Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

REMOVE THE SMARTSERVICE TROJAN


  • This topic is locked This topic is locked
2 replies to this topic

#1 jrnewman

jrnewman

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 13 December 2017 - 10:01 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-12-2017
Ran by Dr. Ron (administrator) on DRRON-PC (13-12-2017 10:07:03)
Running from C:\Users\Dr. Ron\Desktop
Loaded Profiles: Dr. Ron (Available Profiles: Dr. Ron & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 10586.916 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Windows\AutoKMS\AutoKMS.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
() C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ntuserlitelist\dataup\dataup.exe
(Foxit Software Inc.) C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe
() C:\Windows\KMS-R@1n.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Windows\SysWOW64\spdsvc.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlService.exe
() C:\Windows\SysWOW64\SecUPDUtilSvc.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtWLan.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Windows\System32\tprdpw64.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(BitTorrent Inc.) C:\Users\Dr. Ron\AppData\Roaming\uTorrent\uTorrent.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(ELLS LLC) C:\Users\Dr. Ron\AppData\Local\WeatherBuddy\WeatherBuddy.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 19\Program32\ZPSTray.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(BitTorrent Inc.) C:\Users\Dr. Ron\AppData\Roaming\uTorrent\updates\3.5.0_44294\utorrentie.exe
(BitTorrent Inc.) C:\Users\Dr. Ron\AppData\Roaming\uTorrent\updates\3.5.0_44294\utorrentie.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
(Plex) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
() C:\Users\Dr. Ron\AppData\Local\qefmvum\ct.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Opera Software) C:\Program Files\Opera\launcher.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8008.42001.0_x64__8wekyb3d8bbwe\HxTsr.exe
Failed to access process -> launcher.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
() C:\Users\Dr. Ron\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-19] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-27] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [cpx] => "C:\Users\Default\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
HKLM-x32\...\Run: [svcvmx] => "C:\Users\Default\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe" -starup <==== ATTENTION
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKU\S-1-5-21-1937093168-1187263909-1636579775-1000\...\Run: [uTorrent] => C:\Users\Dr. Ron\AppData\Roaming\uTorrent\uTorrent.exe [1981624 2017-11-29] (BitTorrent Inc.)
HKU\S-1-5-21-1937093168-1187263909-1636579775-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9773272 2017-05-19] (Piriform Ltd)
HKU\S-1-5-21-1937093168-1187263909-1636579775-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [15347688 2017-06-22] (Plex, Inc.)
HKU\S-1-5-21-1937093168-1187263909-1636579775-1000\...\Run: [WeatherBuddy] => C:\Users\Dr. Ron\AppData\Local\WeatherBuddy\WeatherBuddy.exe [3986944 2017-08-02] (ELLS LLC)
HKU\S-1-5-21-1937093168-1187263909-1636579775-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 19\Program32\ZPSTRAY.EXE [574408 2017-06-05] (ZONER software)
HKU\S-1-5-21-1937093168-1187263909-1636579775-1000\...\MountPoints2: {880071a5-3b1c-11e7-85fe-84349776af8c} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL G:\rwp.chm
HKU\S-1-5-21-1937093168-1187263909-1636579775-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
IFEO\OSppSvc.exe: [Debugger] KMS-R@1nHook.exe
IFEO\SppExtComObj.exe: [Debugger] KMS-R@1nHook.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk [2017-05-21]
ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (Samsung Electronics Co., Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{1c20f7eb-44ff-45bc-8aae-10af56e43c07}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{5e02c347-3006-4f70-a2b2-908c1dea75f6}: [DhcpNameServer] 192.168.1.1 209.18.47.61
Tcpip\..\Interfaces\{b6a5f8a6-094f-4055-ad4b-fcbded384462}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{f5541742-b6b1-460d-be33-6bd86012554e}: [DhcpNameServer] 192.168.1.1 209.18.47.61

Internet Explorer:
==================
HKU\S-1-5-21-1937093168-1187263909-1636579775-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1937093168-1187263909-1636579775-1000 -> {BB0DB886-9C8F-4516-AD0A-D117E71AE811} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=435371&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-12-02] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-02] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-04-07] (HP Inc.)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-22] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-04-07] (HP Inc.)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: cm4x5zky.default-1504288135233
FF ProfilePath: C:\Users\Dr. Ron\AppData\Roaming\Mozilla\Firefox\Profiles\cm4x5zky.default-1504288135233 [2017-12-12]
FF Homepage: Mozilla\Firefox\Profiles\cm4x5zky.default-1504288135233 -> moz-extension://1897797a-2b20-41dd-8c8e-ce012d44ec10/dynamicHomePage.html
FF NewTabOverride: Mozilla\Firefox\Profiles\cm4x5zky.default-1504288135233 -> Enabled: _1cMembers_@www.bringmesports.com
FF NewTabOverride: Mozilla\Firefox\Profiles\cm4x5zky.default-1504288135233 -> Enabled: _dbMembers_@free.getformsonline.com
