Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sluggish PC


  • This topic is locked This topic is locked
43 replies to this topic

#16 satchfan

satchfan

  • Malware Response Team
  • 2,800 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:11 PM

Posted 15 February 2017 - 10:37 AM

I think maybe the security programmes may be affecting things.

 

Could you please try following all the instructions again in safe mode, (including Revo) and let me know how that goes..


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


BC AdBot (Login to Remove)

 


#17 TimB48

TimB48
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 15 February 2017 - 10:55 AM

OK will do.



#18 TimB48

TimB48
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 16 February 2017 - 09:31 AM

I have rerun revo and frst in safe mode. Prior to that both advanced monitoring agent and managed AV did not appear to have been uninstalled. When trying to remove managed AV a dialogue box came up "error opening installation file.Verify that the specified log file location exists and is writeable". Both apps appear to have gone now. Here is today's fixlog.txt. No new frst.txt or addition.txt fles have been produced today.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-02-2017 02
Ran by Ron (16-02-2017 14:14:00) Run:2
Running from C:\Users\Ron\Desktop
Loaded Profiles: Ron & UpdatusUser &  (Available Profiles: Ron & UpdatusUser)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-2022913626-2766758768-741264458-1003] => Proxy is enabled.
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://i.search.metacrawler.com/?f=1&a=ironmc2&cd=2XzuyEtN2Y1L1QzuzytDtB0BtAyEtAtDzyyCzy0CyD0DtDyCtN0D0Tzu0CyCzzzztN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu&cr=2119043354&ir=
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2022913626-2766758768-741264458-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2022913626-2766758768-741264458-1000 -> {7F95CAF9-7AE4-4BDC-9049-C8ECBFDD791E} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie10
SearchScopes: HKU\S-1-5-21-2022913626-2766758768-741264458-1000 -> {A5CC386B-5E2C-4BB6-987B-3F83BA73B5C2} URL = hxxp://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2022913626-2766758768-741264458-1003 -> DefaultScope {078E3EC5-40A1-9944-9069-40FB647AC928} URL =
SearchScopes: HKU\S-1-5-21-2022913626-2766758768-741264458-1003 -> {86DFF96B-C809-43E3-9861-4B6BD83EED2C} URL = hxxp://www.flickr.com/search/?q={searchTerms}
Toolbar: HKU\S-1-5-21-2022913626-2766758768-741264458-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2022913626-2766758768-741264458-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
S2 HitmanPro37CrusaderBoot; "C:\Users\Ron\Desktop\hitmanpro_x64.exe" /crusader:boot [X] <==== ATTENTION
S3 scan; C:\Program Files (x86)\iYogi\TechGenie\scan.dll [X] <==== ATTENTION
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [16152 2014-05-31] ()
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
2017-02-11 16:08 - 2016-01-29 12:04 - 00000000 ____D C:\Users\Ron\AppData\Local\D257AB91-2D8E-449C-A50F-912B05C0550B.aplzod
2014-12-18 15:31 - 2013-01-14 16:34 - 0007680 _____ () C:\Users\Ron\AppData\Local\Z@!-2da6ce39-a06e-4212-8bdb-b8dbdece5b93.tmp
2014-12-18 16:16 - 2013-01-14 16:34 - 0007680 _____ () C:\Users\Ron\AppData\Local\Z@!-b68f2c6f-74c7-4781-9985-185b0f541c8d.tmp
2014-12-18 15:31 - 2013-01-14 16:34 - 0007680 _____ () C:\Users\Ron\AppData\Local\Z@!-f6b9e1be-554e-4641-801f-9d2493a42229.tmp
2014-12-18 16:16 - 2013-01-14 16:34 - 0007168 _____ () C:\Users\Ron\AppData\Local\Z@S!-b3a61a74-a904-4315-83e8-11f28febbc72.tmp
Task: {00DC13BD-5C84-466D-A7EF-EEEB67B5C08D} - \SystemSockets\SystemSockets -> No File <==== ATTENTION
Task: {02BFF7A6-9B59-46A9-9E82-2E9D91785294} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {19842236-D45B-4A61-8C2D-8974F1356886} - System32\Tasks\4484 => Wscript.exe C:\Users\Ron\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {20E0FA52-D42A-4FC6-8C44-94BBCC89A5F8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {23224B54-1EC5-4DF2-84E1-4E5804959640} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {26C5CAAD-6394-4EBA-895F-EA6C519C20A6} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{635C69AD-C337-4538-AF3E-1646141956B2}.exe  <==== ATTENTION
Task: {284E2F6B-0BD9-439A-BE49-824395A13496} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {30FFBC21-4308-4B35-8CDB-C6497047F3A5} - \ProtectedSearch\Protected Search -> No File <==== ATTENTION
Task: {4CB8894E-9F05-4090-9DCD-D98EAB07BFA7} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {73B00244-B9E4-42B2-9921-45C5032158B0} - \AdobeFlashPlayerUpdate -> No File <==== ATTENTION
Task: {7AFBD763-99F7-48BB-BB65-9DA6F9553C9A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {7DBCAAE3-4EA5-4755-AA40-B177AD9EAB87} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {802A147A-8A5A-46DE-ACD9-C473929FC71F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9B0DA976-3ED0-4F29-A893-00F0FBAADC31} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {AB313BA1-F9FA-4970-9508-16B07B32A2F0} - \AdobeFlashPlayerUpdate 2 -> No File <==== ATTENTION
Task: {AC584293-11A6-48EB-9D5C-7286FA79B784} - \BrowserSafeguard -> No File <==== ATTENTION
Task: {B874FA52-7577-499B-991F-0DFACA7D1F09} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {BEE5BCEF-5B32-40F2-ACB1-0A53FF1B2D31} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C27B9EDA-37F1-4C25-A7C9-17B460CD6077} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C8E038E5-BCDD-49E0-9D38-44CF11B36962} - \Browser Updater\Browser Updater -> No File <==== ATTENTION
Task: {EF56D041-A656-431F-8078-9F76774DA14A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FEB96025-7869-4D92-A325-27D819CD01D8} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{635C69AD-C337-4538-AF3E-1646141956B2}.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [131]
AlternateDataStreams: C:\ProgramData\Temp:FD9CE1F3 [240]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
IE trusted site: HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\amazon.co.uk -> hxxps://amazon.co.uk
IE trusted site: HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\driversupport.com -> hxxps://apps.driversupport.com
Managed Antivirus (x32 Version: 6.2.5528 - GFI Software) Hidden
Amazon 1Button App (x32 Version: 2.3.4 - Amazon) Hidden <==== ATTENTION
C:\WINDOWS\System32\DRIVERS\SWDUMon.sys
C:\Users\Ron\AppData\Local\Temp\kernel32.dll
C:\Users\Ron\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Ron\AppData\Local\Temp\{77A17922-8A9E-4A4A-946A-1E9EFFD3770A}-56.0.2924.87_55.0.2883.87_chrome_updater.exe
RemoveProxy:
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
*****************
 
Processes closed successfully.
HKLM\SOFTWARE\Policies\Google => key not found. 
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F95CAF9-7AE4-4BDC-9049-C8ECBFDD791E} => key removed successfully
HKCR\CLSID\{7F95CAF9-7AE4-4BDC-9049-C8ECBFDD791E} => key not found. 
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A5CC386B-5E2C-4BB6-987B-3F83BA73B5C2} => key removed successfully
HKCR\CLSID\{A5CC386B-5E2C-4BB6-987B-3F83BA73B5C2} => key not found. 
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{86DFF96B-C809-43E3-9861-4B6BD83EED2C} => key removed successfully
HKCR\CLSID\{86DFF96B-C809-43E3-9861-4B6BD83EED2C} => key not found. 
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKLM\System\CurrentControlSet\Services\HitmanPro37CrusaderBoot => key removed successfully
HitmanPro37CrusaderBoot => service removed successfully
HKLM\System\CurrentControlSet\Services\scan => key removed successfully
scan => service removed successfully
HKLM\System\CurrentControlSet\Services\SWDUMon => key removed successfully
SWDUMon => service removed successfully
HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully
idsvc => service removed successfully
HKLM\System\CurrentControlSet\Services\wpcsvc => key removed successfully
wpcsvc => service removed successfully
C:\Users\Ron\AppData\Local\D257AB91-2D8E-449C-A50F-912B05C0550B.aplzod => moved successfully
C:\Users\Ron\AppData\Local\Z@!-2da6ce39-a06e-4212-8bdb-b8dbdece5b93.tmp => moved successfully
C:\Users\Ron\AppData\Local\Z@!-b68f2c6f-74c7-4781-9985-185b0f541c8d.tmp => moved successfully
C:\Users\Ron\AppData\Local\Z@!-f6b9e1be-554e-4641-801f-9d2493a42229.tmp => moved successfully
C:\Users\Ron\AppData\Local\Z@S!-b3a61a74-a904-4315-83e8-11f28febbc72.tmp => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{00DC13BD-5C84-466D-A7EF-EEEB67B5C08D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00DC13BD-5C84-466D-A7EF-EEEB67B5C08D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemSockets\SystemSockets => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02BFF7A6-9B59-46A9-9E82-2E9D91785294} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02BFF7A6-9B59-46A9-9E82-2E9D91785294} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{19842236-D45B-4A61-8C2D-8974F1356886} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19842236-D45B-4A61-8C2D-8974F1356886} => key removed successfully
C:\WINDOWS\System32\Tasks\4484 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4484 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20E0FA52-D42A-4FC6-8C44-94BBCC89A5F8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20E0FA52-D42A-4FC6-8C44-94BBCC89A5F8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{23224B54-1EC5-4DF2-84E1-4E5804959640} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23224B54-1EC5-4DF2-84E1-4E5804959640} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{26C5CAAD-6394-4EBA-895F-EA6C519C20A6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26C5CAAD-6394-4EBA-895F-EA6C519C20A6} => key removed successfully
C:\WINDOWS\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_TB_rmv => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{284E2F6B-0BD9-439A-BE49-824395A13496} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{284E2F6B-0BD9-439A-BE49-824395A13496} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{30FFBC21-4308-4B35-8CDB-C6497047F3A5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30FFBC21-4308-4B35-8CDB-C6497047F3A5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProtectedSearch\Protected Search => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4CB8894E-9F05-4090-9DCD-D98EAB07BFA7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CB8894E-9F05-4090-9DCD-D98EAB07BFA7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73B00244-B9E4-42B2-9921-45C5032158B0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73B00244-B9E4-42B2-9921-45C5032158B0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7AFBD763-99F7-48BB-BB65-9DA6F9553C9A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AFBD763-99F7-48BB-BB65-9DA6F9553C9A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-URT => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7DBCAAE3-4EA5-4755-AA40-B177AD9EAB87} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DBCAAE3-4EA5-4755-AA40-B177AD9EAB87} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{802A147A-8A5A-46DE-ACD9-C473929FC71F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{802A147A-8A5A-46DE-ACD9-C473929FC71F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B0DA976-3ED0-4F29-A893-00F0FBAADC31} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B0DA976-3ED0-4F29-A893-00F0FBAADC31} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{AB313BA1-F9FA-4970-9508-16B07B32A2F0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB313BA1-F9FA-4970-9508-16B07B32A2F0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate 2 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AC584293-11A6-48EB-9D5C-7286FA79B784} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC584293-11A6-48EB-9D5C-7286FA79B784} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserSafeguard => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B874FA52-7577-499B-991F-0DFACA7D1F09} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B874FA52-7577-499B-991F-0DFACA7D1F09} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BEE5BCEF-5B32-40F2-ACB1-0A53FF1B2D31} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BEE5BCEF-5B32-40F2-ACB1-0A53FF1B2D31} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C27B9EDA-37F1-4C25-A7C9-17B460CD6077} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C27B9EDA-37F1-4C25-A7C9-17B460CD6077} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C8E038E5-BCDD-49E0-9D38-44CF11B36962} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8E038E5-BCDD-49E0-9D38-44CF11B36962} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Updater\Browser Updater => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF56D041-A656-431F-8078-9F76774DA14A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF56D041-A656-431F-8078-9F76774DA14A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FEB96025-7869-4D92-A325-27D819CD01D8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FEB96025-7869-4D92-A325-27D819CD01D8} => key removed successfully
C:\WINDOWS\System32\Tasks\0 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 => key removed successfully
C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => moved successfully
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
C:\ProgramData\Temp => ":FD9CE1F3" ADS removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => key removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => key removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Classes\exefile => key removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Classes\.exe => key removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\Software\Classes\exefile => key not found. 
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\Software\Classes\.exe => key not found. 
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amazon.co.uk => key removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\driversupport.com => key removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\driversupport.com => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B6DCCCD3-520D-4485-B642-FCC136CE12C3}\\SystemComponent => value removed successfully
C:\WINDOWS\System32\DRIVERS\SWDUMon.sys => moved successfully
C:\Users\Ron\AppData\Local\Temp\kernel32.dll => moved successfully
C:\Users\Ron\AppData\Local\Temp\MSETUP4.EXE => moved successfully
C:\Users\Ron\AppData\Local\Temp\{77A17922-8A9E-4A4A-946A-1E9EFFD3770A}-56.0.2924.87_55.0.2883.87_chrome_updater.exe => moved successfully
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 115695709 B
Java, Flash, Steam htmlcache => 18753 B
Windows/system/drivers => 23697217 B
Edge => 350619259 B
Chrome => 159847958 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 159468 B
NetworkService => 22138506 B
Ron => 1762782643 B
UpdatusUser => 0 B
DefaultAppPool => 0 B
 
RecycleBin => 499882282 B
EmptyTemp: => 2.7 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 14:15:02 ====


#19 satchfan

satchfan

  • Malware Response Team
  • 2,800 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:11 PM

Posted 16 February 2017 - 10:06 AM

That went well but there's more to be done so I'll need another look to see how things are and what's left.

 

Please run FRST again and make sure there is a checkmark next to "Addition.txt" before you hit “Scan”.

