5A8256AE84}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{5AFB9D2E-8463-487F-B42C-A42C4897E8A2}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{AC3D92E9-5DC2-4205-93C6-BB0FC16940DB}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{7F0E26E7-7E70-4656-91BC-B58DC1DCDA72}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{98B80692-5113-416D-949F-F3F672618A54}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{2F23CCC6-752C-4D8E-8C8F-D2804F28B588}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{E5A7EC4C-975A-4A54-BE8C-EAAFFB0C63E1}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{102EFEA1-9DE0-4911-ACDE-376A4FD41B9B}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{44F5D863-4B63-47EB-9DED-591D2E348B1C}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{F95A99BE-CAB1-47D8-B757-B43001D63E99}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{FDA876D0-30EB-4075-A24B-F774BB812EA1}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{24C7AEA6-1C8B-4FC9-8FFD-257AD1C3CECD}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{AB9CCF25-41B8-4519-897B-3BD190DB7603}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{4919359F-D487-457A-9901-29D1F63F816C}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{0BB1FF51-D853-4C79-B0A5-20806C76314C}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{3DADD89B-6589-42DD-B649-956B88391A22}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{22444B0E-C248-45B7-8FB0-019851D9939F}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{DF7BD435-F792-4208-A8EE-254E1A765E12}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{09F0AFA2-3E5C-4391-98A7-C6C6FA47C24C}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{0D12E8F6-92E0-4198-B0AB-D1721ABE1DFF}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{47FC12F9-61FC-4D80-B12F-136199693BE2}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{89746B22-BDB3-4716-B345-1BE13057FFDF}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{02A7D1B8-2F35-4B3E-AE04-9D6C03F8D815}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{53F51C3D-44D1-45E2-A845-A1720849657E}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{84061E6A-2384-4528-89B6-FF3782E5E772}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{6E6A6B21-ABE7-4224-8557-DBC1474D4C70}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{2FE591A5-7CB1-49F7-9579-2824332C5348}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{22A3C879-BC59-4666-83F1-7808C96F9EF8}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{F8289EC6-A62B-4ADE-9F72-9B9998B9935B}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{F4F1EEC7-921D-49DF-881E-D03884682403}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{B0C89A03-1A45-4A7C-B74B-FCDD30F93AC1}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{FD9CA79E-5264-47CD-917D-F3404ECB250D}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{3B1481AE-0E70-422E-AA5F-2ED063537FCD}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{908264EC-87F2-4B77-8925-D7EB27CFBBCA}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{030B5439-52B9-4524-9D51-EB651CAEECE3}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{445DF67C-6E08-4A14-A2AF-4FC3C7A0450B}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{4B4CFEC6-6EEA-4FE0-BB8B-B15C2D8A0195}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{C481DE85-FE7A-4F5A-B4E9-14EB0E446310}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{531917A9-C251-4254-B7EF-FEE7EEFD6B91}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{37B784AF-CE46-4936-B498-4537434FC148}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{BB4846C5-8ED8-4CD5-BD80-6A255E014046}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{3D469F8A-4AB0-42BD-879B-E75C129E23D9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{A5F003D9-946A-4C3A-AC26-37E5B24EB9A0}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{7978713E-1E2A-4819-A564-6CBEFECA2728}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{E85D831B-454E-4AF8-A56E-8FB604D44683}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{18855A1B-1FAC-4E47-A455-671C131F5719}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{910109BB-D859-4850-B98D-33E6CA5595BE}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{BE33889E-476C-40A7-BBAC-969309DC26B7}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{36582B7E-F387-4B63-A8A8-964044E30756}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{21633CA8-0ED4-407A-BECE-4EB8517FF1ED}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{37AC8EDE-EA5C-4B0D-A7D0-97E93D3F6FC8}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Windows Migration Assistant\MigrationAssistant.exe
FirewallRules: [{B5DAB2F9-58C2-40BD-96DB-0B87B008511E}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Windows Migration Assistant\MigrationAssistant.exe
FirewallRules: [{DAF8E89B-D802-406E-960A-EC42D91862A9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{B9CD4850-F020-499D-BFB7-4CD01235FCCB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{4F2BDCF0-7014-4AEA-B6CE-9AF999379DFD}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\StartNBR.exe
FirewallRules: [{62FC7A3C-47D1-4A40-830B-DFFA5692FA82}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{62C9366D-7C1E-498A-A1A5-A7FF6BFF32CA}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\nero.exe
FirewallRules: [{84829FE3-3CE6-42D9-91CD-EB5E60EFCF38}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E4455578-FAF4-4DA4-AE3D-532F67DC4672}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{CEFB95F2-014F-4B79-AE6D-0E45ACC5FA3B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{78C1ED57-F3B0-4E44-ACCD-727805850AE0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{93CAD9BB-8D91-4A7A-B312-82AF37D03AF0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E774B5D9-8750-453E-B3AD-F5434FE4B436}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8539601F-14CB-40A0-8B3E-09657C8E2D0C}] => (Allow) C:\Program Files\Advanced Monitoring Agent Network Management\NetworkManagement.exe
FirewallRules: [{C0D866D7-6DDE-4109-B856-6626A3ED190E}] => (Allow) C:\Program Files\Advanced Monitoring Agent Network Management\NetworkManagement.exe
 