FF NewTabOverride: Mozilla\Firefox\Profiles\cm4x5zky.default-1504288135233 -> Enabled: @TV
FF NewTabOverride: Mozilla\Firefox\Profiles\cm4x5zky.default-1504288135233 -> Enabled: @Weather
FF Extension: (Forms) - C:\Users\Dr. Ron\AppData\Roaming\Mozilla\Firefox\Profiles\cm4x5zky.default-1504288135233\Extensions\@FormsApp.xpi [2017-11-27]
FF Extension: (TV) - C:\Users\Dr. Ron\AppData\Roaming\Mozilla\Firefox\Profiles\cm4x5zky.default-1504288135233\Extensions\@TV.xpi [2017-11-28]
FF Extension: (Weather) - C:\Users\Dr. Ron\AppData\Roaming\Mozilla\Firefox\Profiles\cm4x5zky.default-1504288135233\Extensions\@Weather.xpi [2017-11-27]
FF Extension: (Weatherly) - C:\Users\Dr. Ron\AppData\Roaming\Mozilla\Firefox\Profiles\cm4x5zky.default-1504288135233\Extensions\@Weatherly.xpi [2017-10-19] [Legacy]
FF Extension: (mail.com MailCheck) - C:\Users\Dr. Ron\AppData\Roaming\Mozilla\Firefox\Profiles\cm4x5zky.default-1504288135233\Extensions\browser-mailcheck@mail.com.xpi [2017-12-02]
FF Extension: (BringMeSports) - C:\Users\Dr. Ron\AppData\Roaming\Mozilla\Firefox\Profiles\cm4x5zky.default-1504288135233\Extensions\_1cMembers_@www.bringmesports.com.xpi [2017-11-25]
FF Extension: (GetFormsOnline) - C:\Users\Dr. Ron\AppData\Roaming\Mozilla\Firefox\Profiles\cm4x5zky.default-1504288135233\Extensions\_dbMembers_@free.getformsonline.com.xpi [2017-11-25]
FF ProfilePath: C:\Users\Dr. Ron\AppData\Roaming\Hillcrest Labs\Kylo\Profiles\bkvh0qj0.default [2017-08-04]
FF Extension: (HTTP Header Tweaker) - C:\Users\Dr. Ron\AppData\Local\Hillcrest Labs\Kylo\extensions\httpheader@kylo.tv [2017-06-21] [Legacy] [not signed]
FF Extension: (UDLR Cursor Support) - C:\Users\Dr. Ron\AppData\Local\Hillcrest Labs\Kylo\extensions\udlrcursor@kylo.tv [2017-06-21] [Legacy] [not signed]
FF Extension: (mail.com MailCheck) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\browser-mailcheck@mail.com [2017-05-18] [Legacy]
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-12-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-02] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-09-19] (Adobe Systems)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-09-19] (Adobe Systems)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"drmkpro64" => service could not be unlocked. <==== ATTENTION

R2 Dataup; C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
R2 FoxitReaderService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1659456 2017-10-29] (Foxit Software Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
S3 hpqwmiex; C:\Users\Dr. Ron\AppData\Roaming\Hewlett-Packard\hpqwmiex.exe [794112 2017-06-05] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
S2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-19] (HP Inc.)
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2017-05-16] () [File not signed]
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [1987048 2017-06-22] (Plex, Inc.)
R2 RealtekCU; C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlService.exe [36864 2012-05-10] (Realtek Semiconductor Corp.) [File not signed]
R2 Samsung Network Fax Server; C:\WINDOWS\system32\spool\drivers\x64\3\NetFaxServer64.exe [801472 2015-03-10] (Samsung Electronics Co., Ltd.)
R2 Samsung Printer Dianostics Service; C:\WINDOWS\SysWOW64\\spdsvc.exe [506680 2017-02-19] ()
R2 SamsungUPDUtilSvc; C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe [143664 2017-06-22] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-04-27] (Microsoft Corporation)
R2 windowsmanagementservice; C:\Users\Dr. Ron\AppData\Local\qefmvum\ct.exe [689152 2017-05-17] () [File not signed] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110096 2016-04-18] (Advanced Micro Devices)
R1 b32e9b7a327f57d9c824e110db5f5681; C:\WINDOWS\system32\drivers\b32e9b7a327f57d9c824e110db5f5681.sys [66408 2017-05-24] (QEVUBJ) <==== ATTENTION
S3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2504192 2015-10-30] (MediaTek Inc.)
S3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-29] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [52904 2016-04-27] (Synaptics Incorporated)
S3 tsusbhub; C:\WINDOWS\system32\drivers\tsusbhub.sys [117248 2010-11-20] (Microsoft Corporation) [File not signed]
R1 vrvd5; C:\WINDOWS\system32\DRIVERS\vrvd5.sys [13344 2017-05-21] (Rsupport Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 WirelessButtonDriver64; C:\WINDOWS\system32\DRIVERS\WirelessButtonDriver64.sys [31656 2016-04-13] (HP)
R5 drmkpro64;  <==== ATTENTION: Locked Service <==== ATTENTION
U3 idsvc; no ImagePath
S1 idszmudf; \??\C:\WINDOWS\system32\drivers\idszmudf.sys [X]
U3 wpcsvc; no ImagePath
S1 xjwmwkqk; \??\C:\WINDOWS\system32\drivers\xjwmwkqk.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-13 10:21 - 2017-12-13 10:22 - 083316440 _____ (Malwarebytes ) C:\Users\Dr. Ron\Desktop\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374 (1).exe
2017-12-13 10:20 - 2017-12-13 10:20 - 083316440 _____ (Malwarebytes ) C:\Users\Dr. Ron\Desktop\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
2017-12-13 10:06 - 2017-12-13 10:06 - 000000000 ____D C:\Users\Dr. Ron\Desktop\FRST-OlderVersion
2017-12-13 09:59 - 2017-12-13 09:59 - 001205232 _____ (Adobe Systems Incorporated) C:\Users\Dr. Ron\Desktop\flashplayer28pp_fa_install.exe
2017-12-13 09:59 - 2017-12-13 09:59 - 000004580 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-12-13 09:59 - 2017-12-13 09:59 - 000004412 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-12-12 18:35 - 2017-12-13 10:06 - 002392064 _____ (Farbar) C:\Users\Dr. Ron\Desktop\FRST64.exe