 

Logs to include with next post:

 

New Frst.txt

New Addition.txt

 

Thanks

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#20 TimB48

TimB48
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 16 February 2017 - 10:45 AM

Here are files for latest scan.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2017 02
Ran by Ron (16-02-2017 15:41:19)
Running from C:\Users\Ron\Desktop
Windows 10 Pro Version 1511 (X64) (2016-02-04 23:46:39)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2022913626-2766758768-741264458-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2022913626-2766758768-741264458-1002 - Limited - Enabled)
DefaultAccount (S-1-5-21-2022913626-2766758768-741264458-503 - Limited - Disabled)
Guest (S-1-5-21-2022913626-2766758768-741264458-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2022913626-2766758768-741264458-1005 - Limited - Enabled)
Ron (S-1-5-21-2022913626-2766758768-741264458-1000 - Administrator - Enabled) => C:\Users\Ron
UpdatusUser (S-1-5-21-2022913626-2766758768-741264458-1003 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Managed Antivirus Managed Antivirus (Enabled - Up to date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Managed Antivirus Managed Antivirus (Enabled - Up to date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
ABBYY FineReader 10 Professional Edition (HKLM-x32\...\{F1000000-0001-0000-0000-074957833700}) (Version: 10.501.159.70013 - ABBYY)
ABBYY FineReader 11 (HKLM-x32\...\{F11000FE-0010-0000-0000-074957833700}) (Version: 11.11.136 - ABBYY)
ABBYY FineReader 9.0 Professional Edition (HKLM-x32\...\{F9000000-0001-0000-0000-074957833700}) (Version: 9.00.162.55015 - ABBYY)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Advanced Monitoring Agent Network Management (HKLM\...\{F88FE7C0-2B64-405B-9197-25F8BE135460}_is1) (Version: 28.0.0.883 - LogicNow, Ltd.)
Amazon 1Button App (HKLM-x32\...\{B6DCCCD3-520D-4485-B642-FCC136CE12C3}) (Version: 2.3.4 - Amazon) <==== ATTENTION
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Ask Toolbar Updater (HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.5.36191 - Ask.com) <==== ATTENTION
Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon CanoScan 9000F II On-screen Manual (HKLM-x32\...\Canon CanoScan 9000F II On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon iP3500 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3500_series) (Version:  - )
Canon iP3500 series User Registration (HKLM-x32\...\Canon iP3500 series User Registration) (Version:  - )
Canon iP7200 series On-screen Manual (HKLM-x32\...\Canon iP7200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version:  - Canon Inc.)
Canon iP7200 series User Registration (HKLM-x32\...\Canon iP7200 series User Registration) (Version:  - Canon Inc.‎)
Canon iP8700 series On-screen Manual (HKLM-x32\...\Canon iP8700 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon iP8700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP8700_series) (Version:  - Canon Inc.)
Canon iP8700 series User Registration (HKLM-x32\...\Canon iP8700 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.1.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.1.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.3.0 - Canon Inc.)
CanoScan 9000F Mark II Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ9604) (Version:  - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
Creative Audio Pack (HKLM-x32\...\Creative Audio Pack) (Version:  - )
Creative Media Toolbox 6 (HKLM-x32\...\{F1A14CB2-A048-45A6-AFDA-3571296E1D76}) (Version: 6.02 - Creative Technology Limited)
Creative Media Toolbox 6 (Shared Components) (HKLM-x32\...\Uninstaller_B4736000_Creative Media Toolbox 6) (Version: 2.80.12 - Creative Labs)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EVGA Precision X 3.0.3 (HKLM-x32\...\PrecisionX) (Version: 3.0.3 - EVGA Corporation)
GFI LanGuard 11 Agent (x32 Version: 11.4.2015.0130 - GFI Software Ltd) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LG Burning Tool (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.6009 - CyberLink Corp.)
LG Burning Tool (x32 Version: 6.2.6009 - CyberLink Corp.) Hidden
LG CyberLink BD Advisor (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: 2.0.4606 - CyberLink Corp.)
LG CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
LG CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2820 - CyberLink Corp.)
LG CyberLink Media Suite (x32 Version: 8.0.2820 - CyberLink Corp.) Hidden
LG CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1622_37397b - CyberLink Corp.)
LG CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3402 - CyberLink Corp.)
LG CyberLink MediaShow (x32 Version: 4.1.3402 - CyberLink Corp.) Hidden
LG CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3424.52 - CyberLink Corp.)
LG CyberLink PowerDVD (x32 Version: 10.0.3424.52 - CyberLink Corp.) Hidden
LG CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2820a - CyberLink Corp.)
LG CyberLink PowerProducer (x32 Version: 5.0.2.2820a - CyberLink Corp.) Hidden
LG CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3718 - CyberLink Corp.)
LG CyberLink YouCam (x32 Version: 2.0.3718 - CyberLink Corp.) Hidden
LG Tool Kit (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
LightScribe System Software (HKLM-x32\...\{90538B62-F392-4DE1-B886-7B48123866E9}) (Version: 1.18.26.7 - LightScribe)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Managed Antivirus (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 6.2.5528 - GFI Software)
Managed Antivirus (x32 Version: 6.2.5528 - GFI Software) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Business 2016 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\OneDriveSetup.exe) (Version: 17.3.6764.0111 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM-x32\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nero 2016 (HKLM-x32\...\{9AFD4E43-C353-40B8-BDC6-6A80F66FA142}) (Version: 17.0.01500 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2000 - Nero AG)
Nmap 5.51 (HKLM-x32\...\Nmap) (Version:  - )
Nuance PaperPort 14 (HKLM-x32\...\{14CB3B82-FBDC-4462-919E-86147983F09B}) (Version: 14.5.0000 - Nuance Communications, Inc.)
Nuance PDF Create 7 (HKLM\...\{AAA715B7-02F9-4F2D-92C9-80EC63835AA1}) (Version: 7.10.6408 - Nuance Communications, Inc.)
Nuance PDF Create 7 (HKLM-x32\...\{AAA715B7-02F9-4F2D-92C9-80EC63835AA1}) (Version: 7.10.6408 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{FC984E39-43D0-4AB2-ACC7-A7B87977B009}) (Version: 7.20.3274 - Nuance Communications, Inc.)
NVIDIA 3D Vision Controller Driver 320.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.18 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0001 - Nuance Communications, Inc.)
PDF Creator (HKLM\...\PDF Creator) (Version:  - )
PDF Writer Packages (HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\PDF Writer Packages) (Version:  - ) <==== ATTENTION
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Picture Package Music Transfer (HKLM-x32\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.1.00.11270 - Sony Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Prerequisite installer (x32 Version: 17.0.0002 - Nero AG) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Rapport (x32 Version: 3.5.1804.81 - Trusteer) Hidden
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
Scansoft PDF Create (x32 Version:  - ) Hidden
Sony Picture Utility (HKLM-x32\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 3.0.02.12110 - Sony Corporation)
Stashimi Stub Installer (x32 Version: 18.001.1 - Nero AG) Hidden
Suite (x32 Version: 1.00.0000 - CyberLink Corp.) Hidden
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1804.81 - Trusteer)
Ulead Straight-to-Disc SDK (HKLM-x32\...\{07224AA9-2F2F-46A2-9A56-3B7B603B5E6C}) (Version: 3.5 - )
Ultimate Reference Suite (HKLM-x32\...\Ultimate Reference Suite) (Version: 2012.0.0.0 - Encyclopaedia Britannica, Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
USB Sound Blaster HD (HKLM-x32\...\{3BE06146-8ADC-47D7-9AD5-E5CABF1FF90C}) (Version: 1.0 - Creative Technology Limited)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Migration Assistant (HKLM-x32\...\{D8BC400A-9D14-468B-A674-1D76A987AAFC}) (Version: 1.0.1.3 - Apple Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2022913626-2766758768-741264458-1000_Classes\CLSID\{03E88EFD-E7E0-AD3D-5094-B211A02E169B}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02FB6C75-1ECD-4A75-8FEF-A1FA71D55AFB} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe 
Task: {043B149E-2A68-47E3-919C-AFAD2EF791CC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {0AB2B1E4-7D97-4003-A448-DC7197A2C35A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-15] (Piriform Ltd)
Task: {1A9449A9-D24E-438B-90B5-79ACD39D29F4} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {217A115F-E56D-46D8-BA93-8679C3D6CF07} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {279D2E50-AF6F-42CF-B7FB-360CB2506F66} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {28A26D1F-D868-43DC-B393-CEB8346B1BCE} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe 
Task: {2A40B456-4777-40CE-A6C2-990938ACB33B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {2F94F563-8B0B-4070-88EF-AD16CD97AF0B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-14] (Adobe Systems Incorporated)
Task: {309E63AB-C428-4A92-AC23-F38649ECE53F} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-11-23] (Adobe Systems Incorporated)
Task: {30CA5E66-7ED2-4D1A-B71C-EAD2E38B2464} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {36E4D18E-6813-4C63-A3B3-13D28880003A} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {3F244821-98B6-431D-A5BE-6A031CD40497} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {41E14234-D002-4E8D-903A-FF13B8D97C08} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {44F80265-1D24-4C3D-89BC-8DDC8FD31D15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {45E60FA5-1B9B-45C5-8CC1-FA8218D23BFA} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {4BA09583-FC4F-422F-B0F9-F3AC6F3100CC} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {5F2DE7E8-3752-4ED4-8846-6A0EEA8BB52A} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2015-06-04] (Nero AG)
Task: {60522D17-AA4B-44E8-BC98-4D17A83D6DBF} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {683027FD-8A7D-4F41-918F-F3C9A7539899} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {6E4E1EE2-9027-4E29-80F9-3BDFA4EF4BCB} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {8517BF08-06D4-4856-A042-1FDD216FB991} - System32\Tasks\{295FE63D-83AF-4F70-8684-11975BFC9EF5} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exe" -c UNINSTALL /l0x0009
Task: {8EE0E165-8049-4FD9-9E71-39165C0F9AFE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe 
Task: {8FF20BAB-A60A-41AA-BFDA-F468D198F595} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {A21D9072-8368-4339-86A7-86A2142B0C0F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-11-23] (Adobe Systems Incorporated)
Task: {AA166754-F86D-428F-BD49-E23F48464692} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {AABF8971-34A8-45A3-B754-B2C9351D2909} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {B1569056-1190-46A5-9057-D6C89DBA2637} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {B9128E5D-B944-4C22-AED7-F6AC19E9C4B2} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {BB8DB4CD-E36F-4E4C-9663-EC535DF3E631} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {BBB6D74F-92D3-4805-9468-4047270E0DF8} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe 
Task: {C0F585CF-EBE1-496C-848F-4C6E693E9027} - System32\Tasks\QtraxPlayer => "C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe" 3859010362.portal.qtrax.com
Task: {C2FC4D06-DC03-453B-AB7C-D5869E1700EC} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe 
Task: {C57FA6E8-C4CB-4B8C-AE60-21E71A967AE1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {CA953812-973D-4EC6-93B3-5F672B2D01E8} - System32\Tasks\{F8BC2B27-B5EA-44FE-93B2-628451DA0C04} => C:\Program Files (x86)\Pinnacle\MediaCenter\PMC.exe 
Task: {CEF995FE-8FC9-49F5-96DC-5771690B01A4} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe 
Task: {D24E6C8C-5C9C-4EA7-A35B-2BBD8DF0447C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {D765A4E2-F5E6-4B85-AD16-2011129C57DF} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-06-22] (Oracle Corporation)
Task: {D9355858-8F97-4636-AE75-AAF71B5791F8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe 
Task: {E92F428F-97F6-4BA4-BE04-417D489A1B5C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {EEE01588-3C26-4ABA-9E62-AC37F7A5DDC0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {F1D70436-CEB0-4AE3-8098-EF92E1803F85} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe 
Task: {FB548BEB-31F6-487F-8D85-C71FD24EF4CD} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {FD5BA760-0CB7-47E9-BC8C-E3FC3F12FFFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {FDC8FB0F-67D6-4F9A-AD7D-983FE26DE3BB} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 07:18 - 2015-10-30 07:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-02-04 23:23 - 2016-12-29 12:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-05-29 10:21 - 2011-10-04 21:43 - 00087552 _____ () C:\WINDOWS\System32\custmon64i.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-19 13:26 - 2012-03-28 12:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2012-11-08 01:16 - 2009-07-02 14:02 - 00244904 ____R () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2016-11-10 15:12 - 2016-10-25 09:42 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-11-10 15:12 - 2016-10-25 09:42 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-26 16:09 - 2016-12-28 17:03 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-04-19 10:56 - 2016-04-19 10:56 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-05 07:12 - 2016-02-05 07:12 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 16:08 - 2016-07-01 03:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-11-10 15:12 - 2016-10-25 04:49 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-10 15:12 - 2016-10-25 04:44 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-10 15:12 - 2016-10-25 04:45 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-10 15:12 - 2016-10-25 04:48 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-09-17 16:20 - 2013-01-25 10:08 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2014-09-17 16:20 - 2013-01-25 10:06 - 00328704 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2016-12-06 11:13 - 2015-08-03 09:39 - 00292352 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\systray\SysTray.exe
2015-01-30 11:23 - 2015-01-30 11:23 - 00434288 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\11\apistrings.dll
2015-01-30 11:26 - 2015-01-30 11:26 - 00128624 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\11\httpserverattplugin.dll
2015-01-30 11:29 - 2015-04-16 11:31 - 00325744 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\11\patchautodownload.dll
2015-02-03 13:18 - 2015-02-03 13:18 - 00407664 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\11\modlop.dll
2015-01-30 11:30 - 2015-01-30 11:30 - 00241776 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\11\scanmngsys.dll
2015-01-30 11:31 - 2015-01-30 11:31 - 00064624 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\11\schedcompactdb.dll
2015-01-30 11:31 - 2015-01-30 11:31 - 00089200 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\11\schedupdates.dll
2016-04-19 10:56 - 2016-04-19 10:56 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 10:56 - 2016-04-19 10:56 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 17:13 - 2016-09-01 17:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2009-12-15 13:46 - 2009-12-15 13:46 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-12-15 13:49 - 2009-12-15 13:49 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2015-06-02 14:51 - 2015-06-02 14:51 - 00545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2017-02-16 14:26 - 2015-06-26 03:13 - 00184184 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\managedav\Definitions\libBase64.dll
2017-02-16 14:26 - 2015-06-26 03:13 - 00175992 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\managedav\Definitions\libMachoUniv.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:34 - 2017-02-16 14:14 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 212.159.6.10 - 212.159.6.9
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: WRSVC => "C:\Program Files\Webroot\WRSA.exe" -ul
HKLM\...\StartupApproved\Run: => "VX6000"
HKLM\...\StartupApproved\Run32: => "BDRegion"
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKLM\...\StartupApproved\Run32: => "PPort14reminder"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "LGODDFU"
HKLM\...\StartupApproved\Run32: => "LifeCam"
HKLM\...\StartupApproved\Run32: => "UCam_Menu"
HKLM\...\StartupApproved\Run32: => "UpdateP2GoShortCut"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "PDFCreHook"
HKLM\...\StartupApproved\Run32: => "PDFProHook"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "PDF7 Registry Controller"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "SBAMTray"
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\StartupApproved\StartupFolder: => "Picture Motion Browser Media Check Tool.lnk"
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\StartupApproved\Run: => "LightScribe Control Panel"
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\StartupApproved\Run: => "Sidebar"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{9BD4909F-24D9-4C8E-8D22-9CCF47595340}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{20FC35BC-CAF1-47DF-B25C-098A700FF953}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DC9B8AE2-E726-4843-AE9E-FE7060017AC4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3B65B012-B361-4BFC-A2C9-3E3581CDB033}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6D247807-FABE-45E3-B563-0C2AE2A74055}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{3EC7B904-ED40-49A7-8E39-8B313BD4D838}] => (Allow) C:\Users\Ron\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{BE416981-0CE4-4043-8D48-4662C16092E0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D8D583C3-8A15-41FA-B9A7-1A8973DCADBB}] => (Allow) LPort=1900
FirewallRules: [{175A0502-FADE-4AF1-9053-74E1FB89C6D2}] => (Allow) LPort=2869
FirewallRules: [{EB5693F4-0BD1-44E6-AB0A-D634FF951CC8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F957BB7E-3E06-482A-BACF-AE9575168B41}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{B94205CF-B696-4156-BD0A-903DB79FF234}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{2892FF94-4615-4433-8CC2-C0A392113E11}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{4443AD46-DCB2-492F-B420-A036629E07A6}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{3B3B7B83-20C9-4AA8-82C3-ABA6A9EB308A}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{8FA26414-EAB2-4325-875E-9FBF58055B82}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{D8BBB845-CC30-4B49-B97A-AA2634D15BC0}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{B7AA72A0-ED38-42EE-8956-A6EB3779FB30}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{F5BB2328-8F45-4F39-9166-6B4EEF34BF6D}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{BC4553C3-41F0-4FA9-9ACE-FEA7E09F0D73}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{79D97064-E7AB-4A3C-8D68-AFE2A34C5231}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{0C411C81-A177-42B7-94FE-32EB8D8E1286}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{02E33348-AD4F-44F0-B75C-D79C26C84F2D}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{315CBF37-EC0E-4BF8-B6A6-9C3A02AC177D}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{8FE99C76-8EE9-4FF1-85E4-4282374CCD54}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{610F2580-9C4D-40A2-ABBF-2EAEF78F25FA}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{69F8F007-AC78-4C1F-853A-C9C852C69491}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{A0529077-12AC-477A-8C21-E7C92EDAAB22}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{5C530356-5B37-48E3-8636-6E109C0F337D}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{E324B950-A95E-4EDA-9226-2F817F536269}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{FDB9ACE5-9DD5-40D8-AA48-3A88C879DAB3}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{F0486B44-8228-4382-9C3D-B880221191E7}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{92F49293-F980-402A-B044-64EEC7DE5BB6}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{DB58C52C-0DDB-4D69-B120-42AB1D1BDED4}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{DC6DBC9A-59E4-4639-87EF-E1760896CB4F}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{6FD1A278-6190-48A1-94B7-D7B77B168A40}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{6384B0EB-9D50-47E0-A999-7B0B542705B9}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{725DBE58-1498-41CA-8A07-85EEAE37A333}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{89B07B68-8936-44B4-AD55-7658A71FC386}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{5EDFC566-8163-4FC0-BA23-A83DDE7B43DE}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{4AD9BFF6-25C1-4D46-AE17-9C1E58352EFE}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{2D5C5976-C29E-4E44-973C-539F75C64929}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{ED15F2BC-ADDD-414F-8C18-7634BBC5E740}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{5F6DDE4C-0003-4262-A6BB-1478B1B13BDE}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{ABD0193D-E97B-4040-A89E-7F570F9F36B5}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{870A4AE2-43BD-4AD2-B578-F0AF541189C8}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{875AD864-2061-443D-801E-5C05C501B47A}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{415F67D1-3A06-4A49-8C47-E14CEB86E684}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{83ECD8B1-92E3-4A44-8907-726AE755F3D3}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{A910B961-DCAD-4309-B75D-BA2E99CD8680}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{BD1E2314-6988-43AE-A436-978B0ED9260E}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{144A064E-F596-4F8B-BF78-552B5CABC596}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{3F9CC656-7B5D-44C2-B0CC-E2F578692ABA}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{6E94D564-AF2F-43BB-B18F-4368918964E8}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{0A4B9F03-AFB0-4634-B3C3-0927371A9279}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{10D1E358-3505-47BD-81F3-28ABA17C934E}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{1D74395D-C7E4-4344-97DF-09713A368389}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{9BF3AA74-29E7-46B7-A07C-5884C0795A22}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{FAF947DA-FA60-4677-B8A4-2C6FABC52134}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{03F1D274-A2F7-4A9D-8D51-7488DAE1969A}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{15B2C5FD-0684-45D3-9F15-3B5A8256AE84}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{5AFB9D2E-8463-487F-B42C-A42C4897E8A2}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{AC3D92E9-5DC2-4205-93C6-BB0FC16940DB}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{7F0E26E7-7E70-4656-91BC-B58DC1DCDA72}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{98B80692-5113-416D-949F-F3F672618A54}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{2F23CCC6-752C-4D8E-8C8F-D2804F28B588}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{E5A7EC4C-975A-4A54-BE8C-EAAFFB0C63E1}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{102EFEA1-9DE0-4911-ACDE-376A4FD41B9B}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{44F5D863-4B63-47EB-9DED-591D2E348B1C}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{F95A99BE-CAB1-47D8-B757-B43001D63E99}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{FDA876D0-30EB-4075-A24B-F774BB812EA1}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{24C7AEA6-1C8B-4FC9-8FFD-257AD1C3CECD}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{AB9CCF25-41B8-4519-897B-3BD190DB7603}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{4919359F-D487-457A-9901-29D1F63F816C}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{0BB1FF51-D853-4C79-B0A5-20806C76314C}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{3DADD89B-6589-42DD-B649-956B88391A22}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{22444B0E-C248-45B7-8FB0-019851D9939F}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{DF7BD435-F792-4208-A8EE-254E1A765E12}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{09F0AFA2-3E5C-4391-98A7-C6C6FA47C24C}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{0D12E8F6-92E0-4198-B0AB-D1721ABE1DFF}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{47FC12F9-61FC-4D80-B12F-136199693BE2}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{89746B22-BDB3-4716-B345-1BE13057FFDF}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{02A7D1B8-2F35-4B3E-AE04-9D6C03F8D815}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{53F51C3D-44D1-45E2-A845-A1720849657E}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{84061E6A-2384-4528-89B6-FF3782E5E772}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{6E6A6B21-ABE7-4224-8557-DBC1474D4C70}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{2FE591A5-7CB1-49F7-9579-2824332C5348}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{22A3C879-BC59-4666-83F1-7808C96F9EF8}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{F8289EC6-A62B-4ADE-9F72-9B9998B9935B}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{F4F1EEC7-921D-49DF-881E-D03884682403}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{B0C89A03-1A45-4A7C-B74B-FCDD30F93AC1}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{FD9CA79E-5264-47CD-917D-F3404ECB250D}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{3B1481AE-0E70-422E-AA5F-2ED063537FCD}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{908264EC-87F2-4B77-8925-D7EB27CFBBCA}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{030B5439-52B9-4524-9D51-EB651CAEECE3}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{445DF67C-6E08-4A14-A2AF-4FC3C7A0450B}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{4B4CFEC6-6EEA-4FE0-BB8B-B15C2D8A0195}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{C481DE85-FE7A-4F5A-B4E9-14EB0E446310}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{531917A9-C251-4254-B7EF-FEE7EEFD6B91}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{37B784AF-CE46-4936-B498-4537434FC148}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{BB4846C5-8ED8-4CD5-BD80-6A255E014046}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{3D469F8A-4AB0-42BD-879B-E75C129E23D9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{A5F003D9-946A-4C3A-AC26-37E5B24EB9A0}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{7978713E-1E2A-4819-A564-6CBEFECA2728}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{E85D831B-454E-4AF8-A56E-8FB604D44683}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{18855A1B-1FAC-4E47-A455-671C131F5719}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{910109BB-D859-4850-B98D-33E6CA5595BE}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{BE33889E-476C-40A7-BBAC-969309DC26B7}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{36582B7E-F387-4B63-A8A8-964044E30756}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{21633CA8-0ED4-407A-BECE-4EB8517FF1ED}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{37AC8EDE-EA5C-4B0D-A7D0-97E93D3F6FC8}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Windows Migration Assistant\MigrationAssistant.exe
FirewallRules: [{B5DAB2F9-58C2-40BD-96DB-0B87B008511E}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Windows Migration Assistant\MigrationAssistant.exe
FirewallRules: [{DAF8E89B-D802-406E-960A-EC42D91862A9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{B9CD4850-F020-499D-BFB7-4CD01235FCCB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{4F2BDCF0-7014-4AEA-B6CE-9AF999379DFD}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\StartNBR.exe
FirewallRules: [{62FC7A3C-47D1-4A40-830B-DFFA5692FA82}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{62C9366D-7C1E-498A-A1A5-A7FF6BFF32CA}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\nero.exe
FirewallRules: [{84829FE3-3CE6-42D9-91CD-EB5E60EFCF38}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E774B5D9-8750-453E-B3AD-F5434FE4B436}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8874E9E9-960D-4A59-AEC0-58C00FA45913}] => (Allow) C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBAMSvc.exe
FirewallRules: [{A5C335B8-EFE7-4028-A7C9-63B04B3EC118}] => (Allow) C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBAMSvc.exe
FirewallRules: [{5FCB56DF-1B13-4A74-9ECC-2C94005BE00C}] => (Allow) C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBAMSvc.exe
FirewallRules: [{00A54356-CD78-4F71-AE3B-DA0513455673}] => (Allow) C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBAMSvc.exe
FirewallRules: [{146486EA-1F7E-4BDC-BA18-DDE01F0B53CF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1E682495-DCF9-4F24-814E-3C3EE3DED619}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B56A9F86-B30E-471B-9C68-9BA42AE27522}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8861745E-1460-4356-A2E4-9C6D4B63F484}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{999BB1F1-8913-44C7-9E08-EABC1B6066E0}] => (Allow) C:\Program Files\Advanced Monitoring Agent Network Management\NetworkManagement.exe
FirewallRules: [{036FDFC3-D1CC-4BB5-B397-FA027FC49F3F}] => (Allow) C:\Program Files\Advanced Monitoring Agent Network Management\NetworkManagement.exe
 