==================== Restore Points =========================
 
30-01-2017 13:50:12 Scheduled Checkpoint
07-02-2017 12:23:38 Installed Rapport
14-02-2017 12:42:01 Scheduled Checkpoint
15-02-2017 11:38:43 Revo Uninstaller's restore point - Advanced Monitoring Agent Network Management
15-02-2017 11:46:56 Revo Uninstaller's restore point - Adobe Photoshop CS5.1
15-02-2017 11:57:24 Revo Uninstaller's restore point - Ask Toolbar Updater
15-02-2017 11:59:03 Revo Uninstaller's restore point - Java 8 Update 111
15-02-2017 11:59:28 Removed Java 8 Update 111
15-02-2017 12:00:51 Revo Uninstaller's restore point - Java 8 Update 91
15-02-2017 12:09:29 Revo Uninstaller's restore point - Managed Antivirus
15-02-2017 12:10:15 Removed Managed Antivirus.
15-02-2017 12:13:15 Revo Uninstaller's restore point - PDF Writer Packages
15-02-2017 12:14:37 Revo Uninstaller's restore point - VideoPlayer v2.0.6
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/15/2017 02:23:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 15.2.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1e88
 
Start Time: 01d28785cff3acc6
 
Termination Time: 4294967295
 
Application Path: C:\Users\Ron\Desktop\FRST64.exe
 
Report Id: 57496e08-f38a-11e6-b0d8-902b3430969c
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (02/15/2017 12:16:26 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\Ron\PaperPort\CheckPPFolders.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_ea83eaa5b9bc2149.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest.
 
Error: (02/15/2017 12:14:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (02/15/2017 12:13:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (02/15/2017 12:10:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (02/15/2017 12:09:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (02/15/2017 12:00:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (02/15/2017 11:59:35 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (02/15/2017 11:59:04 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (02/15/2017 11:57:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
 
System errors:
=============
Error: (02/15/2017 12:30:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB2267602 (Definition 1.235.2880.0).
 
Error: (02/15/2017 12:21:58 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Message Queuing service, but this action failed with the following error: 
An instance of the service is already running.
 
Error: (02/15/2017 12:20:02 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800706be: Definition Update for Windows Defender - KB2267602 (Definition 1.235.2880.0).
 