2017-12-12 18:21 - 2017-12-12 18:21 - 000000000 ____D C:\Users\Dr. Ron\Downloads\Wonder.Woman.2017.HDRip.XviD.AC3-EVO
2017-12-12 18:08 - 2017-12-12 18:08 - 000000000 ____D C:\Program Files\ESET
2017-12-12 18:06 - 2017-12-12 18:06 - 011204152 _____ (Piriform Ltd) C:\Users\Dr. Ron\Downloads\ccsetup538.exe
2017-12-12 18:04 - 2017-12-12 18:04 - 000000000 ____D C:\Users\Dr. Ron\Downloads\ESET NOD 32 Anti-Virus 4.0.468.0
2017-12-12 17:59 - 2017-12-12 18:00 - 000000000 ____D C:\Users\Dr. Ron\Downloads\Kaspersky Anti-Virus 2013
2017-12-12 17:56 - 2017-12-12 18:04 - 000062328 _____ C:\Users\Dr. Ron\Desktop\Addition.txt
2017-12-12 17:54 - 2017-12-13 10:09 - 000019381 _____ C:\Users\Dr. Ron\Desktop\FRST.txt
2017-12-12 17:54 - 2017-12-13 10:07 - 000000000 ____D C:\FRST
2017-12-12 17:54 - 2017-12-13 10:00 - 000000000 ____D C:\Users\Dr. Ron\AppData\LocalLow\uTorrent
2017-12-12 17:30 - 2017-12-12 17:35 - 000000000 ____D C:\Users\Dr. Ron\Downloads\Bitdefender Antivirus Plus, Internet Security, Total Security 2016 x86x64 + Incl Keys Dec2015 Seven7i
2017-12-09 19:16 - 2017-12-09 19:16 - 000002222 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2017-12-09 19:16 - 2017-12-09 19:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2017-12-09 19:15 - 2017-12-09 19:15 - 000000000 ____D C:\Program Files (x86)\FOXIT SOFTWARE
2017-12-08 22:44 - 2017-12-08 22:44 - 004006125 _____ C:\Users\Dr. Ron\Downloads\Darby Home Co Moreton 48_ TV Stand with Fireplace _ Wayfair.pdf
2017-12-08 22:35 - 2017-12-08 22:35 - 000127924 _____ C:\Users\Dr. Ron\Desktop\Great Bay Home Dawson Collection Tan Twill Form Fit Recliner Slipcover-35400 - The Home Depot.pdf
2017-12-07 23:28 - 2017-12-07 23:33 - 000000000 ____D C:\Users\Dr. Ron\AppData\Roaming\FreeFileViewer
2017-12-07 18:45 - 2017-12-07 18:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileViewer
2017-12-07 18:44 - 2017-12-07 18:45 - 000000000 ____D C:\Program Files (x86)\FreeFileViewer
2017-12-07 18:35 - 2017-12-07 18:39 - 000000000 ____D C:\Users\Dr. Ron\Downloads\Ultra File Opener 5.6.3.131 Incl Patch + Portable [SadeemPC]
2017-12-07 00:31 - 2017-12-07 00:31 - 000006311 _____ C:\Users\Dr. Ron\Downloads\Interview Confirmation for Palmetto Health
2017-12-06 23:44 - 2017-12-06 23:44 - 017816696 _____ (Bitberry Software ) C:\Users\Dr. Ron\Downloads\ffvsetup (2).exe
2017-12-06 23:41 - 2017-12-06 23:41 - 000000028 _____ C:\Users\Dr. Ron\Downloads\Interview Confirmation for Palmetto Health (1)
2017-12-02 09:50 - 2017-12-02 09:50 - 005838920 _____ (Adobe Systems Inc.) C:\Users\Dr. Ron\Downloads\Shockwave_Installer_Slim.exe
2017-12-02 09:48 - 2017-12-02 09:48 - 000000000 ____D C:\Users\Dr. Ron\AppData\LocalLow\Sun
2017-12-02 09:47 - 2017-12-02 09:47 - 000110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-12-02 09:47 - 2017-12-02 09:47 - 000000000 ____D C:\Users\Dr. Ron\AppData\Roaming\Sun
2017-12-02 09:47 - 2017-12-02 09:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-12-02 09:46 - 2017-12-02 09:46 - 000000000 ____D C:\ProgramData\Oracle
2017-12-02 09:46 - 2017-12-02 09:46 - 000000000 ____D C:\Program Files\Java
2017-12-02 09:44 - 2017-12-02 09:45 - 070513728 _____ (Oracle Corporation) C:\Users\Dr. Ron\Downloads\jre-8u151-windows-x64.exe
2017-12-02 09:42 - 2017-12-02 09:42 - 001207800 _____ (Adobe Systems Incorporated) C:\Users\Dr. Ron\Downloads\readerdc_en_fa_cra_install.exe
2017-12-02 09:36 - 2017-12-02 09:36 - 000117359 _____ C:\Users\Dr. Ron\Downloads\Hymns for Sunday Dec. 3, 2017
2017-12-02 09:13 - 2017-12-02 09:13 - 000117359 _____ C:\Users\Dr. Ron\Downloads\Hymns for Sunday Dec (2). 3, 2017
2017-12-02 09:10 - 2017-12-02 09:10 - 000117359 _____ C:\Users\Dr. Ron\Downloads\Hymns for Sunday Dec (1). 3, 2017
2017-12-02 09:07 - 2017-12-02 09:09 - 017816696 _____ (Bitberry Software ) C:\Users\Dr. Ron\Downloads\ffvsetup.exe
2017-12-02 09:06 - 2017-12-13 09:59 - 000000406 _____ C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job
2017-12-02 09:06 - 2017-12-07 18:45 - 000003176 _____ C:\WINDOWS\System32\Tasks\FreeFileViewerUpdateChecker
2017-12-02 09:05 - 2017-12-02 09:05 - 017816696 _____ (Bitberry Software ) C:\Users\Dr. Ron\Downloads\ffvsetup (1).exe
2017-11-27 21:55 - 2017-11-27 21:56 - 000311176 _____ (Mozilla) C:\Users\Dr. Ron\Downloads\Firefox Installer(1).exe
2017-11-26 15:32 - 2017-11-26 15:32 - 319553372 _____ C:\Users\Dr. Ron\AppData\Local\ACCCx4_3_0_256.zip.aamdownload
2017-11-26 15:32 - 2017-11-26 15:32 - 000003567 _____ C:\Users\Dr. Ron\AppData\Local\ACCCx4_3_0_256.zip.aamdownload.aamd
2017-11-19 08:35 - 2017-12-12 15:18 - 000000358 _____ C:\WINDOWS\Tasks\HPCeeScheduleForDr. Ron.job
2017-11-19 08:35 - 2017-12-02 21:18 - 000003258 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForDr. Ron
2017-11-19 08:32 - 2017-11-19 08:32 - 000000000 ____D C:\ProgramData\HP
2017-11-19 08:32 - 2017-11-19 08:32 - 000000000 ____D C:\Program Files\HP

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-13 10:48 - 2017-05-26 11:03 - 000004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{46F5B501-879B-43E9-AC75-7B81F27A2C16}
2017-12-13 10:26 - 2015-10-30 01:28 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2017-12-13 10:25 - 2017-05-16 21:51 - 000000000 ____D C:\Users\Dr. Ron\AppData\Local\ClassicShell
2017-12-13 10:24 - 2017-06-11 08:17 - 000000000 ____D C:\Users\Dr. Ron\AppData\Local\Adobe
2017-12-13 10:21 - 2017-06-20 09:21 - 000000370 _____ C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Dr. Ron).job
2017-12-13 10:14 - 2015-10-30 02:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-13 10:13 - 2015-10-30 02:24 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-13 10:10 - 2017-05-17 07:58 - 000000000 ____D C:\Users\Dr. Ron\AppData\Roaming\uTorrent