==================== Restore Points =========================
 
30-01-2017 13:50:12 Scheduled Checkpoint
07-02-2017 12:23:38 Installed Rapport
14-02-2017 12:42:01 Scheduled Checkpoint
15-02-2017 11:38:43 Revo Uninstaller's restore point - Advanced Monitoring Agent Network Management
15-02-2017 11:46:56 Revo Uninstaller's restore point - Adobe Photoshop CS5.1
15-02-2017 11:57:24 Revo Uninstaller's restore point - Ask Toolbar Updater
15-02-2017 11:59:03 Revo Uninstaller's restore point - Java 8 Update 111
15-02-2017 11:59:28 Removed Java 8 Update 111
15-02-2017 12:00:51 Revo Uninstaller's restore point - Java 8 Update 91
15-02-2017 12:09:29 Revo Uninstaller's restore point - Managed Antivirus
15-02-2017 12:10:15 Removed Managed Antivirus.
15-02-2017 12:13:15 Revo Uninstaller's restore point - PDF Writer Packages
15-02-2017 12:14:37 Revo Uninstaller's restore point - VideoPlayer v2.0.6
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/16/2017 02:49:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\Ron\PaperPort\CheckPPFolders.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_ea83eaa5b9bc2149.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest.
 
Error: (02/16/2017 02:38:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RONSNO2)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/16/2017 02:12:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RONSNO2)
Description: Activation of app Microsoft.MicrosoftEdge_25.10586.672.0_neutral__8wekyb3d8bbwe:MicrosoftEdge.AppX9zvsr9qeth9e9a03yr0g7rpdrcrwgn5r.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/16/2017 02:11:48 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe" ; Description = Revo Uninstaller's restore point - TeamViewer 12; Error = 0x8007043c).
 
Error: (02/16/2017 02:10:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RONSNO2)
Description: Activation of app Microsoft.MicrosoftEdge_25.10586.672.0_neutral__8wekyb3d8bbwe:MicrosoftEdge.AppX9zvsr9qeth9e9a03yr0g7rpdrcrwgn5r.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/16/2017 01:59:56 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe" ; Description = Revo Uninstaller's restore point - Managed Antivirus; Error = 0x8007043c).
 
Error: (02/16/2017 01:58:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RONSNO2)
Description: Activation of app Microsoft.MicrosoftEdge_25.10586.672.0_neutral__8wekyb3d8bbwe:MicrosoftEdge.AppX9zvsr9qeth9e9a03yr0g7rpdrcrwgn5r.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/16/2017 01:47:54 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1714.The older version of Adobe Refresh Manager cannot be removed.  Contact your technical support group.  System Error 1612.
 
Error: (02/16/2017 01:46:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CNQMMAIN.EXE version 2.3.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 2364
 
Start Time: 01d2885a89c7ecba
 
Termination Time: 39
 
Application Path: C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
 
Report Id: e8b47dc7-f44d-11e6-b0d9-902b3430969c
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (02/15/2017 04:14:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RONSNO2)
Description: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (02/16/2017 02:44:13 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Managed Antivirus service hung on starting.
 
Error: (02/16/2017 02:39:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (02/16/2017 02:38:06 PM) (Source: DCOM) (EventID: 10010) (User: RONSNO2)
Description: The server microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.
 
Error: (02/16/2017 02:38:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_1f709 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (02/16/2017 02:38:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_1f709 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (02/16/2017 02:38:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_1f709 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (02/16/2017 02:38:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_1f709 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (02/16/2017 02:19:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Managed Antivirus service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (02/16/2017 02:16:20 PM) (Source: DCOM) (EventID: 10016) (User: RONSNO2)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
 and APPID 
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
 to the user RonsNo2\Ron SID (S-1-5-21-2022913626-2766758768-741264458-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/16/2017 02:16:20 PM) (Source: DCOM) (EventID: 10016) (User: RONSNO2)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
 and APPID 
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
 to the user RonsNo2\Ron SID (S-1-5-21-2022913626-2766758768-741264458-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2017-02-15 14:37:49.694
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-15 12:14:38.015
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-15 12:14:37.997
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-15 12:14:37.980
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-15 12:14:32.017
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-15 12:14:32.001
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-15 12:14:31.955
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-31 04:20:39.636
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-31 03:42:29.716
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-30 16:06:55.438
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 21%
Total physical RAM: 16346.09 MB
Available physical RAM: 12750.52 MB
Total Virtual: 32730.09 MB
Available Virtual: 28813.35 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:930.97 GB) (Free:812.08 GB) NTFS
Drive f: (Second Drive) (Fixed) (Total:232.88 GB) (Free:158.66 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: FA85FEBC)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6D9E0F84)
Partition 1: (Active) - (Size=84 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
 