Error: (02/15/2017 12:19:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (02/15/2017 12:19:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MSCamSvc service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/15/2017 12:19:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Managed Antivirus service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/15/2017 12:19:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The GFI LanGuard 11 Attendant Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/15/2017 12:19:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (02/15/2017 12:19:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/15/2017 12:19:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Advanced Monitoring Agent Network Management service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 20000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2017-02-15 12:14:38.015
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-15 12:14:37.997
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-15 12:14:37.980
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-15 12:14:32.017
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-15 12:14:32.001
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-15 12:14:31.955
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-31 04:20:39.636
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-31 03:42:29.716
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-30 16:06:55.438
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-27 13:21:25.668
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 18%
Total physical RAM: 16346.09 MB
Available physical RAM: 13308.36 MB
Total Virtual: 32730.09 MB
Available Virtual: 29437.8 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:930.97 GB) (Free:811.22 GB) NTFS
Drive f: (Second Drive) (Fixed) (Total:232.88 GB) (Free:158.65 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: FA85FEBC)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6D9E0F84)
Partition 1: (Active) - (Size=84 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
 
==================== End of Addition.txt ============================
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-02-2017 01
Ran by Ron (administrator) on RONSNO2 (15-02-2017 14:24:28)
Running from C:\Users\Ron\Desktop
Loaded Profiles: Ron (Available Profiles: Ron & UpdatusUser & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
Failed to access process -> SecurityCheck.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(LogicNow Ltd) C:\Program Files\Advanced Monitoring Agent Network Management\NetworkManagement.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Remote Monitoring) C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\WINDOWS\System32\mqsvc.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-12-15] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-09-28] (cyberlink)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-11-08] (Bitleader)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [Bonus.SSR.FR11] => C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [1348176 2012-09-17] (ABBYY)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\USB Sound Blaster HD\Volume Panel\VolPanlu.exe [241757 2010-12-08] (Creative Technology Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Users\Ron\PaperPort\pptd40nt.exe [36168 2013-05-14] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Users\Ron\PaperPort\IndexSearch.exe [18248 2013-05-14] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort14reminder] => "C:\Users\Ron\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\14\Config\Ereg\Ereg.ini"
HKLM-x32\...\Run: [PDFProHook] => C:\Users\Ron\PDFViewer\pdfpro7hook.exe [641864 2013-03-20] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFCreHook] => C:\Users\Ron\PDFCreate\pdfcreate7hook.exe [605512 2013-03-26] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF7 Registry Controller] => C:\Users\Ron\PDFCreate\RegistryController.exe [140616 2013-03-26] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Scheduling Agent] => C:\Program Files (x86)\Creative\MediaToolbox6\Manage Recording Schedule\MTScdAgt.exe [1730086 2007-04-12] (Creative Technology Ltd)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282632 2013-07-23] (CANON INC.)
HKLM-x32\...\Run: [AdvancedMonitoringSysTray] => C:\Program Files (x86)\Advanced Monitoring Agent\systray\Launcher.exe [292352 2015-08-03] ()
HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBAMTray.exe [3232152 2013-05-28] (Managed Antivirus)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2012-07-02] (Hewlett-Packard Company)
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1084688 2016-04-21] (Apple Inc.)
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Run: [OneDrive] => C:\Users\Ron\AppData\Local\Microsoft\OneDrive\OneDrive.exe [1517280 2017-02-07] (Microsoft Corporation) <===== ATTENTION
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk [2016-12-05]
ShortcutTarget: Picture Motion Browser Media Check Tool.lnk -> C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-12-05]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 212.159.6.10 212.159.6.9
Tcpip\..\Interfaces\{b13c0eed-3d81-4b48-9724-2530b5c23389}: [DhcpNameServer] 212.159.6.10 212.159.6.9
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://i.search.metacrawler.com/?f=1&a=ironmc2&cd=2XzuyEtN2Y1L1QzuzytDtB0BtAyEtAtDzyyCzy0CyD0DtDyCtN0D0Tzu0CyCzzzztN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu&cr=2119043354&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-2022913626-2766758768-741264458-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2022913626-2766758768-741264458-1000 -> {7F95CAF9-7AE4-4BDC-9049-C8ECBFDD791E} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie10
SearchScopes: HKU\S-1-5-21-2022913626-2766758768-741264458-1000 -> {A5CC386B-5E2C-4BB6-987B-3F83BA73B5C2} URL = hxxp://www.flickr.com/search/?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Users\Ron\PDFViewer\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation)
BHO-x32: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Users\Ron\PDFCreate\Bin\ZeonIEFavClient.dll [2011-03-25] (Zeon Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Users\Ron\PDFCreate\Bin\ZeonIEFavClient.dll [2011-03-25] (Zeon Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-2022913626-2766758768-741264458-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2022913626-2766758768-741264458-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
DPF: HKLM-x32 {34DC66DB-E913-40A1-A2DD-53A1B9E90CAC} hxxps://col0-sec.mail.live.com/mail/resources/MailMigrationTool.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
 