2017-12-13 10:06 - 2017-05-24 19:01 - 000000368 _____ C:\WINDOWS\Tasks\Online Application V2G3.job
2017-12-13 10:06 - 2017-05-16 15:55 - 001009696 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-13 10:06 - 2015-10-30 02:21 - 000000000 ____D C:\WINDOWS\INF
2017-12-13 10:04 - 2017-05-17 17:14 - 000005214 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for DrRon-PC-Dr. Ron DrRon-PC
2017-12-13 10:03 - 2017-05-24 19:01 - 000000368 _____ C:\WINDOWS\Tasks\Online Application V2G2.job
2017-12-13 10:03 - 2017-05-24 19:01 - 000000368 _____ C:\WINDOWS\Tasks\Online Application V2G1.job
2017-12-13 09:59 - 2015-10-30 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-12-13 09:59 - 2015-10-30 02:24 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-13 09:58 - 2017-05-16 16:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-12 18:22 - 2017-05-16 18:10 - 000000965 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-12-12 18:11 - 2017-05-16 18:12 - 000000000 ____D C:\Users\Dr. Ron\AppData\LocalLow\Mozilla
2017-12-12 17:54 - 2017-06-26 14:35 - 000000000 ____D C:\WINDOWS\pss
2017-12-12 17:53 - 2017-05-16 15:56 - 000000000 ____D C:\Users\Dr. Ron
2017-12-12 17:52 - 2017-06-26 14:37 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-12-12 17:52 - 2017-05-16 18:10 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-12 17:52 - 2017-05-16 18:10 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-12-12 16:03 - 2017-05-24 19:01 - 000000400 _____ C:\WINDOWS\Tasks\Updater_Online_Application.job
2017-12-12 07:16 - 2017-05-19 11:44 - 000000000 ____D C:\Users\Dr. Ron\AppData\Local\ElevatedDiagnostics
2017-12-10 22:26 - 2017-06-09 07:17 - 000000000 ____D C:\Users\Dr. Ron\AppData\Local\CrashDumps
2017-12-09 19:16 - 2017-06-11 07:02 - 000000000 ____D C:\ProgramData\Foxit Software
2017-12-08 16:03 - 2017-05-17 15:56 - 000003808 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2017-12-07 18:45 - 2017-10-15 20:39 - 000001158 _____ C:\ProgramData\Microsoft\Windows\Start Menu\FreeFileViewer.lnk
2017-12-07 18:45 - 2017-10-15 20:39 - 000001152 _____ C:\Users\Dr. Ron\Desktop\FreeFileViewer.lnk
2017-12-07 18:45 - 2017-10-15 20:39 - 000000000 ____D C:\Program Files (x86)\Unknown File Handler
2017-12-05 08:44 - 2017-07-25 12:37 - 000003368 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1937093168-1187263909-1636579775-1000
2017-12-05 08:44 - 2017-05-16 17:07 - 000002373 _____ C:\Users\Dr. Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-12-05 08:44 - 2017-05-16 17:07 - 000000000 ___RD C:\Users\Dr. Ron\OneDrive
2017-12-02 23:13 - 2015-10-30 02:24 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-11-29 23:15 - 2017-05-18 16:18 - 000000000 ____D C:\Users\DefaultAppPool
2017-11-29 11:06 - 2017-06-11 08:19 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-27 21:57 - 2017-09-01 13:10 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-11-27 21:57 - 2017-05-16 18:10 - 000000953 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-11-27 21:54 - 2017-05-16 18:10 - 000000000 ____D C:\Users\Dr. Ron\AppData\Roaming\Mozilla
2017-11-24 19:28 - 2015-10-30 02:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-11-16 08:56 - 2017-06-11 08:20 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

==================== Files in the root of some directories =======

2017-07-11 18:14 - 2014-11-25 03:04 - 000238080 ____N (TODO: <Company name>) C:\Users\Dr. Ron\AMPV.dll
2017-07-11 18:14 - 2016-05-31 08:51 - 001975096 ____N () C:\Users\Dr. Ron\Setup.exe
2017-11-26 15:32 - 2017-11-26 15:32 - 319553372 _____ () C:\Users\Dr. Ron\AppData\Local\ACCCx4_3_0_256.zip.aamdownload
2017-11-26 15:32 - 2017-11-26 15:32 - 000003567 _____ () C:\Users\Dr. Ron\AppData\Local\ACCCx4_3_0_256.zip.aamdownload.aamd
2017-05-17 10:32 - 2017-05-17 10:32 - 000125952 _____ () C:\Users\Dr. Ron\AppData\Local\report

Some files in TEMP:
====================
2017-12-09 19:15 - 2017-03-31 09:26 - 003698888 _____ (Foxit Corporation) C:\Users\Dr. Ron\AppData\Local\Temp\FoxitUpdater.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\ndistpr64.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION

LastRegBack: 2017-12-13 10:03

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-12-2017
Ran by Dr. Ron (13-12-2017 10:11:52)
Running from C:\Users\Dr. Ron\Desktop
Windows 10 Pro Version 1511 10586.916 (X64) (2017-05-16 21:36:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1937093168-1187263909-1636579775-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1937093168-1187263909-1636579775-503 - Limited - Disabled)
Dr. Ron (S-1-5-21-1937093168-1187263909-1636579775-1000 - Administrator - Enabled) => C:\Users\Dr. Ron
Guest (S-1-5-21-1937093168-1187263909-1636579775-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1937093168-1187263909-1636579775-1000\...\uTorrent) (Version: 3.5.0.44294 - BitTorrent Inc.)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Active@ Password Changer 8 (HKLM\...\{06DC3F36-F3F7-408E-909B-6D861D49E2E4}_is1) (Version: 8 - LSoft Technologies Inc)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.0 - Adobe Systems Incorporated)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Common Desktop Agent (HKLM\...\{031A0E14-0413-4C97-9772-2639B782F46F}) (Version: 1.62.0 - OEM) Hidden
FlashPeak Slimjet (HKLM-x32\...\Slimjet) (Version: 14.0.8.0 - FlashPeak Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.0.0.29935 - Foxit Software Inc.)