==================== End of Addition.txt ============================
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-02-2017 02
Ran by Ron (administrator) on RONSNO2 (16-02-2017 15:40:03)
Running from C:\Users\Ron\Desktop
Loaded Profiles: Ron & UpdatusUser (Available Profiles: Ron & UpdatusUser & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(ABBYY (BIT Software)) C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
(GFI Software Development Ltd.) C:\Program Files (x86)\Advanced Monitoring Agent\patchman\11\lnssatt.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(ABBYY) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Remote Monitoring) C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe
(Microsoft Corporation) C:\WINDOWS\System32\mqsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Nuance Communications, Inc.) C:\Users\Ron\PaperPort\PDFProFiltSrvPP.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(VIA Technologies, Inc.) C:\WINDOWS\System32\ViakaraokeSrv.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ABBYY) C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\USB Sound Blaster HD\Volume Panel\VolPanlu.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
() C:\Program Files (x86)\Advanced Monitoring Agent\systray\SysTray.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBAMSvc.exe
(CANON INC.) C:\Program Files (x86)\Canon\My Image Garden\cnmigmain.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Managed Antivirus) C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBAMTray.exe
(LogicNow Ltd) C:\Program Files\Advanced Monitoring Agent Network Management\NetworkManagement.exe
(Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-12-15] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-09-28] (cyberlink)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-11-08] (Bitleader)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [Bonus.SSR.FR11] => C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [1348176 2012-09-17] (ABBYY)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\USB Sound Blaster HD\Volume Panel\VolPanlu.exe [241757 2010-12-08] (Creative Technology Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Users\Ron\PaperPort\pptd40nt.exe [36168 2013-05-14] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Users\Ron\PaperPort\IndexSearch.exe [18248 2013-05-14] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort14reminder] => "C:\Users\Ron\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\14\Config\Ereg\Ereg.ini"
HKLM-x32\...\Run: [PDFProHook] => C:\Users\Ron\PDFViewer\pdfpro7hook.exe [641864 2013-03-20] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFCreHook] => C:\Users\Ron\PDFCreate\pdfcreate7hook.exe [605512 2013-03-26] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF7 Registry Controller] => C:\Users\Ron\PDFCreate\RegistryController.exe [140616 2013-03-26] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Scheduling Agent] => C:\Program Files (x86)\Creative\MediaToolbox6\Manage Recording Schedule\MTScdAgt.exe [1730086 2007-04-12] (Creative Technology Ltd)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282632 2013-07-23] (CANON INC.)
HKLM-x32\...\Run: [AdvancedMonitoringSysTray] => C:\Program Files (x86)\Advanced Monitoring Agent\systray\Launcher.exe [292352 2015-08-03] ()
HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBAMTray.exe [3232152 2013-05-28] (Managed Antivirus)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2012-07-02] (Hewlett-Packard Company)
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1084688 2016-04-21] (Apple Inc.)
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2012-07-02] (Hewlett-Packard Company)
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk [2016-12-05]
ShortcutTarget: Picture Motion Browser Media Check Tool.lnk -> C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-12-05]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 212.159.6.10 212.159.6.9
Tcpip\..\Interfaces\{b13c0eed-3d81-4b48-9724-2530b5c23389}: [DhcpNameServer] 212.159.6.10 212.159.6.9
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.zen.co.uk/
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Users\Ron\PDFViewer\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation)
BHO-x32: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Users\Ron\PDFCreate\Bin\ZeonIEFavClient.dll [2011-03-25] (Zeon Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Users\Ron\PDFCreate\Bin\ZeonIEFavClient.dll [2011-03-25] (Zeon Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-2022913626-2766758768-741264458-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
DPF: HKLM-x32 {34DC66DB-E913-40A1-A2DD-53A1B9E90CAC} hxxps://col0-sec.mail.live.com/mail/resources/MailMigrationTool.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
 
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-2022913626-2766758768-741264458-1000 -> hxxp://www.google.co.uk/
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-08-28] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Users\Ron\PDFViewer\bin\nppdf.dll [2011-07-15] (Zeon Corporation)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> amazon.co.uk/gp/bit/amazonserp/?ie=UTF8__PARAM__
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default [2017-02-16]
CHR Extension: (Adobe Acrobat) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-27]
CHR Extension: (AdBlock) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-27]
CHR Extension: (Chrome Media Router) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-09]
CHR HKU\S-1-5-21-2022913626-2766758768-741264458-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2022913626-2766758768-741264458-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [meagncggdmaklghgpmpljnedbdoepioa] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jlceijfdfeghdhmmbhbcffanmcggoojf] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Professional.10.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [814344 2009-12-22] (ABBYY)
R2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [821840 2012-07-19] (ABBYY)
R2 ABBYY.Licensing.FineReader.Professional.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [759072 2008-10-27] (ABBYY (BIT Software))
R2 Advanced Monitoring Agent; C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe [8833536 2016-08-29] (Remote Monitoring)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-09-18] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-09-17] (Creative Labs) [File not signed]
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2014-09-18] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 gfi_lanss11_attservice; C:\Program Files (x86)\Advanced Monitoring Agent\patchman\11\lnssatt.exe [167024 2015-01-30] (GFI Software Development Ltd.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2012-06-27] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NetworkManagement; C:\Program Files\Advanced Monitoring Agent Network Management\NetworkManagement.exe [281240 2016-09-07] (LogicNow Ltd)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 PDFProFiltSrvPP; C:\Users\Ron\PaperPort\PDFProFiltSrvPP.exe [77640 2013-05-14] (Nuance Communications, Inc.)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2401264 2017-01-22] (IBM Corp.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] () [File not signed]
R2 SBAMSvc; C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBAMSvc.exe [3681016 2013-05-28] (ThreatTrack Security, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2005-01-31] (Ulead Systems, Inc.) [File not signed]
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ComproHID; C:\WINDOWS\System32\DRIVERS\ComproHID64.sys [9088 2007-10-01] (Compro Tech., Inc.)
S3 ComproHID; C:\Windows\SysWOW64\DRIVERS\ComproHID64.sys [9088 2007-10-01] (Compro Tech., Inc.)
S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [40584 2015-08-27] (ThreatTrack Security)
R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [14456 2017-02-10] (GFI Software)
S3 gfiutil; C:\WINDOWS\System32\drivers\gfiutil.sys [32400 2016-03-04] (ThreatTrack Security)
R3 ksaud; C:\WINDOWS\system32\drivers\ksaud.sys [1558528 2013-03-26] (Creative Technology Ltd.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-02-16] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [380872 2017-01-22] (IBM Corp.)
R1 RapportCerberus_1804047; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1804047.sys [1264776 2017-02-07] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [580648 2017-01-22] (IBM Corp.)
R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [250728 2017-01-22] (IBM Corp.)
S3 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [504456 2017-01-22] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [603464 2017-01-22] (IBM Corp.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-16 14:52 - 2017-02-16 15:02 - 00000000 ____D C:\ProgramData\AdvancedMonitoringAgentNetworkManagement
2017-02-16 14:52 - 2017-02-16 14:52 - 00000000 ____D C:\Program Files\Advanced Monitoring Agent Network Management
2017-02-16 14:47 - 2017-02-16 14:47 - 00000000 ____D C:\Users\Ron\AppData\Local\TeamViewer
2017-02-16 14:44 - 2017-02-16 15:23 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-02-16 14:44 - 2017-02-16 14:44 - 00001112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-02-16 14:44 - 2017-02-16 14:44 - 00001100 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-02-16 14:40 - 2017-02-16 14:40 - 00000000 ___HD C:\OneDriveTemp
2017-02-16 14:36 - 2017-02-16 14:48 - 00000000 ____D C:\Users\Ron\AppData\Roaming\TeamViewer
2017-02-16 14:34 - 2017-02-16 14:34 - 00000000 ____D C:\Teamviewer
2017-02-16 14:24 - 2017-02-16 14:24 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Managed Antivirus
2017-02-16 14:24 - 2017-02-16 14:24 - 00000000 ____D C:\ProgramData\Managed Antivirus
2017-02-16 13:58 - 2017-02-16 14:09 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-02-16 13:57 - 2017-02-16 14:12 - 00341430 _____ C:\WINDOWS\ntbtlog.txt
2017-02-15 14:48 - 2017-02-15 14:48 - 02376109 _____ C:\Users\Ron\Downloads\TeamViewer12-Manual-Remote-Control-en.pdf
2017-02-15 14:45 - 2016-03-04 11:26 - 00032400 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiutil.sys
2017-02-15 14:45 - 2015-08-27 07:31 - 00040584 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiark.sys
2017-02-15 14:25 - 2017-02-15 14:25 - 00062301 _____ C:\Users\Ron\Desktop\Addition.txt
2017-02-15 14:24 - 2017-02-16 15:40 - 00032771 _____ C:\Users\Ron\Desktop\FRST.txt
2017-02-15 12:19 - 2017-02-16 14:15 - 00023782 _____ C:\Users\Ron\Desktop\Fixlog.txt
2017-02-15 12:19 - 2017-02-16 14:13 - 00000000 ____D C:\Users\Ron\Desktop\FRST-OlderVersion
2017-02-15 11:36 - 2017-02-15 11:36 - 00001079 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-02-15 11:36 - 2017-02-15 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-02-15 11:36 - 2017-02-15 11:36 - 00000000 ____D C:\Program Files\VS Revo Group
2017-02-15 11:26 - 2017-02-15 11:36 - 07097928 _____ (VS Revo Group ) C:\Users\Ron\Desktop\revosetup.exe
2017-02-13 15:39 - 2017-02-16 15:40 - 00000000 ____D C:\FRST
2017-02-13 12:35 - 2017-02-13 12:35 - 00480194 _____ C:\Users\Ron\Documents\Emailing_ Ron Green_jpg.eml
2017-02-13 12:00 - 2017-02-16 14:13 - 02422272 _____ (Farbar) C:\Users\Ron\Desktop\FRST64.exe
2017-02-09 17:05 - 2017-02-09 17:06 - 04188767 _____ C:\Users\Ron\Downloads\yeeveo.webm
2017-02-09 17:05 - 2017-02-09 17:05 - 04188767 _____ C:\Users\Ron\Downloads\aya6ds.webm
2017-02-09 17:05 - 2017-02-09 17:05 - 04151468 _____ C:\Users\Ron\Downloads\9spmmi.webm
2017-02-09 17:05 - 2017-02-09 17:05 - 04130886 _____ C:\Users\Ron\Downloads\s9q2ta.webm
2017-02-09 16:37 - 2017-02-15 16:14 - 00000000 ____D C:\Users\Ron\AppData\Local\CrashDumps
2017-02-09 15:52 - 2016-12-29 12:43 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-09 15:51 - 2017-02-09 15:51 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-09 15:51 - 2016-12-29 13:06 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-09 15:51 - 2016-12-29 12:44 - 00546752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-02-09 15:51 - 2016-12-29 12:44 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-02-09 15:51 - 2016-09-09 18:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-09 15:51 - 2016-09-09 18:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-09 15:51 - 2016-09-09 18:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-09 15:51 - 2016-09-09 18:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-09 15:50 - 2017-02-09 15:52 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-02 15:29 - 2017-02-02 15:29 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-02-02 15:29 - 2017-02-02 15:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-02-02 15:28 - 2017-02-02 15:29 - 00000000 ____D C:\Program Files\iTunes
2017-02-02 15:28 - 2017-02-02 15:28 - 00000000 ____D C:\Program Files\iPod
2017-02-02 15:23 - 2017-02-02 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-01-30 15:44 - 2016-12-21 09:01 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-30 15:44 - 2016-12-21 09:01 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-01-30 15:44 - 2016-12-21 08:25 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-01-30 15:44 - 2016-12-21 07:18 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-01-30 15:44 - 2016-12-21 06:56 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-01-30 15:44 - 2016-12-21 05:41 - 04895744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-01-30 15:44 - 2016-12-21 05:39 - 22373376 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-30 15:44 - 2016-12-21 05:15 - 07839232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-30 15:44 - 2016-12-21 05:06 - 03663872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-01-30 15:44 - 2016-12-21 05:03 - 18671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-30 15:44 - 2016-12-21 04:48 - 05658624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-30 15:44 - 2016-10-25 06:55 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-01-17 12:19 - 2017-01-17 12:19 - 00537031 _____ C:\Users\Ron\Documents\IMG_20170117_0002.pdf
2017-01-17 11:56 - 2017-01-17 11:56 - 00542831 _____ C:\Users\Ron\Documents\IMG_20170117_0001.pdf
2017-01-17 11:53 - 2017-01-17 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CanoScan 9000F Mark II
2017-01-17 11:53 - 2017-01-17 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon CanoScan 9000F Mark II Manual
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-16 15:22 - 2016-12-06 10:33 - 00000000 ____D C:\Program Files (x86)\Advanced Monitoring Agent
2017-02-16 14:55 - 2013-09-21 08:34 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-16 14:52 - 2016-01-29 11:02 - 00000000 ____D C:\Users\Ron\Documents\Outlook Files
2017-02-16 14:40 - 2016-03-22 15:40 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-16 14:40 - 2016-01-29 12:04 - 00000000 ___RD C:\Users\Ron\iCloudDrive
2017-02-16 14:40 - 2016-01-28 15:11 - 00000000 ___RD C:\Users\Ron\OneDrive
2017-02-16 14:39 - 2016-02-04 23:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-16 14:39 - 2016-02-04 23:38 - 00142832 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_38F51D56.sys
2017-02-16 14:39 - 2016-02-04 23:23 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-16 14:39 - 2016-02-04 23:18 - 04916808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-16 14:38 - 2015-10-30 06:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2017-02-16 14:27 - 2016-12-06 14:08 - 00000000 ____D C:\WINDOWS\Patches
2017-02-16 14:14 - 2013-11-18 15:00 - 00000000 ____D C:\Users\Ron\AppData\LocalLow\Temp
2017-02-16 13:54 - 2015-10-30 07:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-16 13:54 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-16 13:49 - 2014-07-16 23:23 - 00004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6B609F37-7F1E-472C-A515-E682AE2180A1}
2017-02-15 16:22 - 2016-12-06 10:19 - 00000000 ____D C:\Users\Ron\AppData\LocalLow\Adblock Plus for IE
2017-02-15 12:11 - 2014-07-21 03:40 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Sunbelt
2017-02-15 12:09 - 2014-10-15 12:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-15 12:00 - 2012-09-14 10:25 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-15 11:57 - 2012-09-12 21:17 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Adobe
2017-02-15 11:55 - 2012-09-12 20:12 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-02-15 11:55 - 2012-09-12 13:58 - 00000000 ____D C:\ProgramData\Adobe
2017-02-15 11:20 - 2014-06-25 13:09 - 00000000 ____D C:\Users\Ron\AppData\Local\Adobe
2017-02-14 12:55 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-14 12:55 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-13 15:41 - 2016-02-04 23:26 - 01026508 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-13 15:41 - 2015-10-30 07:21 - 00000000 ____D C:\WINDOWS\INF
2017-02-13 15:29 - 2016-05-26 14:45 - 00000000 ____D C:\Users\Ron\AppData\Roaming\.oit
2017-02-13 15:28 - 2016-05-26 14:44 - 00000000 ____D C:\ProgramData\Nuance
2017-02-13 15:27 - 2012-11-08 00:50 - 00000000 ____D C:\ProgramData\Temp
2017-02-10 16:38 - 2016-12-06 10:34 - 00014456 _____ (GFI Software) C:\WINDOWS\system32\Drivers\gfibto.sys
2017-02-09 16:35 - 2013-05-23 10:49 - 00000000 ____D C:\Users\Ron\Documents\ALL SERIAL NUMBERS
2017-02-09 15:52 - 2016-02-04 23:23 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-09 15:52 - 2016-02-04 23:22 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-09 15:52 - 2012-09-14 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-09 15:51 - 2016-02-04 23:22 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-09 14:44 - 2016-02-04 23:26 - 00000000 ____D C:\Users\UpdatusUser
2017-02-09 14:34 - 2016-02-07 12:17 - 00002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-09 14:34 - 2012-09-12 20:13 - 00002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 16:34 - 2016-02-04 23:26 - 00000000 ____D C:\Users\Ron
2017-02-07 12:29 - 2016-02-05 16:02 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-07 12:24 - 2013-08-31 08:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2017-02-07 11:49 - 2016-12-06 14:04 - 00003270 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-07 11:49 - 2016-02-04 23:52 - 00002394 _____ C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-05 17:38 - 2012-12-19 13:26 - 00000000 ____D C:\ProgramData\CanonIJPLM
2017-02-02 16:09 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\rescache
2017-02-02 15:28 - 2016-01-29 11:54 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-02-01 15:56 - 2013-11-02 14:49 - 00000000 ____D C:\SoloApp
2017-01-31 03:32 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-30 15:51 - 2015-10-30 07:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-30 15:51 - 2013-08-17 08:27 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-30 15:48 - 2012-09-12 18:39 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-30 15:18 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-22 19:09 - 2015-06-12 20:59 - 00250728 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2017-01-22 19:09 - 2012-11-12 14:32 - 00504456 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2017-01-20 14:44 - 2015-11-09 15:37 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-17 11:57 - 2016-07-10 15:59 - 00000000 ___HD C:\ProgramData\CanonIJMIG
2017-01-17 11:55 - 2015-10-30 07:24 - 00000000 __RSD C:\WINDOWS\Media
2017-01-17 11:55 - 2015-10-04 14:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2017-01-17 11:55 - 2012-12-19 13:20 - 00000000 ____D C:\Program Files (x86)\Canon
2017-01-17 11:53 - 2016-03-17 10:00 - 00002451 _____ C:\Users\Public\Desktop\Canon CanoScan 9000F II On-screen Manual.lnk
2017-01-17 11:10 - 2015-10-30 07:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-17 11:08 - 2012-09-12 13:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-17 11:03 - 2015-02-03 16:09 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
 