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-2022913626-2766758768-741264458-1000 -> hxxp://www.google.co.uk/
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-08-28] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Users\Ron\PDFViewer\bin\nppdf.dll [2011-07-15] (Zeon Corporation)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> amazon.co.uk/gp/bit/amazonserp/?ie=UTF8__PARAM__
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default [2017-02-15]
CHR Extension: (Adobe Acrobat) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-27]
CHR Extension: (AdBlock) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-27]
CHR Extension: (Chrome Media Router) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-09]
CHR HKU\S-1-5-21-2022913626-2766758768-741264458-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2022913626-2766758768-741264458-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [meagncggdmaklghgpmpljnedbdoepioa] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jlceijfdfeghdhmmbhbcffanmcggoojf] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 ABBYY.Licensing.FineReader.Professional.10.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [814344 2009-12-22] (ABBYY)
S2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [821840 2012-07-19] (ABBYY)
S2 ABBYY.Licensing.FineReader.Professional.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [759072 2008-10-27] (ABBYY (BIT Software))
R2 Advanced Monitoring Agent; C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe [8833536 2016-08-29] (Remote Monitoring)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-09-18] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-09-17] (Creative Labs) [File not signed]
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2014-09-18] (Creative Labs) [File not signed]
S2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S2 gfi_lanss11_attservice; C:\Program Files (x86)\Advanced Monitoring Agent\patchman\11\lnssatt.exe [167024 2015-01-30] (GFI Software Development Ltd.)
S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2012-06-27] (Hewlett-Packard Company) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NetworkManagement; C:\Program Files\Advanced Monitoring Agent Network Management\NetworkManagement.exe [281240 2016-09-07] (LogicNow Ltd)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
S2 PDFProFiltSrvPP; C:\Users\Ron\PaperPort\PDFProFiltSrvPP.exe [77640 2013-05-14] (Nuance Communications, Inc.)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2401264 2017-01-22] (IBM Corp.)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] () [File not signed]
S2 SBAMSvc; C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBAMSvc.exe [3681016 2013-05-28] (ThreatTrack Security, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2005-01-31] (Ulead Systems, Inc.) [File not signed]
S2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation)
S2 HitmanPro37CrusaderBoot; "C:\Users\Ron\Desktop\hitmanpro_x64.exe" /crusader:boot [X] <==== ATTENTION
S3 scan; C:\Program Files (x86)\iYogi\TechGenie\scan.dll [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ComproHID; C:\WINDOWS\System32\DRIVERS\ComproHID64.sys [9088 2007-10-01] (Compro Tech., Inc.)
S3 ComproHID; C:\Windows\SysWOW64\DRIVERS\ComproHID64.sys [9088 2007-10-01] (Compro Tech., Inc.)
R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [14456 2017-02-10] (GFI Software)
R3 ksaud; C:\WINDOWS\system32\drivers\ksaud.sys [1558528 2013-03-26] (Creative Technology Ltd.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-02-14] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [380872 2017-01-22] (IBM Corp.)