Free File Viewer 2014 (HKLM-x32\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software) <==== ATTENTION
Free Spider Solitaire 2016 v5.2 (HKLM-x32\...\Free Spider_is1) (Version:  - TreeCardGames)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{05F81C27-62A5-4A0C-8519-60CB66CF87C6}) (Version: 8.5.37.19 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{183BD477-774B-4700-B40B-EE43886E74D2}) (Version: 12.8.47.1 - HP Inc.)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1435 - HP Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Kodi (HKU\S-1-5-21-1937093168-1187263909-1636579775-1000\...\Kodi) (Version:  - XBMC-Foundation)
Kylo Browser (HKU\S-1-5-21-1937093168-1187263909-1636579775-1000\...\Kylo Browser) (Version: 1.1.1 - Hillcrest Labs, Inc.)
Lazesoft Recover My Password version 4.2 Unlimited Edition (HKLM-x32\...\LS-C4DC987A-47E2-487C-9F63-7E1DB5F88FC3_is1) (Version: 4.2 - Lazesoft)
MacX HD Video Converter Pro For Windows 5.9.9 (HKLM-x32\...\MacX HD Video Converter Pro For Windows_is1) (Version:  - Digiarty Software, Inc.)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1937093168-1187263909-1636579775-1000\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Firefox 57.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.2 (x64 en-US)) (Version: 57.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.6.0 - Microleaves) Hidden <==== ATTENTION
Opera Stable 48.0.2685.52 (HKLM-x32\...\Opera 48.0.2685.52) (Version: 48.0.2685.52 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Password Recovery 5.0 (HKLM-x32\...\Password Recovery 5.0) (Version:  - )
Plex Media Server (HKLM-x32\...\{0647F287-D47E-416D-930E-EA29A183A2E9}) (Version: 1.5.4016 - Plex, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{594da624-b1b9-46bb-90c8-c85d7b4b4e50}) (Version: 1.5.7.4016 - Plex, Inc.)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049509-055C-4CFF-A116-1D12312225EB}) (Version: 1.00.0199 - REALTEK Semiconductor Corp.)
Revo Uninstaller Pro 3.1.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.9 - VS Revo Group, Ltd.)
Samsung CLX-3300 Series (HKLM-x32\...\Samsung CLX-3300 Series) (Version: 1.24 (6/15/2015) - Samsung Electronics Co., Ltd.)
Samsung CLX-3300 Series XPS (Windows 8) (HKLM-x32\...\Samsung CLX-3300 Series XPS (Windows 8)) (Version: 3.03.06.00:15 - Samsung Electronics Co., Ltd.)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.06.60 (3/17/2015) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.81.00(5/25/2015) - Samsung Electronics Co., Ltd.)
Samsung Network PC Fax (HKLM-x32\...\Samsung Network PC Fax) (Version: 1.11.28 (3/10/2015) - Samsung Electronics Co., Ltd.)
Samsung OCR Software (HKLM-x32\...\Samsung OCR Software) (Version: 1.01.12 (10/15/2014) - Samsung Electronics Co., Ltd.)
Samsung Printer Center (HKLM-x32\...\Samsung Printer Center) (Version: 1.0.0.26 - Samsung Electronics Co., Ltd.)
Samsung Printer Diagnostics (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.4.20 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (HKLM-x32\...\Samsung Scan Process Machine) (Version: 1.03.05.25 - Samsung Electronics Co., Ltd.) Hidden
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.19.0 - Samsung Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
Stopping Plex (HKLM-x32\...\{EEFFB751-B423-40B0-B07F-254610266E9B}) (Version: 1.5.4016 - Plex, Inc.) Hidden
SwytShop version 1.0 (HKU\S-1-5-21-1937093168-1187263909-1636579775-1000\...\SwytShop_Pkg2_is1) (Version: 1.0 - SwytShop) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
Uninstall Samsung Printer Software (HKLM-x32\...\TotalUninstaller) (Version: 4.0.0.67 - Samsung Electronics CO., LTD.)
Unknown File Handler (HKLM-x32\...\UFH_is1) (Version: 2015.12.29.0 - File.org)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WeatherBuddy (HKLM-x32\...\{1285CBCA-FC03-4573-A239-7A6B5F8E1BC3}) (Version: 1.0.25 - ELLS LLC) <==== ATTENTION
WiperSoft 1.1.1136.64 (HKLM\...\{AB1C8C91-4D8E-4C28-80E7-FD135FB90515}}_is1) (Version: 1.1.1136.64 - WiperSoft)
WordPerfect Office 11 (HKLM-x32\...\{54F90B55-BEB3-4F0D-8802-228822FA5921}) (Version: 11.0 - Corel Corporation)
Zoner Photo Studio X (HKLM\...\ZonerPhotoStudioX_EN_is1) (Version: 19.1706.2.28 - ZONER software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ContextMenuHandlers1: [!NetFax0] -> {35308360-D4A6-436D-B701-1FEC7E96BA48} => C:\WINDOWS\system32\spool\drivers\x64\3\NetFaxShell64.dll [2015-03-10] (Samsung Electronics Co., Ltd.)
ContextMenuHandlers1: [!NetFax1] -> {35308360-D4A6-436D-B701-1FEC7E96BA48} => C:\WINDOWS\system32\spool\drivers\x64\3\NetFaxShell64.dll [2015-03-10] (Samsung Electronics Co., Ltd.)
ContextMenuHandlers1: [!NetFax2] -> {35308360-D4A6-436D-B701-1FEC7E96BA48} => C:\WINDOWS\system32\spool\drivers\x64\3\NetFaxShell64.dll [2015-03-10] (Samsung Electronics Co., Ltd.)
ContextMenuHandlers1: [!NetFax3] -> {35308360-D4A6-436D-B701-1FEC7E96BA48} => C:\WINDOWS\system32\spool\drivers\x64\3\NetFaxShell64.dll [2015-03-10] (Samsung Electronics Co., Ltd.)