==================== Files in the root of some directories =======
 
2013-01-01 18:29 - 2014-10-17 12:38 - 0000132 _____ () C:\Users\Ron\AppData\Roaming\Adobe BMP Format CS5 Prefs
2012-09-18 13:47 - 2012-09-18 13:49 - 0000132 _____ () C:\Users\Ron\AppData\Roaming\Adobe GIF Format CS5 Prefs
2014-09-18 15:01 - 2016-06-16 14:49 - 0002268 _____ () C:\Users\Ron\AppData\Roaming\MTScdAgt.dat
2013-07-28 16:21 - 2014-05-30 22:13 - 0000138 _____ () C:\Users\Ron\AppData\Roaming\WB.CFG
2013-06-17 14:21 - 2013-11-02 14:38 - 0000006 _____ () C:\Users\Ron\AppData\Roaming\WBPU-TTL.DAT
2013-07-24 13:38 - 2013-07-24 13:38 - 145394418 _____ () C:\Users\Ron\AppData\Local\ACCCx189.zip.aamdownload
2013-07-24 13:38 - 2013-07-24 13:38 - 0001811 _____ () C:\Users\Ron\AppData\Local\ACCCx189.zip.aamdownload.aamd
2014-05-01 11:53 - 2014-05-01 11:53 - 169928142 _____ () C:\Users\Ron\AppData\Local\ACCCx2_5_1_369.2.zip.aamdownload
2014-05-01 11:53 - 2014-05-01 11:53 - 0002071 _____ () C:\Users\Ron\AppData\Local\ACCCx2_5_1_369.2.zip.aamdownload.aamd
2013-01-02 22:37 - 2014-10-17 11:19 - 0010752 _____ () C:\Users\Ron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-12 13:57 - 2012-09-12 13:57 - 0000091 _____ () C:\Users\Ron\AppData\Local\fusioncache.dat
2014-09-17 16:19 - 2009-11-17 07:54 - 0002844 _____ () C:\ProgramData\CfSB1240.ini
2014-09-17 16:19 - 2013-03-26 04:54 - 0002844 _____ () C:\ProgramData\CfSB1240A.ini
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-13 12:39
 
==================== End of FRST.txt ============================


#21 satchfan

satchfan

  • Malware Response Team
  • 2,800 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:11 PM

Posted 16 February 2017 - 05:55 PM

Sorry not to have got back sooner but I've been a bit busier than usual today.

 

I'll check the logs as soon as I can and get back to you.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#22 TimB48

TimB48
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 17 February 2017 - 04:48 AM

OK. Thanks.



#23 satchfan

satchfan

  • Malware Response Team
  • 2,800 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:11 PM

Posted 17 February 2017 - 05:13 AM

There are a lot of entries that still need to be dealt with but first these programs are still installed and need to be removed:

Advanced Monitoring Agent Network Management
Amazon 1Button App
Ask Toolbar Updater
GFI LanGuard 11 Agent
Managed Antivirus
PDF Writer Packages


Before trying to uninstall them, a couple of them are ‘hidden’ and so we’ll have to ‘unhide’ them.

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

CloseProcesses:
Advanced Monitoring Agent Network Management (HKLM\...\{F88FE7C0-2B64-405B-9197-25F8BE135460}_is1) (Version: 28.0.0.883 - LogicNow, Ltd.)
Amazon 1Button App (HKLM-x32\...\{B6DCCCD3-520D-4485-B642-FCC136CE12C3}) (Version: 2.3.4 - Amazon) <==== ATTENTION
Ask Toolbar Updater (HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.5.36191 - Ask.com) <==== ATTENTION
GFI LanGuard 11 Agent (x32 Version: 11.4.2015.0130 - GFI Software Ltd) Hidden
Managed Antivirus (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 6.2.5528 - GFI Software)
Managed Antivirus (x32 Version: 6.2.5528 - GFI Software) Hidden
PDF Writer Packages (HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\PDF Writer Packages) (Version:  - ) <==== ATTENTION
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

When you’ve done that, please use RevoUninstaller to remove these programs, (in safe mode if necessary):

Advanced Monitoring Agent Network Management
Amazon 1Button App
Ask Toolbar Updater
GFI LanGuard 11 Agent
Managed Antivirus
PDF Writer Packages


Then please run FRST again and make sure there is a checkmark next to ‘Addition.txt’ again before you hit ‘Scan’.

Please post both new logs and let me know if you had any problems uninstalling the programs.

Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#24 TimB48

TimB48
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 17 February 2017 - 09:27 AM

Result for FRST.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-02-2017 02
Ran by Ron (17-02-2017 14:05:06) Run:3
Running from C:\Users\Ron\Desktop
Loaded Profiles: Ron & UpdatusUser (Available Profiles: Ron & UpdatusUser & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
Advanced Monitoring Agent Network Management (HKLM\...\{F88FE7C0-2B64-405B-9197-25F8BE135460}_is1) (Version: 28.0.0.883 - LogicNow, Ltd.)
Amazon 1Button App (HKLM-x32\...\{B6DCCCD3-520D-4485-B642-FCC136CE12C3}) (Version: 2.3.4 - Amazon) <==== ATTENTION
Ask Toolbar Updater (HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.5.36191 - Ask.com) <==== ATTENTION
GFI LanGuard 11 Agent (x32 Version: 11.4.2015.0130 - GFI Software Ltd) Hidden
Managed Antivirus (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 6.2.5528 - GFI Software)
Managed Antivirus (x32 Version: 6.2.5528 - GFI Software) Hidden
PDF Writer Packages (HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\PDF Writer Packages) (Version:  - ) <==== ATTENTION
EmptyTemp:
*****************
 
Processes closed successfully.
Advanced Monitoring Agent Network Management (HKLM\...\{F88FE7C0-2B64-405B-9197-25F8BE135460}_is1) (Version: 28.0.0.883 - LogicNow, Ltd.) => Error: No automatic fix found for this entry.
Amazon 1Button App (HKLM-x32\...\{B6DCCCD3-520D-4485-B642-FCC136CE12C3}) (Version: 2.3.4 - Amazon) <==== ATTENTION => Error: No automatic fix found for this entry.
Ask Toolbar Updater (HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.5.36191 - Ask.com) <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0707C59-4B32-48B8-94ED-73BB68E1C569}\\SystemComponent => value removed successfully
Managed Antivirus (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 6.2.5528 - GFI Software) => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D544611-F437-4153-913E-91CE036583CC}\\SystemComponent => value removed successfully
PDF Writer Packages (HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\PDF Writer Packages) (Version:  - ) <==== ATTENTION => Error: No automatic fix found for this entry.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 294197 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9552374 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 340788 B
Edge => 36722829 B
Chrome => 17474960 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 7862 B
NetworkService => 5498 B
Ron => 16195780 B
UpdatusUser => 0 B
DefaultAppPool => 0 B
 
RecycleBin => 22484290 B
EmptyTemp: => 98.3 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 14:05:10 ====


#25 TimB48

TimB48
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 17 February 2017 - 12:10 PM

More results. Limited success with the removals. Revo could not find ask toolbar or PDF Writer. Amazon 1 button, GFI Languard and Managed Antivirus said the windows installer could not be found, so I just used Revo to remove the registry entries and any other left over items.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-02-2017 02
Ran by Ron (administrator) on RONSNO2 (17-02-2017 17:03:34)
Running from C:\Users\Ron\Desktop
Loaded Profiles: Ron & UpdatusUser (Available Profiles: Ron & UpdatusUser & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Remote Monitoring) C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
(ABBYY) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
(ABBYY (BIT Software)) C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\WINDOWS\System32\mqsvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Nuance Communications, Inc.) C:\Users\Ron\PaperPort\PDFProFiltSrvPP.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\WINDOWS\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(ABBYY) C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\USB Sound Blaster HD\Volume Panel\VolPanlu.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
() C:\Program Files (x86)\Advanced Monitoring Agent\systray\SysTray.exe
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
Failed to access process -> iCloudDrive.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7903.40521.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-12-15] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-09-28] (cyberlink)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-11-08] (Bitleader)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [Bonus.SSR.FR11] => C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [1348176 2012-09-17] (ABBYY)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\USB Sound Blaster HD\Volume Panel\VolPanlu.exe [241757 2010-12-08] (Creative Technology Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Users\Ron\PaperPort\pptd40nt.exe [36168 2013-05-14] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Users\Ron\PaperPort\IndexSearch.exe [18248 2013-05-14] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort14reminder] => "C:\Users\Ron\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\14\Config\Ereg\Ereg.ini"
HKLM-x32\...\Run: [PDFProHook] => C:\Users\Ron\PDFViewer\pdfpro7hook.exe [641864 2013-03-20] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFCreHook] => C:\Users\Ron\PDFCreate\pdfcreate7hook.exe [605512 2013-03-26] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF7 Registry Controller] => C:\Users\Ron\PDFCreate\RegistryController.exe [140616 2013-03-26] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Scheduling Agent] => C:\Program Files (x86)\Creative\MediaToolbox6\Manage Recording Schedule\MTScdAgt.exe [1730086 2007-04-12] (Creative Technology Ltd)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282632 2013-07-23] (CANON INC.)
HKLM-x32\...\Run: [AdvancedMonitoringSysTray] => C:\Program Files (x86)\Advanced Monitoring Agent\systray\Launcher.exe [292352 2015-08-03] ()
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2012-07-02] (Hewlett-Packard Company)
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1084688 2016-04-21] (Apple Inc.)
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2012-07-02] (Hewlett-Packard Company)
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk [2016-12-05]
ShortcutTarget: Picture Motion Browser Media Check Tool.lnk -> C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-12-05]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 212.159.6.10 212.159.6.9
Tcpip\..\Interfaces\{b13c0eed-3d81-4b48-9724-2530b5c23389}: [DhcpNameServer] 212.159.6.10 212.159.6.9
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.zen.co.uk/
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Users\Ron\PDFViewer\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation)
BHO-x32: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Users\Ron\PDFCreate\Bin\ZeonIEFavClient.dll [2011-03-25] (Zeon Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Users\Ron\PDFCreate\Bin\ZeonIEFavClient.dll [2011-03-25] (Zeon Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-2022913626-2766758768-741264458-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
DPF: HKLM-x32 {34DC66DB-E913-40A1-A2DD-53A1B9E90CAC} hxxps://col0-sec.mail.live.com/mail/resources/MailMigrationTool.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
 