R1 RapportCerberus_1804047; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1804047.sys [1264776 2017-02-07] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [580648 2017-01-22] (IBM Corp.)
R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [250728 2017-01-22] (IBM Corp.)
S3 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [504456 2017-01-22] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [603464 2017-01-22] (IBM Corp.)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [16152 2014-05-31] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-15 14:24 - 2017-02-15 14:24 - 00027543 _____ C:\Users\Ron\Desktop\FRST.txt
2017-02-15 12:19 - 2017-02-15 14:24 - 00000000 ____D C:\Users\Ron\Desktop\FRST-OlderVersion
2017-02-15 12:19 - 2017-02-15 12:20 - 00007202 _____ C:\Users\Ron\Desktop\Fixlog.txt
2017-02-15 12:19 - 2017-02-15 12:19 - 00006747 _____ C:\Users\Ron\Desktop\fixlist.txt
2017-02-15 12:18 - 2017-02-15 12:18 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Managed Antivirus
2017-02-15 12:18 - 2017-02-15 12:18 - 00000000 ____D C:\ProgramData\Managed Antivirus
2017-02-15 11:47 - 2017-02-15 12:20 - 00000000 ____D C:\ProgramData\AdvancedMonitoringAgentNetworkManagement
2017-02-15 11:47 - 2017-02-15 11:47 - 00000000 ____D C:\Program Files\Advanced Monitoring Agent Network Management
2017-02-15 11:36 - 2017-02-15 11:36 - 00001079 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-02-15 11:36 - 2017-02-15 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-02-15 11:36 - 2017-02-15 11:36 - 00000000 ____D C:\Program Files\VS Revo Group
2017-02-15 11:26 - 2017-02-15 11:36 - 07097928 _____ (VS Revo Group ) C:\Users\Ron\Desktop\revosetup.exe
2017-02-14 11:59 - 2017-02-14 11:59 - 00000000 ___HD C:\OneDriveTemp
2017-02-13 15:39 - 2017-02-15 12:19 - 00000000 ____D C:\FRST
2017-02-13 12:35 - 2017-02-13 12:35 - 00480194 _____ C:\Users\Ron\Documents\Emailing_ Ron Green_jpg.eml
2017-02-13 12:00 - 2017-02-15 14:24 - 02422272 _____ (Farbar) C:\Users\Ron\Desktop\FRST64.exe
2017-02-09 17:05 - 2017-02-09 17:06 - 04188767 _____ C:\Users\Ron\Downloads\yeeveo.webm
2017-02-09 17:05 - 2017-02-09 17:05 - 04188767 _____ C:\Users\Ron\Downloads\aya6ds.webm
2017-02-09 17:05 - 2017-02-09 17:05 - 04151468 _____ C:\Users\Ron\Downloads\9spmmi.webm
2017-02-09 17:05 - 2017-02-09 17:05 - 04130886 _____ C:\Users\Ron\Downloads\s9q2ta.webm
2017-02-09 16:37 - 2017-02-13 15:29 - 00000000 ____D C:\Users\Ron\AppData\Local\CrashDumps
2017-02-09 15:52 - 2016-12-29 12:43 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-09 15:51 - 2017-02-09 15:51 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-09 15:51 - 2016-12-29 13:06 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-09 15:51 - 2016-12-29 12:44 - 00546752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-02-09 15:51 - 2016-12-29 12:44 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-02-09 15:51 - 2016-09-09 18:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-09 15:51 - 2016-09-09 18:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-09 15:51 - 2016-09-09 18:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-09 15:51 - 2016-09-09 18:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-09 15:50 - 2017-02-09 15:52 - 00000000 ____D C:\WINDOWS\LastGood
2017-02-07 12:50 - 2017-02-07 12:50 - 00001112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-02-07 12:48 - 2017-02-07 12:48 - 12922384 _____ (TeamViewer GmbH) C:\Users\Ron\Downloads\TeamViewer_Setup_en (2).exe
2017-02-02 15:29 - 2017-02-02 15:29 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-02-02 15:29 - 2017-02-02 15:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-02-02 15:28 - 2017-02-02 15:29 - 00000000 ____D C:\Program Files\iTunes