ContextMenuHandlers1: [!NetFax4] -> {35308360-D4A6-436D-B701-1FEC7E96BA48} => C:\WINDOWS\system32\spool\drivers\x64\3\NetFaxShell64.dll [2015-03-10] (Samsung Electronics Co., Ltd.)
ContextMenuHandlers1: [!NetFax5] -> {35308360-D4A6-436D-B701-1FEC7E96BA48} => C:\WINDOWS\system32\spool\drivers\x64\3\NetFaxShell64.dll [2015-03-10] (Samsung Electronics Co., Ltd.)
ContextMenuHandlers1: [!NetFax6] -> {35308360-D4A6-436D-B701-1FEC7E96BA48} => C:\WINDOWS\system32\spool\drivers\x64\3\NetFaxShell64.dll [2015-03-10] (Samsung Electronics Co., Ltd.)
ContextMenuHandlers1: [!NetFax7] -> {35308360-D4A6-436D-B701-1FEC7E96BA48} => C:\WINDOWS\system32\spool\drivers\x64\3\NetFaxShell64.dll [2015-03-10] (Samsung Electronics Co., Ltd.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2017-10-21] (Foxit Software Inc.)
ContextMenuHandlers2-x32: [QuickFinderMenu] -> {C0E10002-0028-0004-C0E1-C0E1C0E1C0E1} => C:\Program Files (x86)\WordPerfect Office 11\Programs\PFSE110.DLL [2003-03-07] (Novell, Inc., c/o Corel Corporation Limited)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4-x32: [QuickFinderMenu] -> {C0E10002-0028-0004-C0E1-C0E1C0E1C0E1} => C:\Program Files (x86)\WordPerfect Office 11\Programs\PFSE110.DLL [2003-03-07] (Novell, Inc., c/o Corel Corporation Limited)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2017-10-21] (Foxit Software Inc.)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\system32\StartMenuHelper64.dll [2016-07-30] (IvoSoft)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {024048C1-3E50-45CB-8F7A-D4D23F54D6CC} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {069D46B7-AF5E-412A-B4BE-600482166046} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {06C6BDC0-4E5A-45E5-B865-749414BC8114} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {0862DBE1-07E0-40D3-B9FC-F7CC782B2A87} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {0A8550CD-DAB2-4224-9354-A24DDE88FF36} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {1199BD83-570C-442E-9AED-F27F3802B453} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Dr. Ron) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {11D59671-84B4-4A9A-84BB-0F80F23E7DA4} - System32\Tasks\GEN_Interval => C:\Users\Dr. Ron\AppData\Local\Programs\GEN\GEN.exe [2017-02-11] ( ) <==== ATTENTION
Task: {2DBE96CF-7550-4068-BB41-2372334FB056} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {311EAD56-9068-4E6D-8111-8424B297B270} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3151D25D-A3C2-4E7D-9E65-A617025C4D81} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {3391BE50-0D1F-4FE2-B2C8-0B7E895F76E0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {35DF2EE7-30A3-4D5B-BE85-0D267A546511} - System32\Tasks\HPCeeScheduleForDr. Ron => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-06-24] (HP Inc.)
Task: {39D5BE29-4A2D-4777-9AA6-AA5C64EFE1C8} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {403B8951-9AFC-4A01-83D4-8B4B6859514E} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {4255A942-E125-4035-BB8A-6BB6F37F3C2B} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe [2017-12-13] (Adobe Systems Incorporated)
Task: {434916D3-BD59-421F-9EBA-7765FBCD034D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {44AD2A5A-F76B-439F-BF76-4315AD412F77} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4CFA42B8-2B34-40E2-85A4-B855E0FEFD97} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate]
Task: {4DB80BB3-724B-40B9-B571-4D907C894DE0} - System32\Tasks\Opera scheduled Autoupdate 1509594744 => C:\Program Files\Opera\launcher.exe [2017-10-24] (Opera Software)
Task: {4FCFC630-CB02-4DCF-BE2D-C9B90AFC1C79} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {517F0400-0775-444C-95AB-FB77BCEE2D53} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {53CAE391-8E5E-46C1-B020-88B6EC0077C4} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {57B73214-C5ED-4CFA-B567-0947B24AAE16} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {58FB3915-6AB2-45DF-B78F-0CC9BE22BFF0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {59609538-27C7-4801-9196-23D799735972} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {59AADC6E-BAA7-4FE3-A3C4-CC38C43C33AC} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {5C8411C1-994E-4B9B-B731-0BECAD7114BF} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-04-18] (Microleaves) <==== ATTENTION
Task: {665644C3-CEE7-44CE-BAA4-89088A73E085} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)
Task: {67C871E0-F22C-447D-A3D7-B841253266D2} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {6A45D14C-BCA8-4636-823E-782180A56F9F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {6EBCD0F9-DF25-4872-A12B-74B6FEF4463C} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {752D68AF-1DDA-4D7E-A3AC-3A88D9877742} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-19] ()
Task: {7DD279E2-C4BB-46A0-992F-B10D5A4E2356} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {82A780BF-017F-4F28-B34A-67625AE37FDE} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2017-05-17] ()
Task: {85060C71-3474-47B9-8662-F3400642AF77} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {878D2277-A3E5-41F3-82D9-78F2F0FC1699} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {89A4BFD1-404A-4EF8-AFF3-747B0AE1D0FC} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9BEC2D10-861A-4413-ABBC-9862A3708BBE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9D504FBE-64B5-4239-B2F0-C9E8EB74AA00} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DrRon-PC-Dr. Ron DrRon-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-01-23] (Microsoft Corporation)
Task: {A94AEAE9-7170-4E00-8A93-9DD195B10E51} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {AB58475B-0679-4261-A197-99842E3BC2C2} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {AC382F3F-300E-4DB0-8B7C-FDE05F05BD16} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {B38D4DAB-C1E4-4632-938A-8EBCAB71CBE2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {B66E7984-6C76-4D23-AAC9-467BE4D0F26E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-13] (Adobe Systems Incorporated)