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-2022913626-2766758768-741264458-1000 -> hxxp://www.google.co.uk/
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-08-28] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Users\Ron\PDFViewer\bin\nppdf.dll [2011-07-15] (Zeon Corporation)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> amazon.co.uk/gp/bit/amazonserp/?ie=UTF8__PARAM__
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default [2017-02-17]
CHR Extension: (Adobe Acrobat) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-27]
CHR Extension: (AdBlock) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-27]
CHR Extension: (Chrome Media Router) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-09]
CHR HKU\S-1-5-21-2022913626-2766758768-741264458-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2022913626-2766758768-741264458-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [meagncggdmaklghgpmpljnedbdoepioa] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jlceijfdfeghdhmmbhbcffanmcggoojf] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Professional.10.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [814344 2009-12-22] (ABBYY)
R2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [821840 2012-07-19] (ABBYY)
R2 ABBYY.Licensing.FineReader.Professional.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [759072 2008-10-27] (ABBYY (BIT Software))
R2 Advanced Monitoring Agent; C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe [8833536 2016-08-29] (Remote Monitoring)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-09-18] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-09-17] (Creative Labs) [File not signed]
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2014-09-18] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2012-06-27] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 PDFProFiltSrvPP; C:\Users\Ron\PaperPort\PDFProFiltSrvPP.exe [77640 2013-05-14] (Nuance Communications, Inc.)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2401264 2017-01-22] (IBM Corp.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2005-01-31] (Ulead Systems, Inc.) [File not signed]
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation)
S2 gfi_lanss11_attservice; "C:\PROGRA~2\ADVANC~1\patchman\11\lnssatt.exe" -service [X]
S2 SBAMSvc; C:\PROGRA~2\ADVANC~1\managedav\SBAMSvc.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ComproHID; C:\WINDOWS\System32\DRIVERS\ComproHID64.sys [9088 2007-10-01] (Compro Tech., Inc.)
S3 ComproHID; C:\Windows\SysWOW64\DRIVERS\ComproHID64.sys [9088 2007-10-01] (Compro Tech., Inc.)
S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [40584 2015-08-27] (ThreatTrack Security)
R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [14456 2017-02-10] (GFI Software)
S3 gfiutil; C:\WINDOWS\System32\drivers\gfiutil.sys [32400 2016-03-04] (ThreatTrack Security)
R3 ksaud; C:\WINDOWS\system32\drivers\ksaud.sys [1558528 2013-03-26] (Creative Technology Ltd.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-02-17] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [380872 2017-01-22] (IBM Corp.)
R1 RapportCerberus_1804047; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1804047.sys [1264776 2017-02-07] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [580648 2017-01-22] (IBM Corp.)
R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [250728 2017-01-22] (IBM Corp.)
S3 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [504456 2017-01-22] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [603464 2017-01-22] (IBM Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-17 17:02 - 2017-02-17 17:02 - 00000000 ___HD C:\OneDriveTemp
2017-02-16 14:47 - 2017-02-16 14:47 - 00000000 ____D C:\Users\Ron\AppData\Local\TeamViewer
2017-02-16 14:44 - 2017-02-16 15:23 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-02-16 14:44 - 2017-02-16 14:44 - 00001112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-02-16 14:44 - 2017-02-16 14:44 - 00001100 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-02-16 14:36 - 2017-02-16 14:48 - 00000000 ____D C:\Users\Ron\AppData\Roaming\TeamViewer
2017-02-16 14:34 - 2017-02-16 14:34 - 00000000 ____D C:\Teamviewer
2017-02-16 13:58 - 2017-02-17 16:47 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-02-16 13:57 - 2017-02-17 16:55 - 00517906 _____ C:\WINDOWS\ntbtlog.txt
2017-02-15 14:48 - 2017-02-15 14:48 - 02376109 _____ C:\Users\Ron\Downloads\TeamViewer12-Manual-Remote-Control-en.pdf
2017-02-15 14:45 - 2016-03-04 11:26 - 00032400 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiutil.sys
2017-02-15 14:45 - 2015-08-27 07:31 - 00040584 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiark.sys
2017-02-15 14:25 - 2017-02-16 15:42 - 00062001 _____ C:\Users\Ron\Desktop\Addition.txt
2017-02-15 14:24 - 2017-02-17 17:03 - 00032538 _____ C:\Users\Ron\Desktop\FRST.txt
2017-02-15 12:19 - 2017-02-17 14:05 - 00003186 _____ C:\Users\Ron\Desktop\Fixlog.txt
2017-02-15 12:19 - 2017-02-16 14:13 - 00000000 ____D C:\Users\Ron\Desktop\FRST-OlderVersion
2017-02-15 11:36 - 2017-02-15 11:36 - 00001079 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-02-15 11:36 - 2017-02-15 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-02-15 11:36 - 2017-02-15 11:36 - 00000000 ____D C:\Program Files\VS Revo Group
2017-02-15 11:26 - 2017-02-15 11:36 - 07097928 _____ (VS Revo Group ) C:\Users\Ron\Desktop\revosetup.exe
2017-02-13 15:39 - 2017-02-17 17:03 - 00000000 ____D C:\FRST
2017-02-13 12:35 - 2017-02-13 12:35 - 00480194 _____ C:\Users\Ron\Documents\Emailing_ Ron Green_jpg.eml
2017-02-13 12:00 - 2017-02-16 14:13 - 02422272 _____ (Farbar) C:\Users\Ron\Desktop\FRST64.exe
2017-02-09 17:05 - 2017-02-09 17:06 - 04188767 _____ C:\Users\Ron\Downloads\yeeveo.webm
2017-02-09 17:05 - 2017-02-09 17:05 - 04188767 _____ C:\Users\Ron\Downloads\aya6ds.webm
2017-02-09 17:05 - 2017-02-09 17:05 - 04151468 _____ C:\Users\Ron\Downloads\9spmmi.webm
2017-02-09 17:05 - 2017-02-09 17:05 - 04130886 _____ C:\Users\Ron\Downloads\s9q2ta.webm
2017-02-09 16:37 - 2017-02-17 17:03 - 00000000 ____D C:\Users\Ron\AppData\Local\CrashDumps
2017-02-09 15:52 - 2016-12-29 12:43 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-09 15:51 - 2017-02-09 15:51 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-09 15:51 - 2016-12-29 13:06 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-09 15:51 - 2016-12-29 12:44 - 00546752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-02-09 15:51 - 2016-12-29 12:44 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-02-09 15:51 - 2016-09-09 18:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-09 15:51 - 2016-09-09 18:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-09 15:51 - 2016-09-09 18:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-09 15:51 - 2016-09-09 18:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-09 15:50 - 2017-02-09 15:52 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-02 15:29 - 2017-02-02 15:29 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-02-02 15:29 - 2017-02-02 15:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-02-02 15:28 - 2017-02-02 15:29 - 00000000 ____D C:\Program Files\iTunes
2017-02-02 15:28 - 2017-02-02 15:28 - 00000000 ____D C:\Program Files\iPod
2017-02-02 15:23 - 2017-02-02 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-01-30 15:44 - 2016-12-21 09:01 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-30 15:44 - 2016-12-21 09:01 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-01-30 15:44 - 2016-12-21 08:25 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-01-30 15:44 - 2016-12-21 07:18 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-01-30 15:44 - 2016-12-21 06:56 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-01-30 15:44 - 2016-12-21 05:41 - 04895744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-01-30 15:44 - 2016-12-21 05:39 - 22373376 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-30 15:44 - 2016-12-21 05:15 - 07839232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-30 15:44 - 2016-12-21 05:06 - 03663872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-01-30 15:44 - 2016-12-21 05:03 - 18671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-30 15:44 - 2016-12-21 04:48 - 05658624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-30 15:44 - 2016-10-25 06:55 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-17 17:02 - 2016-01-29 12:04 - 00000000 ___RD C:\Users\Ron\iCloudDrive
2017-02-17 17:02 - 2016-01-28 15:11 - 00000000 ___RD C:\Users\Ron\OneDrive
2017-02-17 17:01 - 2016-03-22 15:40 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-17 17:00 - 2016-02-04 23:38 - 00142832 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_38F51D56.sys
2017-02-17 16:59 - 2016-02-04 23:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-17 16:59 - 2016-02-04 23:23 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-17 16:59 - 2015-10-30 06:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2017-02-17 16:54 - 2016-12-06 10:33 - 00000000 ____D C:\Program Files (x86)\Advanced Monitoring Agent
2017-02-17 16:52 - 2016-12-06 10:34 - 00000000 ____D C:\ProgramData\GFI
2017-02-17 14:28 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-17 14:27 - 2016-12-06 14:08 - 00000000 ____D C:\WINDOWS\Patches
2017-02-17 14:23 - 2015-10-30 07:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-17 14:19 - 2016-12-05 16:09 - 00000000 ____D C:\ProgramData\SupremoRemoteDesktop
2017-02-17 14:18 - 2016-05-26 14:45 - 00000000 ____D C:\Users\Ron\AppData\Roaming\.oit
2017-02-17 14:17 - 2012-11-08 00:50 - 00000000 ____D C:\ProgramData\Temp
2017-02-17 14:15 - 2016-02-04 23:18 - 04916832 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-17 13:55 - 2013-09-21 08:34 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-17 13:46 - 2014-07-16 23:23 - 00004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6B609F37-7F1E-472C-A515-E682AE2180A1}
2017-02-16 14:52 - 2016-01-29 11:02 - 00000000 ____D C:\Users\Ron\Documents\Outlook Files
2017-02-16 14:14 - 2013-11-18 15:00 - 00000000 ____D C:\Users\Ron\AppData\LocalLow\Temp
2017-02-15 16:22 - 2016-12-06 10:19 - 00000000 ____D C:\Users\Ron\AppData\LocalLow\Adblock Plus for IE
2017-02-15 12:11 - 2014-07-21 03:40 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Sunbelt
2017-02-15 12:09 - 2014-10-15 12:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-15 12:00 - 2012-09-14 10:25 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-15 11:57 - 2012-09-12 21:17 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Adobe
2017-02-15 11:55 - 2012-09-12 20:12 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-02-15 11:55 - 2012-09-12 13:58 - 00000000 ____D C:\ProgramData\Adobe
2017-02-15 11:20 - 2014-06-25 13:09 - 00000000 ____D C:\Users\Ron\AppData\Local\Adobe
2017-02-14 12:55 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-14 12:55 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-13 15:41 - 2016-02-04 23:26 - 01026508 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-13 15:41 - 2015-10-30 07:21 - 00000000 ____D C:\WINDOWS\INF
2017-02-13 15:28 - 2016-05-26 14:44 - 00000000 ____D C:\ProgramData\Nuance
2017-02-10 16:38 - 2016-12-06 10:34 - 00014456 _____ (GFI Software) C:\WINDOWS\system32\Drivers\gfibto.sys
2017-02-09 16:35 - 2013-05-23 10:49 - 00000000 ____D C:\Users\Ron\Documents\ALL SERIAL NUMBERS
2017-02-09 15:52 - 2016-02-04 23:23 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-09 15:52 - 2016-02-04 23:22 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-09 15:52 - 2012-09-14 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-09 15:51 - 2016-02-04 23:22 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-09 14:44 - 2016-02-04 23:26 - 00000000 ____D C:\Users\UpdatusUser
2017-02-09 14:34 - 2016-02-07 12:17 - 00002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-09 14:34 - 2012-09-12 20:13 - 00002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 16:34 - 2016-02-04 23:26 - 00000000 ____D C:\Users\Ron
2017-02-07 12:29 - 2016-02-05 16:02 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-07 12:24 - 2013-08-31 08:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2017-02-07 11:49 - 2016-12-06 14:04 - 00003270 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-07 11:49 - 2016-02-04 23:52 - 00002394 _____ C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-05 17:38 - 2012-12-19 13:26 - 00000000 ____D C:\ProgramData\CanonIJPLM
2017-02-02 16:09 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\rescache
2017-02-02 15:28 - 2016-01-29 11:54 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-02-01 15:56 - 2013-11-02 14:49 - 00000000 ____D C:\SoloApp
2017-01-31 03:32 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-30 15:51 - 2015-10-30 07:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-30 15:51 - 2013-08-17 08:27 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-30 15:48 - 2012-09-12 18:39 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-30 15:18 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-22 19:09 - 2015-06-12 20:59 - 00250728 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2017-01-22 19:09 - 2012-11-12 14:32 - 00504456 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2017-01-20 14:44 - 2015-11-09 15:37 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
 