2017-02-02 15:28 - 2017-02-02 15:28 - 00000000 ____D C:\Program Files\iPod
2017-02-02 15:23 - 2017-02-02 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-01-30 15:44 - 2016-12-21 09:01 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-30 15:44 - 2016-12-21 09:01 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-01-30 15:44 - 2016-12-21 08:25 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-01-30 15:44 - 2016-12-21 07:18 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-01-30 15:44 - 2016-12-21 06:56 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-01-30 15:44 - 2016-12-21 05:41 - 04895744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-01-30 15:44 - 2016-12-21 05:39 - 22373376 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-30 15:44 - 2016-12-21 05:15 - 07839232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-30 15:44 - 2016-12-21 05:06 - 03663872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-01-30 15:44 - 2016-12-21 05:03 - 18671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-30 15:44 - 2016-12-21 04:48 - 05658624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-30 15:44 - 2016-10-25 06:55 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-01-17 12:19 - 2017-01-17 12:19 - 00537031 _____ C:\Users\Ron\Documents\IMG_20170117_0002.pdf
2017-01-17 11:56 - 2017-01-17 11:56 - 00542831 _____ C:\Users\Ron\Documents\IMG_20170117_0001.pdf
2017-01-17 11:53 - 2017-01-17 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CanoScan 9000F Mark II
2017-01-17 11:53 - 2017-01-17 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon CanoScan 9000F Mark II Manual
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-15 14:20 - 2016-12-06 10:33 - 00000000 ____D C:\Program Files (x86)\Advanced Monitoring Agent
2017-02-15 12:55 - 2013-09-21 08:34 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-15 12:46 - 2014-07-16 23:23 - 00004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6B609F37-7F1E-472C-A515-E682AE2180A1}
2017-02-15 12:44 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-15 12:20 - 2016-05-28 14:19 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-02-15 12:19 - 2016-02-04 23:23 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-15 12:19 - 2016-01-28 15:11 - 00000000 ___RD C:\Users\Ron\OneDrive
2017-02-15 12:11 - 2014-07-21 03:40 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Sunbelt
2017-02-15 12:09 - 2014-10-15 12:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-15 12:00 - 2012-09-14 10:25 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-15 11:57 - 2012-09-12 21:17 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Adobe
2017-02-15 11:55 - 2012-09-12 20:12 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-02-15 11:55 - 2012-09-12 13:58 - 00000000 ____D C:\ProgramData\Adobe
2017-02-15 11:27 - 2016-12-06 14:08 - 00000000 ____D C:\WINDOWS\Patches
2017-02-15 11:22 - 2015-10-30 07:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-15 11:20 - 2014-06-25 13:09 - 00000000 ____D C:\Users\Ron\AppData\Local\Adobe
2017-02-14 12:55 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-14 12:55 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-14 12:09 - 2016-01-29 11:02 - 00000000 ____D C:\Users\Ron\Documents\Outlook Files
2017-02-14 12:05 - 2016-01-29 12:04 - 00000000 ____D C:\Users\Ron\AppData\Local\D257AB91-2D8E-449C-A50F-912B05C0550B.aplzod
2017-02-14 11:59 - 2016-01-29 12:04 - 00000000 ___RD C:\Users\Ron\iCloudDrive
2017-02-14 11:58 - 2016-03-22 15:40 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-14 11:58 - 2013-06-04 13:36 - 00000350 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2017-02-13 15:41 - 2016-02-04 23:26 - 01026508 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-13 15:41 - 2015-10-30 07:21 - 00000000 ____D C:\WINDOWS\INF