Task: {B675713F-BCA4-4332-8E61-86180CDF4980} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C692A921-BC9D-40DE-A567-B1C4ECC9DDFE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C845572F-11D0-451B-9B8A-4772C9B22250} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-05-19] (Piriform Ltd)
Task: {C9FE7AE6-4B41-4FC0-BB08-C6EBDC777762} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {CD7C3AFE-3A5D-4726-85A1-3531662319DB} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D7ABF0EE-C12E-4CF9-B7BD-D2009DDD33D0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {DB5C4042-E0CC-441A-97B1-BED0993EB243} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E146BC9D-2030-43FB-9959-62082F758D67} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2015-12-30] (Bitberry Software) <==== ATTENTION
Task: {E4E725C4-E462-4161-A2C2-D37BB81452BC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {F1206799-F859-4B22-9314-E324DB233D9A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F42683EF-06CC-49D6-A98D-5B03DA4E1776} - System32\Tasks\GEN => C:\Users\Dr. Ron\AppData\Local\Programs\GEN\GEN.exe [2017-02-11] ( ) <==== ATTENTION
Task: {FB9CF27B-EF90-4C77-A7AF-E8C5946D8761} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\HPCeeScheduleForDr. Ron.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Dr. Ron).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-05-16 19:14 - 2017-03-04 00:31 - 000185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-05-17 15:55 - 2017-05-17 15:56 - 005280256 _____ () C:\WINDOWS\AutoKMS\AutoKMS.exe
2017-05-21 20:16 - 2012-01-09 06:47 - 000034304 _____ () C:\WINDOWS\System32\sst7clm.dll
2017-07-11 17:57 - 2014-08-08 04:29 - 000022528 _____ () C:\WINDOWS\System32\up00alm.dll
2016-02-15 20:01 - 2016-02-15 20:01 - 000031256 _____ () C:\WINDOWS\System32\us008lm.dll
2017-06-22 13:02 - 2015-03-11 21:43 - 000022528 _____ () C:\WINDOWS\System32\us00alm.dll
2017-05-21 20:16 - 2014-03-20 02:31 - 001252864 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\sst7cdu.dll
2017-05-16 19:14 - 2017-04-27 23:30 - 002656960 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-01-05 16:36 - 2017-01-05 16:36 - 000077824 _____ () C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\ntuserlitelist\dataup\dataup.exe
2017-05-16 16:35 - 2017-05-16 16:35 - 000026112 _____ () C:\Windows\KMS-R@1n.exe
2017-05-21 20:25 - 2017-02-19 08:45 - 000506680 ____N () C:\WINDOWS\SysWOW64\spdsvc.exe
2017-06-22 13:02 - 2017-06-22 13:02 - 000143664 ____N () C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe
2014-01-23 15:05 - 2014-01-23 15:05 - 008878248 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-05-03 16:11 - 2017-05-03 16:11 - 000619008 ____N () C:\windows\system32\tprdpw64.exe
2016-07-12 17:12 - 2016-07-12 17:12 - 000093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 17:22 - 2016-07-12 17:22 - 000472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2017-05-16 19:14 - 2017-03-03 22:19 - 007992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-05-16 19:13 - 2017-03-03 22:14 - 000591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-05-16 19:14 - 2017-04-27 18:46 - 002483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-05-16 19:14 - 2017-04-27 18:49 - 004089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-09-08 12:39 - 2014-09-08 12:39 - 000464608 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2014-09-08 12:38 - 2014-09-08 12:38 - 000051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2017-05-16 20:34 - 2017-05-16 20:36 - 000144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2017-06-22 12:58 - 2013-10-03 23:53 - 000734720 _____ () C:\WINDOWS\system32\SnMinDrv.dll
2017-05-21 20:16 - 2015-05-26 04:04 - 000087552 ____N () C:\WINDOWS\system32\SSDEVM64.DLL
2017-05-17 12:22 - 2017-05-17 12:22 - 000689152 ____N () C:\Users\Dr. Ron\AppData\Local\qefmvum\ct.exe
2017-09-03 18:00 - 2017-09-03 18:00 - 000892416 _____ () C:\Users\Dr. Ron\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
2017-06-22 13:02 - 2016-03-23 22:56 - 002817536 ____N () C:\WINDOWS\system32\DlgSearchEngine.dll
2017-06-22 04:14 - 2017-06-22 04:14 - 000083432 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2017-06-22 04:14 - 2017-06-22 04:14 - 000203240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2017-05-16 06:26 - 2012-11-06 08:47 - 000114688 _____ () C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\EnumDevLib.dll
2017-12-05 08:43 - 2017-12-05 08:43 - 000102088 _____ () C:\Users\Dr. Ron\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\UpdateRingSettings.dll
2017-06-22 04:14 - 2017-06-22 04:14 - 001083368 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2017-06-22 04:14 - 2017-06-22 04:14 - 000115688 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2017-06-22 04:14 - 2017-06-22 04:14 - 000059880 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2017-06-22 04:14 - 2017-06-22 04:14 - 000772072 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2017-06-22 04:14 - 2017-06-22 04:14 - 001741288 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc2411.dll
2017-06-22 04:14 - 2017-06-22 04:14 - 001962984 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core2411.dll
2017-06-22 04:14 - 2017-06-22 04:14 - 000025576 _____ () C:\Program Files (x86)\Plex\Plex Media Server\lyric_lite.dll
2017-06-22 04:14 - 2017-06-22 04:14 - 001549104 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libstdc++-6.dll
2017-06-22 04:14 - 2017-06-22 04:14 - 000127136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libgcc_s_dw2-1.dll