==================== Files in the root of some directories =======
 
2013-01-01 18:29 - 2014-10-17 12:38 - 0000132 _____ () C:\Users\Ron\AppData\Roaming\Adobe BMP Format CS5 Prefs
2012-09-18 13:47 - 2012-09-18 13:49 - 0000132 _____ () C:\Users\Ron\AppData\Roaming\Adobe GIF Format CS5 Prefs
2014-09-18 15:01 - 2016-06-16 14:49 - 0002268 _____ () C:\Users\Ron\AppData\Roaming\MTScdAgt.dat
2013-07-28 16:21 - 2014-05-30 22:13 - 0000138 _____ () C:\Users\Ron\AppData\Roaming\WB.CFG
2013-06-17 14:21 - 2013-11-02 14:38 - 0000006 _____ () C:\Users\Ron\AppData\Roaming\WBPU-TTL.DAT
2013-07-24 13:38 - 2013-07-24 13:38 - 145394418 _____ () C:\Users\Ron\AppData\Local\ACCCx189.zip.aamdownload
2013-07-24 13:38 - 2013-07-24 13:38 - 0001811 _____ () C:\Users\Ron\AppData\Local\ACCCx189.zip.aamdownload.aamd
2014-05-01 11:53 - 2014-05-01 11:53 - 169928142 _____ () C:\Users\Ron\AppData\Local\ACCCx2_5_1_369.2.zip.aamdownload
2014-05-01 11:53 - 2014-05-01 11:53 - 0002071 _____ () C:\Users\Ron\AppData\Local\ACCCx2_5_1_369.2.zip.aamdownload.aamd
2013-01-02 22:37 - 2014-10-17 11:19 - 0010752 _____ () C:\Users\Ron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-12 13:57 - 2012-09-12 13:57 - 0000091 _____ () C:\Users\Ron\AppData\Local\fusioncache.dat
2014-09-17 16:19 - 2009-11-17 07:54 - 0002844 _____ () C:\ProgramData\CfSB1240.ini
2014-09-17 16:19 - 2013-03-26 04:54 - 0002844 _____ () C:\ProgramData\CfSB1240A.ini
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-13 12:39
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2017 02
Ran by Ron (17-02-2017 17:05:21)
Running from C:\Users\Ron\Desktop
Windows 10 Pro Version 1511 (X64) (2016-02-04 23:46:39)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2022913626-2766758768-741264458-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2022913626-2766758768-741264458-1002 - Limited - Enabled)
DefaultAccount (S-1-5-21-2022913626-2766758768-741264458-503 - Limited - Disabled)
Guest (S-1-5-21-2022913626-2766758768-741264458-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2022913626-2766758768-741264458-1005 - Limited - Enabled)
Ron (S-1-5-21-2022913626-2766758768-741264458-1000 - Administrator - Enabled) => C:\Users\Ron
UpdatusUser (S-1-5-21-2022913626-2766758768-741264458-1003 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
ABBYY FineReader 10 Professional Edition (HKLM-x32\...\{F1000000-0001-0000-0000-074957833700}) (Version: 10.501.159.70013 - ABBYY)
ABBYY FineReader 11 (HKLM-x32\...\{F11000FE-0010-0000-0000-074957833700}) (Version: 11.11.136 - ABBYY)
ABBYY FineReader 9.0 Professional Edition (HKLM-x32\...\{F9000000-0001-0000-0000-074957833700}) (Version: 9.00.162.55015 - ABBYY)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Ask Toolbar Updater (HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.5.36191 - Ask.com) <==== ATTENTION
Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon CanoScan 9000F II On-screen Manual (HKLM-x32\...\Canon CanoScan 9000F II On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon iP3500 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3500_series) (Version:  - )
Canon iP3500 series User Registration (HKLM-x32\...\Canon iP3500 series User Registration) (Version:  - )
Canon iP7200 series On-screen Manual (HKLM-x32\...\Canon iP7200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version:  - Canon Inc.)
Canon iP7200 series User Registration (HKLM-x32\...\Canon iP7200 series User Registration) (Version:  - Canon Inc.‎)
Canon iP8700 series On-screen Manual (HKLM-x32\...\Canon iP8700 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon iP8700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP8700_series) (Version:  - Canon Inc.)
Canon iP8700 series User Registration (HKLM-x32\...\Canon iP8700 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.1.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.1.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.3.0 - Canon Inc.)
CanoScan 9000F Mark II Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ9604) (Version:  - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
Creative Audio Pack (HKLM-x32\...\Creative Audio Pack) (Version:  - )
Creative Media Toolbox 6 (HKLM-x32\...\{F1A14CB2-A048-45A6-AFDA-3571296E1D76}) (Version: 6.02 - Creative Technology Limited)
Creative Media Toolbox 6 (Shared Components) (HKLM-x32\...\Uninstaller_B4736000_Creative Media Toolbox 6) (Version: 2.80.12 - Creative Labs)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EVGA Precision X 3.0.3 (HKLM-x32\...\PrecisionX) (Version: 3.0.3 - EVGA Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LG Burning Tool (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.6009 - CyberLink Corp.)
LG Burning Tool (x32 Version: 6.2.6009 - CyberLink Corp.) Hidden
LG CyberLink BD Advisor (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: 2.0.4606 - CyberLink Corp.)
LG CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
LG CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2820 - CyberLink Corp.)
LG CyberLink Media Suite (x32 Version: 8.0.2820 - CyberLink Corp.) Hidden
LG CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1622_37397b - CyberLink Corp.)
LG CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3402 - CyberLink Corp.)
LG CyberLink MediaShow (x32 Version: 4.1.3402 - CyberLink Corp.) Hidden
LG CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3424.52 - CyberLink Corp.)
LG CyberLink PowerDVD (x32 Version: 10.0.3424.52 - CyberLink Corp.) Hidden
LG CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2820a - CyberLink Corp.)
LG CyberLink PowerProducer (x32 Version: 5.0.2.2820a - CyberLink Corp.) Hidden
LG CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3718 - CyberLink Corp.)
LG CyberLink YouCam (x32 Version: 2.0.3718 - CyberLink Corp.) Hidden
LG Tool Kit (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
LightScribe System Software (HKLM-x32\...\{90538B62-F392-4DE1-B886-7B48123866E9}) (Version: 1.18.26.7 - LightScribe)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Business 2016 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\OneDriveSetup.exe) (Version: 17.3.6764.0111 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM-x32\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nero 2016 (HKLM-x32\...\{9AFD4E43-C353-40B8-BDC6-6A80F66FA142}) (Version: 17.0.01500 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2000 - Nero AG)
Nmap 5.51 (HKLM-x32\...\Nmap) (Version:  - )
Nuance PaperPort 14 (HKLM-x32\...\{14CB3B82-FBDC-4462-919E-86147983F09B}) (Version: 14.5.0000 - Nuance Communications, Inc.)
Nuance PDF Create 7 (HKLM\...\{AAA715B7-02F9-4F2D-92C9-80EC63835AA1}) (Version: 7.10.6408 - Nuance Communications, Inc.)
Nuance PDF Create 7 (HKLM-x32\...\{AAA715B7-02F9-4F2D-92C9-80EC63835AA1}) (Version: 7.10.6408 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{FC984E39-43D0-4AB2-ACC7-A7B87977B009}) (Version: 7.20.3274 - Nuance Communications, Inc.)
NVIDIA 3D Vision Controller Driver 320.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.18 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0001 - Nuance Communications, Inc.)
PDF Writer Packages (HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\PDF Writer Packages) (Version:  - ) <==== ATTENTION
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Picture Package Music Transfer (HKLM-x32\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.1.00.11270 - Sony Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Prerequisite installer (x32 Version: 17.0.0002 - Nero AG) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Rapport (x32 Version: 3.5.1804.81 - Trusteer) Hidden
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
Scansoft PDF Create (x32 Version:  - ) Hidden
Sony Picture Utility (HKLM-x32\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 3.0.02.12110 - Sony Corporation)
Stashimi Stub Installer (x32 Version: 18.001.1 - Nero AG) Hidden
Suite (x32 Version: 1.00.0000 - CyberLink Corp.) Hidden
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1804.81 - Trusteer)
Ulead Straight-to-Disc SDK (HKLM-x32\...\{07224AA9-2F2F-46A2-9A56-3B7B603B5E6C}) (Version: 3.5 - )
Ultimate Reference Suite (HKLM-x32\...\Ultimate Reference Suite) (Version: 2012.0.0.0 - Encyclopaedia Britannica, Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
USB Sound Blaster HD (HKLM-x32\...\{3BE06146-8ADC-47D7-9AD5-E5CABF1FF90C}) (Version: 1.0 - Creative Technology Limited)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Migration Assistant (HKLM-x32\...\{D8BC400A-9D14-468B-A674-1D76A987AAFC}) (Version: 1.0.1.3 - Apple Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2022913626-2766758768-741264458-1000_Classes\CLSID\{03E88EFD-E7E0-AD3D-5094-B211A02E169B}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02FB6C75-1ECD-4A75-8FEF-A1FA71D55AFB} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe 
Task: {043B149E-2A68-47E3-919C-AFAD2EF791CC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {0AB2B1E4-7D97-4003-A448-DC7197A2C35A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-15] (Piriform Ltd)
Task: {1A9449A9-D24E-438B-90B5-79ACD39D29F4} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {217A115F-E56D-46D8-BA93-8679C3D6CF07} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {279D2E50-AF6F-42CF-B7FB-360CB2506F66} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {28A26D1F-D868-43DC-B393-CEB8346B1BCE} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe 
Task: {2A40B456-4777-40CE-A6C2-990938ACB33B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {2F94F563-8B0B-4070-88EF-AD16CD97AF0B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-14] (Adobe Systems Incorporated)
Task: {309E63AB-C428-4A92-AC23-F38649ECE53F} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-11-23] (Adobe Systems Incorporated)
Task: {30CA5E66-7ED2-4D1A-B71C-EAD2E38B2464} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {36E4D18E-6813-4C63-A3B3-13D28880003A} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {3F244821-98B6-431D-A5BE-6A031CD40497} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {41E14234-D002-4E8D-903A-FF13B8D97C08} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {44F80265-1D24-4C3D-89BC-8DDC8FD31D15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {45E60FA5-1B9B-45C5-8CC1-FA8218D23BFA} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {4BA09583-FC4F-422F-B0F9-F3AC6F3100CC} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {5F2DE7E8-3752-4ED4-8846-6A0EEA8BB52A} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2015-06-04] (Nero AG)
Task: {60522D17-AA4B-44E8-BC98-4D17A83D6DBF} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {683027FD-8A7D-4F41-918F-F3C9A7539899} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {6E4E1EE2-9027-4E29-80F9-3BDFA4EF4BCB} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {8517BF08-06D4-4856-A042-1FDD216FB991} - System32\Tasks\{295FE63D-83AF-4F70-8684-11975BFC9EF5} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exe" -c UNINSTALL /l0x0009
Task: {8EE0E165-8049-4FD9-9E71-39165C0F9AFE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe 
Task: {8FF20BAB-A60A-41AA-BFDA-F468D198F595} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {A21D9072-8368-4339-86A7-86A2142B0C0F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-11-23] (Adobe Systems Incorporated)
Task: {AA166754-F86D-428F-BD49-E23F48464692} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {AABF8971-34A8-45A3-B754-B2C9351D2909} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {B1569056-1190-46A5-9057-D6C89DBA2637} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {B9128E5D-B944-4C22-AED7-F6AC19E9C4B2} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {BB8DB4CD-E36F-4E4C-9663-EC535DF3E631} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {BBB6D74F-92D3-4805-9468-4047270E0DF8} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe 
Task: {C0F585CF-EBE1-496C-848F-4C6E693E9027} - System32\Tasks\QtraxPlayer => "C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe" 3859010362.portal.qtrax.com
Task: {C2FC4D06-DC03-453B-AB7C-D5869E1700EC} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe 
Task: {C57FA6E8-C4CB-4B8C-AE60-21E71A967AE1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {CA953812-973D-4EC6-93B3-5F672B2D01E8} - System32\Tasks\{F8BC2B27-B5EA-44FE-93B2-628451DA0C04} => C:\Program Files (x86)\Pinnacle\MediaCenter\PMC.exe 
Task: {CEF995FE-8FC9-49F5-96DC-5771690B01A4} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe 
Task: {D24E6C8C-5C9C-4EA7-A35B-2BBD8DF0447C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {D765A4E2-F5E6-4B85-AD16-2011129C57DF} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-06-22] (Oracle Corporation)
Task: {D9355858-8F97-4636-AE75-AAF71B5791F8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe 
Task: {E92F428F-97F6-4BA4-BE04-417D489A1B5C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {EEE01588-3C26-4ABA-9E62-AC37F7A5DDC0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {F1D70436-CEB0-4AE3-8098-EF92E1803F85} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe 
Task: {FB548BEB-31F6-487F-8D85-C71FD24EF4CD} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {FD5BA760-0CB7-47E9-BC8C-E3FC3F12FFFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {FDC8FB0F-67D6-4F9A-AD7D-983FE26DE3BB} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 07:18 - 2015-10-30 07:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-02-04 23:23 - 2016-12-29 12:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-05-29 10:21 - 2011-10-04 21:43 - 00087552 _____ () C:\WINDOWS\System32\custmon64i.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-19 13:26 - 2012-03-28 12:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2012-11-08 01:16 - 2009-07-02 14:02 - 00244904 ____R () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2016-11-10 15:12 - 2016-10-25 09:42 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-11-10 15:12 - 2016-10-25 09:42 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-26 16:09 - 2016-12-28 17:03 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-04-19 10:56 - 2016-04-19 10:56 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-05 07:12 - 2016-02-05 07:12 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 16:08 - 2016-07-01 03:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-11-10 15:12 - 2016-10-25 04:49 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-10 15:12 - 2016-10-25 04:44 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-10 15:12 - 2016-10-25 04:45 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-10 15:12 - 2016-10-25 04:48 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-09-17 16:20 - 2013-01-25 10:08 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2014-09-17 16:20 - 2013-01-25 10:06 - 00328704 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2016-12-06 11:13 - 2015-08-03 09:39 - 00292352 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\systray\SysTray.exe
2015-10-30 07:18 - 2015-10-30 07:18 - 00218456 _____ () c:\windows\system32\WerEtw.dll
2017-02-09 14:20 - 2017-02-01 09:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-09 14:20 - 2017-02-01 09:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2017-01-25 13:46 - 2017-01-25 13:47 - 00055808 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2016-11-10 15:12 - 2016-10-25 09:32 - 03081568 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2016-07-13 16:08 - 2016-07-01 04:44 - 02394976 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2017-01-26 15:24 - 2017-01-26 15:24 - 02561536 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1.3410.0_x64__8wekyb3d8bbwe\People.BackgroundTasks.dll
2017-01-26 15:24 - 2017-01-26 15:24 - 00139264 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1.3410.0_x64__8wekyb3d8bbwe\PeopleUtilRT.Windows.dll
2016-04-19 10:56 - 2016-04-19 10:56 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 10:56 - 2016-04-19 10:56 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-09-01 17:13 - 2016-09-01 17:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2009-12-15 13:46 - 2009-12-15 13:46 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-12-15 13:49 - 2009-12-15 13:49 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2015-06-02 14:51 - 2015-06-02 14:51 - 00545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:FD9CE1F3 [240]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:34 - 2017-02-16 14:14 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 212.159.6.10 - 212.159.6.9
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: WRSVC => "C:\Program Files\Webroot\WRSA.exe" -ul
HKLM\...\StartupApproved\Run: => "VX6000"
HKLM\...\StartupApproved\Run32: => "BDRegion"
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKLM\...\StartupApproved\Run32: => "PPort14reminder"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "LGODDFU"
HKLM\...\StartupApproved\Run32: => "LifeCam"
HKLM\...\StartupApproved\Run32: => "UCam_Menu"
HKLM\...\StartupApproved\Run32: => "UpdateP2GoShortCut"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "PDFCreHook"
HKLM\...\StartupApproved\Run32: => "PDFProHook"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "PDF7 Registry Controller"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "SBAMTray"
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\StartupApproved\StartupFolder: => "Picture Motion Browser Media Check Tool.lnk"
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\StartupApproved\Run: => "LightScribe Control Panel"
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\StartupApproved\Run: => "Sidebar"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{9BD4909F-24D9-4C8E-8D22-9CCF47595340}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{20FC35BC-CAF1-47DF-B25C-098A700FF953}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DC9B8AE2-E726-4843-AE9E-FE7060017AC4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3B65B012-B361-4BFC-A2C9-3E3581CDB033}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6D247807-FABE-45E3-B563-0C2AE2A74055}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{3EC7B904-ED40-49A7-8E39-8B313BD4D838}] => (Allow) C:\Users\Ron\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{BE416981-0CE4-4043-8D48-4662C16092E0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D8D583C3-8A15-41FA-B9A7-1A8973DCADBB}] => (Allow) LPort=1900
FirewallRules: [{175A0502-FADE-4AF1-9053-74E1FB89C6D2}] => (Allow) LPort=2869
FirewallRules: [{EB5693F4-0BD1-44E6-AB0A-D634FF951CC8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F957BB7E-3E06-482A-BACF-AE9575168B41}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{B94205CF-B696-4156-BD0A-903DB79FF234}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{2892FF94-4615-4433-8CC2-C0A392113E11}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{4443AD46-DCB2-492F-B420-A036629E07A6}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{3B3B7B83-20C9-4AA8-82C3-ABA6A9EB308A}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{8FA26414-EAB2-4325-875E-9FBF58055B82}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{D8BBB845-CC30-4B49-B97A-AA2634D15BC0}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{B7AA72A0-ED38-42EE-8956-A6EB3779FB30}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{F5BB2328-8F45-4F39-9166-6B4EEF34BF6D}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{BC4553C3-41F0-4FA9-9ACE-FEA7E09F0D73}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{79D97064-E7AB-4A3C-8D68-AFE2A34C5231}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{0C411C81-A177-42B7-94FE-32EB8D8E1286}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{02E33348-AD4F-44F0-B75C-D79C26C84F2D}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{315CBF37-EC0E-4BF8-B6A6-9C3A02AC177D}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{8FE99C76-8EE9-4FF1-85E4-4282374CCD54}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{610F2580-9C4D-40A2-ABBF-2EAEF78F25FA}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{69F8F007-AC78-4C1F-853A-C9C852C69491}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{A0529077-12AC-477A-8C21-E7C92EDAAB22}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{5C530356-5B37-48E3-8636-6E109C0F337D}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{E324B950-A95E-4EDA-9226-2F817F536269}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{FDB9ACE5-9DD5-40D8-AA48-3A88C879DAB3}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{F0486B44-8228-4382-9C3D-B880221191E7}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{92F49293-F980-402A-B044-64EEC7DE5BB6}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{DB58C52C-0DDB-4D69-B120-42AB1D1BDED4}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{DC6DBC9A-59E4-4639-87EF-E1760896CB4F}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{6FD1A278-6190-48A1-94B7-D7B77B168A40}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{6384B0EB-9D50-47E0-A999-7B0B542705B9}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{725DBE58-1498-41CA-8A07-85EEAE37A333}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{89B07B68-8936-44B4-AD55-7658A71FC386}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{5EDFC566-8163-4FC0-BA23-A83DDE7B43DE}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{4AD9BFF6-25C1-4D46-AE17-9C1E58352EFE}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{2D5C5976-C29E-4E44-973C-539F75C64929}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{ED15F2BC-ADDD-414F-8C18-7634BBC5E740}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{5F6DDE4C-0003-4262-A6BB-1478B1B13BDE}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{ABD0193D-E97B-4040-A89E-7F570F9F36B5}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{870A4AE2-43BD-4AD2-B578-F0AF541189C8}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{875AD864-2061-443D-801E-5C05C501B47A}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{415F67D1-3A06-4A49-8C47-E14CEB86E684}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{83ECD8B1-92E3-4A44-8907-726AE755F3D3}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{A910B961-DCAD-4309-B75D-BA2E99CD8680}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{BD1E2314-6988-43AE-A436-978B0ED9260E}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{144A064E-F596-4F8B-BF78-552B5CABC596}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{3F9CC656-7B5D-44C2-B0CC-E2F578692ABA}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{6E94D564-AF2F-43BB-B18F-4368918964E8}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{0A4B9F03-AFB0-4634-B3C3-0927371A9279}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{10D1E358-3505-47BD-81F3-28ABA17C934E}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{1D74395D-C7E4-4344-97DF-09713A368389}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{9BF3AA74-29E7-46B7-A07C-5884C0795A22}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{FAF947DA-FA60-4677-B8A4-2C6FABC52134}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{03F1D274-A2F7-4A9D-8D51-7488DAE1969A}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{15B2C5FD-0684-45D3-9F15-3B5A8256AE84}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{5AFB9D2E-8463-487F-B42C-A42C4897E8A2}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{AC3D92E9-5DC2-4205-93C6-BB0FC16940DB}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{7F0E26E7-7E70-4656-91BC-B58DC1DCDA72}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{98B80692-5113-416D-949F-F3F672618A54}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{2F23CCC6-752C-4D8E-8C8F-D2804F28B588}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{E5A7EC4C-975A-4A54-BE8C-EAAFFB0C63E1}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{102EFEA1-9DE0-4911-ACDE-376A4FD41B9B}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{44F5D863-4B63-47EB-9DED-591D2E348B1C}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{F95A99BE-CAB1-47D8-B757-B43001D63E99}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{FDA876D0-30EB-4075-A24B-F774BB812EA1}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{24C7AEA6-1C8B-4FC9-8FFD-257AD1C3CECD}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{AB9CCF25-41B8-4519-897B-3BD190DB7603}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{4919359F-D487-457A-9901-29D1F63F816C}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{0BB1FF51-D853-4C79-B0A5-20806C76314C}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{3DADD89B-6589-42DD-B649-956B88391A22}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{22444B0E-C248-45B7-8FB0-019851D9939F}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{DF7BD435-F792-4208-A8EE-254E1A765E12}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{09F0AFA2-3E5C-4391-98A7-C6C6FA47C24C}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{0D12E8F6-92E0-4198-B0AB-D1721ABE1DFF}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{47FC12F9-61FC-4D80-B12F-136199693BE2}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{89746B22-BDB3-4716-B345-1BE13057FFDF}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{02A7D1B8-2F35-4B3E-AE04-9D6C03F8D815}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{53F51C3D-44D1-45E2-A845-A1720849657E}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{84061E6A-2384-4528-89B6-FF3782E5E772}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{6E6A6B21-ABE7-4224-8557-DBC1474D4C70}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{2FE591A5-7CB1-49F7-9579-2824332C5348}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{22A3C879-BC59-4666-83F1-7808C96F9EF8}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{F8289EC6-A62B-4ADE-9F72-9B9998B9935B}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{F4F1EEC7-921D-49DF-881E-D03884682403}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{B0C89A03-1A45-4A7C-B74B-FCDD30F93AC1}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{FD9CA79E-5264-47CD-917D-F3404ECB250D}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{3B1481AE-0E70-422E-AA5F-2ED063537FCD}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{908264EC-87F2-4B77-8925-D7EB27CFBBCA}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{030B5439-52B9-4524-9D51-EB651CAEECE3}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{445DF67C-6E08-4A14-A2AF-4FC3C7A0450B}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{4B4CFEC6-6EEA-4FE0-BB8B-B15C2D8A0195}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{C481DE85-FE7A-4F5A-B4E9-14EB0E446310}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{531917A9-C251-4254-B7EF-FEE7EEFD6B91}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{37B784AF-CE46-4936-B498-4537434FC148}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{BB4846C5-8ED8-4CD5-BD80-6A255E014046}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{3D469F8A-4AB0-42BD-879B-E75C129E23D9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{A5F003D9-946A-4C3A-AC26-37E5B24EB9A0}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{7978713E-1E2A-4819-A564-6CBEFECA2728}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{E85D831B-454E-4AF8-A56E-8FB604D44683}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{18855A1B-1FAC-4E47-A455-671C131F5719}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{910109BB-D859-4850-B98D-33E6CA5595BE}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{BE33889E-476C-40A7-BBAC-969309DC26B7}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{36582B7E-F387-4B63-A8A8-964044E30756}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{21633CA8-0ED4-407A-BECE-4EB8517FF1ED}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{37AC8EDE-EA5C-4B0D-A7D0-97E93D3F6FC8}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Windows Migration Assistant\MigrationAssistant.exe
FirewallRules: [{B5DAB2F9-58C2-40BD-96DB-0B87B008511E}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Windows Migration Assistant\MigrationAssistant.exe
FirewallRules: [{DAF8E89B-D802-406E-960A-EC42D91862A9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{B9CD4850-F020-499D-BFB7-4CD01235FCCB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{4F2BDCF0-7014-4AEA-B6CE-9AF999379DFD}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\StartNBR.exe
FirewallRules: [{62FC7A3C-47D1-4A40-830B-DFFA5692FA82}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{62C9366D-7C1E-498A-A1A5-A7FF6BFF32CA}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\nero.exe
FirewallRules: [{84829FE3-3CE6-42D9-91CD-EB5E60EFCF38}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E774B5D9-8750-453E-B3AD-F5434FE4B436}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{146486EA-1F7E-4BDC-BA18-DDE01F0B53CF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1E682495-DCF9-4F24-814E-3C3EE3DED619}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B56A9F86-B30E-471B-9C68-9BA42AE27522}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8861745E-1460-4356-A2E4-9C6D4B63F484}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
 