2017-02-13 15:29 - 2016-05-26 14:45 - 00000000 ____D C:\Users\Ron\AppData\Roaming\.oit
2017-02-13 15:28 - 2016-05-26 14:44 - 00000000 ____D C:\ProgramData\Nuance
2017-02-13 15:27 - 2012-11-08 00:50 - 00000000 ____D C:\ProgramData\Temp
2017-02-13 11:17 - 2016-12-06 10:19 - 00000000 ____D C:\Users\Ron\AppData\LocalLow\Adblock Plus for IE
2017-02-10 16:38 - 2016-12-06 10:34 - 00014456 _____ (GFI Software) C:\WINDOWS\system32\Drivers\gfibto.sys
2017-02-09 16:35 - 2013-05-23 10:49 - 00000000 ____D C:\Users\Ron\Documents\ALL SERIAL NUMBERS
2017-02-09 15:52 - 2016-02-04 23:23 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-09 15:52 - 2016-02-04 23:22 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-09 15:52 - 2012-09-14 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-09 15:51 - 2016-02-04 23:22 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-09 14:45 - 2016-02-04 23:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-09 14:45 - 2016-02-04 23:38 - 00142832 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_38F51D56.sys
2017-02-09 14:45 - 2016-02-04 23:18 - 04916864 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-09 14:44 - 2016-02-04 23:26 - 00000000 ____D C:\Users\UpdatusUser
2017-02-09 14:44 - 2015-10-30 06:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2017-02-09 14:34 - 2016-02-07 12:17 - 00002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-09 14:34 - 2012-09-12 20:13 - 00002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 16:34 - 2016-02-04 23:26 - 00000000 ____D C:\Users\Ron
2017-02-07 12:29 - 2016-02-05 16:02 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-07 12:24 - 2013-08-31 08:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2017-02-07 11:49 - 2016-12-06 14:04 - 00003270 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-07 11:49 - 2016-02-04 23:52 - 00002394 _____ C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-05 17:38 - 2012-12-19 13:26 - 00000000 ____D C:\ProgramData\CanonIJPLM
2017-02-02 16:09 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\rescache
2017-02-02 15:28 - 2016-01-29 11:54 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-02-01 15:56 - 2013-11-02 14:49 - 00000000 ____D C:\SoloApp
2017-01-31 03:32 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-30 15:51 - 2015-10-30 07:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-30 15:51 - 2013-08-17 08:27 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-30 15:48 - 2012-09-12 18:39 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-30 15:18 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-22 19:09 - 2015-06-12 20:59 - 00250728 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2017-01-22 19:09 - 2012-11-12 14:32 - 00504456 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2017-01-20 14:44 - 2015-11-09 15:37 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-17 11:57 - 2016-07-10 15:59 - 00000000 ___HD C:\ProgramData\CanonIJMIG
2017-01-17 11:55 - 2015-10-30 07:24 - 00000000 __RSD C:\WINDOWS\Media
2017-01-17 11:55 - 2015-10-04 14:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2017-01-17 11:55 - 2012-12-19 13:20 - 00000000 ____D C:\Program Files (x86)\Canon
2017-01-17 11:53 - 2016-03-17 10:00 - 00002451 _____ C:\Users\Public\Desktop\Canon CanoScan 9000F II On-screen Manual.lnk
2017-01-17 11:10 - 2015-10-30 07:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-17 11:08 - 2012-09-12 13:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-17 11:03 - 2015-02-03 16:09 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
 