==================== Restore Points =========================
 
14-02-2017 12:42:01 Scheduled Checkpoint
15-02-2017 11:38:43 Revo Uninstaller's restore point - Advanced Monitoring Agent Network Management
15-02-2017 11:46:56 Revo Uninstaller's restore point - Adobe Photoshop CS5.1
15-02-2017 11:57:24 Revo Uninstaller's restore point - Ask Toolbar Updater
15-02-2017 11:59:03 Revo Uninstaller's restore point - Java 8 Update 111
15-02-2017 11:59:28 Removed Java 8 Update 111
15-02-2017 12:00:51 Revo Uninstaller's restore point - Java 8 Update 91
15-02-2017 12:09:29 Revo Uninstaller's restore point - Managed Antivirus
15-02-2017 12:10:15 Removed Managed Antivirus.
15-02-2017 12:13:15 Revo Uninstaller's restore point - PDF Writer Packages
15-02-2017 12:14:37 Revo Uninstaller's restore point - VideoPlayer v2.0.6
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/17/2017 05:02:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iCloudDrive.exe, version: 1.6.10.167, time stamp: 0x58791a03
Faulting module name: iCloudDrive_main.dll, version: 1.6.10.167, time stamp: 0x587e6920
Exception code: 0xc0000005
Fault offset: 0x0010025c
Faulting process id: 0x1ce0
Faulting application start time: 0x01d2893f7a2350d1
Faulting application path: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
Faulting module path: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive_main.dll
Report Id: dc6e875b-41f4-4cf2-b353-2068b0bae73e
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/17/2017 04:56:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UNINST~1.EXE, version: 2.8.0.1, time stamp: 0x4d63f57c
Faulting module name: USER32.dll, version: 10.0.10586.713, time stamp: 0x58340060
Exception code: 0xc0000005
Fault offset: 0x0000000000025322
Faulting process id: 0xd10
Faulting application start time: 0x01d2893ebedca445
Faulting application path: C:\PROGRA~1\PDFCRE~1\Actual\UNINST~1.EXE
Faulting module path: C:\WINDOWS\system32\USER32.dll
Report Id: dcfbd2db-41b9-4053-b69d-c6f966d61866
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/17/2017 04:56:12 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe" ; Description = Revo Uninstaller's restore point - PDF Creator; Error = 0x8007043c).
 
Error: (02/17/2017 04:53:12 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe" ; Description = Revo Uninstaller's restore point - Managed Antivirus; Error = 0x8007043c).
 
Error: (02/17/2017 04:53:01 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe" ; Description = Revo Uninstaller's restore point - Managed Antivirus; Error = 0x8007043c).
 
Error: (02/17/2017 04:51:53 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe" ; Description = Revo Uninstaller's restore point - GFI LanGuard 11 Agent; Error = 0x8007043c).
 
Error: (02/17/2017 04:51:14 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe" ; Description = Revo Uninstaller's restore point - Amazon 1Button App; Error = 0x8007043c).
 
Error: (02/17/2017 04:49:30 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe" ; Description = Revo Uninstaller's restore point - Advanced Monitoring Agent Network Management; Error = 0x8007043c).
 
Error: (02/17/2017 04:48:02 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RONSNO2)
Description: Activation of app Microsoft.MicrosoftEdge_25.10586.672.0_neutral__8wekyb3d8bbwe:MicrosoftEdge.AppX9zvsr9qeth9e9a03yr0g7rpdrcrwgn5r.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/17/2017 02:18:59 PM) (Source: SupremoSystem.exe) (EventID: 0) (User: )
Description: Event-ID 0
 
 
System errors:
=============
Error: (02/17/2017 05:02:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Managed Antivirus service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (02/17/2017 05:00:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The gfi_lanss11_attservice service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (02/17/2017 05:00:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (02/17/2017 04:59:02 PM) (Source: DCOM) (EventID: 10005) (User: RONSNO2)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (02/17/2017 04:59:01 PM) (Source: DCOM) (EventID: 10005) (User: RONSNO2)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (02/17/2017 04:58:59 PM) (Source: DCOM) (EventID: 10005) (User: RONSNO2)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (02/17/2017 04:57:58 PM) (Source: DCOM) (EventID: 10005) (User: RONSNO2)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (02/17/2017 04:56:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (02/17/2017 04:56:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (02/17/2017 04:56:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
 
CodeIntegrity:
===================================
  Date: 2017-02-17 14:18:56.017
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-15 14:37:49.694
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-15 12:14:38.015
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-15 12:14:37.997
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-15 12:14:37.980
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-15 12:14:32.017
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-15 12:14:32.001
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-15 12:14:31.955
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-31 04:20:39.636
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-31 03:42:29.716
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 20%
Total physical RAM: 16346.09 MB
Available physical RAM: 13010.56 MB
Total Virtual: 32730.09 MB
Available Virtual: 29255.98 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:930.97 GB) (Free:817.38 GB) NTFS
Drive f: (Second Drive) (Fixed) (Total:232.88 GB) (Free:158.66 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: FA85FEBC)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6D9E0F84)
Partition 1: (Active) - (Size=84 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
 
==================== End of Addition.txt ============================

Edited by TimB48, 17 February 2017 - 12:32 PM.


#26 satchfan

satchfan

  • Malware Response Team
  • 2,800 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:11 PM

Posted 17 February 2017 - 12:39 PM

These are still installed:

Ask Toolbar Updater
PDF Writer Packages


Is there a problem removing them?


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#27 TimB48

TimB48
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 18 February 2017 - 05:39 AM

Revo does not see Ask or PDF. I cannot see them in windows apps either. Each time I try and run the fix a different app appears not to uninstall. 


Edited by TimB48, 18 February 2017 - 07:57 AM.


#28 satchfan

satchfan

  • Malware Response Team
  • 2,800 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:11 PM

Posted 18 February 2017 - 10:06 AM

Let's tidy up some more.

 

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

CloseProcesses:
(Remote Monitoring) C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe
() C:\Program Files (x86)\Advanced Monitoring Agent\systray\SysTray.exe
Failed to access process -> iCloudDrive.exe
HKLM-x32\...\Run: [AdvancedMonitoringSysTray] => C:\Program Files (x86)\Advanced Monitoring Agent\systray\Launcher.exe [292352 2015-08-03] ()
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoStartMenuSubFolders] 0
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
R2 Advanced Monitoring Agent; C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe [8833536 2016-08-29] (Remote Monitoring)
S2 gfi_lanss11_attservice; "C:\PROGRA~2\ADVANC~1\patchman\11\lnssatt.exe" -service [X]
S2 SBAMSvc; C:\PROGRA~2\ADVANC~1\managedav\SBAMSvc.exe [X]
S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [40584 2015-08-27] (ThreatTrack Security)
R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [14456 2017-02-10] (GFI Software)
S3 gfiutil; C:\WINDOWS\System32\drivers\gfiutil.sys [32400 2016-03-04] (ThreatTrack Security)
2017-02-15 14:45 - 2016-03-04 11:26 - 00032400 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiutil.sys
2017-02-15 14:45 - 2015-08-27 07:31 - 00040584 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiark.sys
2017-02-17 16:54 - 2016-12-06 10:33 - 00000000 ____D C:\Program Files (x86)\Advanced Monitoring Agent
2017-02-17 16:52 - 2016-12-06 10:34 - 00000000 ____D C:\ProgramData\GFI
2017-02-10 16:38 - 2016-12-06 10:34 - 00014456 _____ (GFI Software) C:\WINDOWS\system32\Drivers\gfibto.sys
AlternateDataStreams: C:\ProgramData\Temp:FD9CE1F3 [240]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
Reg: reg delete HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc
C:\Program Files (x86)\Advanced Monitoring Agent
C:\WINDOWS\System32\drivers\gfiark.sys
C:\WINDOWS\System32\drivers\gfibto.sys
C:\WINDOWS\System32\drivers\gfiutil.sys
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

===================================================

Run Zemana AntiMalware

Download Zemana AntiMalware:

  • open the program and without changing any options, press Scan
  • after the scan is finished, if threats are detected press Next to remove them

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.

  • open Zemana AntiMalware again and locate the latest report
  • please paste the contents into your reply.

Logs to include with next post:

Fixlog.txt
Zemana AntiMalware result


Can you tell me how the computer is running now.

Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#29 TimB48

TimB48
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 18 February 2017 - 12:05 PM

I ran FRST but the fixlog does not appear complete and FRST was still running. Did it in safe mode. Should I run it again? Have not run Zemana as yet. 

Fixlog.txt copied for info.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-02-2017 01
Ran by Ron (18-02-2017 16:51:02) Run:4
Running from C:\Users\Ron\Desktop
Loaded Profiles: Ron (Available Profiles: Ron & UpdatusUser)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
CloseProcesses:
(Remote Monitoring) C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe
() C:\Program Files (x86)\Advanced Monitoring Agent\systray\SysTray.exe
Failed to access process -> iCloudDrive.exe
HKLM-x32\...\Run: [AdvancedMonitoringSysTray] => C:\Program Files (x86)\Advanced Monitoring Agent\systray\Launcher.exe [292352 2015-08-03] ()
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\...\Policies\Explorer: [NoStartMenuSubFolders] 0
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
R2 Advanced Monitoring Agent; C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe [8833536 2016-08-29] (Remote Monitoring)
S2 gfi_lanss11_attservice; "C:\PROGRA~2\ADVANC~1\patchman\11\lnssatt.exe" -service [X]
S2 SBAMSvc; C:\PROGRA~2\ADVANC~1\managedav\SBAMSvc.exe [X]
S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [40584 2015-08-27] (ThreatTrack Security)
R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [14456 2017-02-10] (GFI Software)
S3 gfiutil; C:\WINDOWS\System32\drivers\gfiutil.sys [32400 2016-03-04] (ThreatTrack Security)
2017-02-15 14:45 - 2016-03-04 11:26 - 00032400 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiutil.sys
2017-02-15 14:45 - 2015-08-27 07:31 - 00040584 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiark.sys
2017-02-17 16:54 - 2016-12-06 10:33 - 00000000 ____D C:\Program Files (x86)\Advanced Monitoring Agent
2017-02-17 16:52 - 2016-12-06 10:34 - 00000000 ____D C:\ProgramData\GFI
2017-02-10 16:38 - 2016-12-06 10:34 - 00014456 _____ (GFI Software) C:\WINDOWS\system32\Drivers\gfibto.sys
AlternateDataStreams: C:\ProgramData\Temp:FD9CE1F3 [240]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-2022913626-2766758768-741264458-1003\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
Reg: reg delete HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc
C:\Program Files (x86)\Advanced Monitoring Agent
C:\WINDOWS\System32\drivers\gfiark.sys
C:\WINDOWS\System32\drivers\gfibto.sys
C:\WINDOWS\System32\drivers\gfiutil.sys
EmptyTemp:
*****************
 
Processes closed successfully.
C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe => No running process found
C:\Program Files (x86)\Advanced Monitoring Agent\systray\SysTray.exe => No running process found
Failed to access process -> iCloudDrive.exe => Error: No automatic fix found for this entry.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AdvancedMonitoringSysTray => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDesktop => value removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Microsoft\Windows\CurrentVersion\Run\\iCloudDrive => value removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => value removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value removed successfully
HKU\S-1-5-21-2022913626-2766758768-741264458-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value removed successfully


#30 satchfan

satchfan

  • Malware Response Team
  • 2,800 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:11 PM

Posted 18 February 2017 - 03:44 PM

Try running the fix in safe mode and then run Zemana.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users