==================== Files in the root of some directories =======
 
2013-01-01 18:29 - 2014-10-17 12:38 - 0000132 _____ () C:\Users\Ron\AppData\Roaming\Adobe BMP Format CS5 Prefs
2012-09-18 13:47 - 2012-09-18 13:49 - 0000132 _____ () C:\Users\Ron\AppData\Roaming\Adobe GIF Format CS5 Prefs
2014-09-18 15:01 - 2016-06-16 14:49 - 0002268 _____ () C:\Users\Ron\AppData\Roaming\MTScdAgt.dat
2013-07-28 16:21 - 2014-05-30 22:13 - 0000138 _____ () C:\Users\Ron\AppData\Roaming\WB.CFG
2013-06-17 14:21 - 2013-11-02 14:38 - 0000006 _____ () C:\Users\Ron\AppData\Roaming\WBPU-TTL.DAT
2013-07-24 13:38 - 2013-07-24 13:38 - 145394418 _____ () C:\Users\Ron\AppData\Local\ACCCx189.zip.aamdownload
2013-07-24 13:38 - 2013-07-24 13:38 - 0001811 _____ () C:\Users\Ron\AppData\Local\ACCCx189.zip.aamdownload.aamd
2014-05-01 11:53 - 2014-05-01 11:53 - 169928142 _____ () C:\Users\Ron\AppData\Local\ACCCx2_5_1_369.2.zip.aamdownload
2014-05-01 11:53 - 2014-05-01 11:53 - 0002071 _____ () C:\Users\Ron\AppData\Local\ACCCx2_5_1_369.2.zip.aamdownload.aamd
2013-01-02 22:37 - 2014-10-17 11:19 - 0010752 _____ () C:\Users\Ron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-12 13:57 - 2012-09-12 13:57 - 0000091 _____ () C:\Users\Ron\AppData\Local\fusioncache.dat
2014-12-18 15:31 - 2013-01-14 16:34 - 0007680 _____ () C:\Users\Ron\AppData\Local\Z@!-2da6ce39-a06e-4212-8bdb-b8dbdece5b93.tmp
2014-12-18 16:16 - 2013-01-14 16:34 - 0007680 _____ () C:\Users\Ron\AppData\Local\Z@!-b68f2c6f-74c7-4781-9985-185b0f541c8d.tmp
2014-12-18 15:31 - 2013-01-14 16:34 - 0007680 _____ () C:\Users\Ron\AppData\Local\Z@!-f6b9e1be-554e-4641-801f-9d2493a42229.tmp
2014-12-18 16:16 - 2013-01-14 16:34 - 0007168 _____ () C:\Users\Ron\AppData\Local\Z@S!-b3a61a74-a904-4315-83e8-11f28febbc72.tmp
2014-09-17 16:19 - 2009-11-17 07:54 - 0002844 _____ () C:\ProgramData\CfSB1240.ini
2014-09-17 16:19 - 2013-03-26 04:54 - 0002844 _____ () C:\ProgramData\CfSB1240A.ini
 
Files to move or delete:
====================
C:\Users\Ron\AppData\Local\Microsoft\OneDrive\OneDrive.exe
 
 
Some files in TEMP:
====================
2016-12-26 17:16 - 2016-09-07 05:39 - 0620176 _____ (Microsoft Corporation) C:\Users\Ron\AppData\Local\Temp\kernel32.dll
2017-01-17 11:51 - 2012-03-16 13:51 - 0864368 ____N (CANON INC.) C:\Users\Ron\AppData\Local\Temp\MSETUP4.EXE
2017-02-07 12:04 - 2017-02-07 12:18 - 1778472 _____ () C:\Users\Ron\AppData\Local\Temp\{77A17922-8A9E-4A4A-946A-1E9EFFD3770A}-56.0.2924.87_55.0.2883.87_chrome_updater.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-13 12:39
 
==================== End of FRST.txt ============================


#14 satchfan

satchfan

  • Malware Response Team
  • 2,937 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:28 PM

Posted 15 February 2017 - 09:53 AM

Either you didn't follow the instructions for the FRST 'fix' or your fixlog.txt is incomplete.

 

Also, some programs have not been uninstalled. If you did do the fix correctly, please include the full fixlog.txt.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#15 TimB48

TimB48
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 15 February 2017 - 10:28 AM

When I ran the fix, the progress bar continued for more than 2 hours, although the fixlog.txt was produced after only 5 minutes or so. As I did not know how long the fix might take I left it running but ended up stopping it via task manager as it had become unresponsive. Should I try re-running the fix or not? There were a couple of programs that revo could not uninstall ( by using the progs own uninstall routine) All I did with those was delete any left over registry entries etc using revo. I did not go back into settings/apps to check if they were still showing there. Also I did not reboot before running the fix. Not sure if I should have or not.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users