2017-06-22 04:14 - 2017-06-22 04:14 - 000050152 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2017-06-22 04:14 - 2017-06-22 04:14 - 000071656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2017-06-22 04:14 - 2017-06-22 04:14 - 000024552 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2017-06-22 04:14 - 2017-06-22 04:14 - 000041448 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2017-06-22 04:14 - 2017-06-22 04:14 - 000930280 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2017-06-22 04:14 - 2017-06-22 04:14 - 000190952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2017-06-22 04:14 - 2017-06-22 04:14 - 000074728 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2017-06-22 04:14 - 2017-06-22 04:14 - 000218088 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2017-06-22 04:14 - 2017-06-22 04:14 - 000018920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2017-06-22 04:14 - 2017-06-22 04:14 - 000095720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2017-06-22 04:14 - 2017-06-22 04:14 - 000143336 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2017-06-22 04:14 - 2017-06-22 04:14 - 000694248 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2017-05-16 20:34 - 2017-05-16 20:36 - 000141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2017-05-16 20:34 - 2017-05-16 20:36 - 022284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2017-06-22 04:14 - 2017-06-22 04:14 - 000064488 _____ () C:\Program Files (x86)\Plex\Plex Media Server\TeVii.dll
2017-05-18 18:31 - 2016-03-20 04:02 - 009899104 _____ () C:\Program Files (x86)\Free Spider Solitaire\FreeSpider.exe
2017-05-18 18:31 - 2016-03-20 04:02 - 008608864 _____ () C:\Program Files (x86)\Free Spider Solitaire\SOL.RGF
2017-05-18 18:31 - 2016-03-20 04:02 - 000511072 _____ () C:\Program Files (x86)\Free Spider Solitaire\SOL2.RGF
2017-08-20 11:38 - 2017-08-20 11:38 - 001087488 _____ () C:\Users\Dr. Ron\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
2017-08-02 20:40 - 2017-08-02 20:40 - 053460480 _____ () C:\Users\Dr. Ron\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
2016-05-31 10:43 - 2016-05-31 10:43 - 001976832 _____ () C:\Users\Dr. Ron\AppData\Local\ntuserlitelist\svcvmx\libglesv2.dll
2016-05-31 10:44 - 2016-05-31 10:44 - 000075264 _____ () C:\Users\Dr. Ron\AppData\Local\ntuserlitelist\svcvmx\libegl.dll
2016-06-15 16:15 - 2016-06-15 16:15 - 017599640 _____ () C:\Users\Dr. Ron\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2017-06-20 09:11 - 000000822 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1937093168-1187263909-1636579775-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img3.jpg
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: Dataup =>

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{281F59C2-81E2-4D54-B4E5-85865DAB698A}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\Rtldhcp.exe
FirewallRules: [{BFC4B33F-B723-427C-BF2D-BCB136B2FFD8}] => (Allow) LPort=53
FirewallRules: [{3468D766-685E-4CE4-9259-53DCFEDB6678}] => (Allow) LPort=53
FirewallRules: [{4522A9A9-8137-4916-852E-B93781835E8E}] => (Allow) LPort=68
FirewallRules: [{B3545055-B962-45C3-88B0-67FB4CC794CD}] => (Allow) LPort=67
FirewallRules: [{B873226C-09F7-4ABC-9281-3B4DAEC41859}] => (Allow) LPort=53
FirewallRules: [{510F081F-ED14-4961-925C-D3D5CE4EEF54}] => (Allow) LPort=1542
FirewallRules: [{A424C477-F265-4858-8E60-F068FB6EB1E3}] => (Allow) LPort=1542
FirewallRules: [{296BDF6F-C6D8-4097-AE1B-EECB89E419E3}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{5B06A56E-AC8B-4C3E-B7B1-064DE4381329}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{32F4A9CF-83C5-427C-90AE-CFD4564792F8}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{BB56E4BD-C11B-462A-8F3A-A84AF5B0E63E}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{2A9831F9-9F3F-4D1F-8833-C6BDFBC6EC20}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{27BBF7E7-822C-41DD-BEB1-AAB5C14E87B4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{96636E05-7405-4D94-A014-C68A5A0C9688}] => (Allow) C:\Users\Dr. Ron\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{51297958-C695-45C9-8AB7-024ABA1B3521}] => (Allow) C:\Users\Dr. Ron\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0351FE3A-8EC0-4A6E-85B5-B8FF54C9FB05}] => (Allow) C:\Users\Dr. Ron\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{58170F95-FBD9-44C5-8CC8-4C60880DBAB9}] => (Allow) C:\Users\Dr. Ron\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{263EC752-A4FA-4F55-955C-9BA4F1702E01}] => (Allow) C:\Users\Dr. Ron\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6C86DECA-0D8B-44AD-B11F-74DD2609EE72}] => (Allow) C:\Users\Dr. Ron\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A3679ADC-2F73-40F0-A8ED-ED47790CEB9B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{44B45722-F130-494F-97EB-74C23429AAE5}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{93CDD0EF-DEB8-4EF0-9B2A-CFB773153891}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{AE9E3214-E856-453C-82C2-C1838BA04E51}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0A1705C6-C935-48A5-BE88-F6EE51F7E448}] => (Allow) F:\New folder\Microsoft Toolkit.exe
FirewallRules: [{9F30AD9B-EB71-4DC1-B2B7-AE6FB54CA5FC}] => (Allow) F:\New folder\Microsoft Toolkit.exe
FirewallRules: [{094550CC-4212-4C0F-A4EE-FF8B8B2FB7D7}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{EE3FFD75-CC75-4204-AE62-15A05045A7DA}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{DA81B61B-964B-41DF-9BA0-D5FC7926A047}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B80D4FE0-25D6-4214-B733-8C9D9966F33C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{5FAB5572-91E0-4B66-8074-5E99447F030A}] => (Allow) C:\Users\Dr. Ron\Documents\customer\Desktop\Microsoft Toolkit.exe
FirewallRules: [{2D4D25E0-84EF-486F-8A78-ED1E65D6BD62}] => (Allow) C:\Users\Dr. Ron\Documents\customer\Desktop\Microsoft Toolkit.exe
FirewallRules: [{FB9B0923-52F3-4FAB-B652-DC56ABDA5CD9}] => (Allow) C:\Windows\twain_32\Samsung\CLX3300\SCNSearch\USDAgent.exe
FirewallRules: [{4D1FAD55-B84E-4982-9899-B315D7A13C8E}] => (Allow) C:\Windows\twain_32\Samsung\CLX3300\SCNSearch\USDAgent.exe
FirewallRules: [{D02D4808-925E-4938-9506-65BE08CB0761}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{96806A83-B026-4A8C-8C5F-0AC8F6A11B69}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{A104ADA6-E2C1-426C-9277-D88283F51772}] => (Allow) C:\Program Files (x86)\Samsung\Network PC Fax\drv\NetFaxMon64.exe
FirewallRules: [{AF2DB1E5-7853-489A-B316-8FE705C1410B}] => (Allow) C:\Program Files (x86)\Samsung\Network PC Fax\drv\NetFaxMon.exe
FirewallRules: [{5874EA1E-ADEB-45B2-AC68-F545E66E4CE8}] => (Allow) C:\WINDOWS\system32\spool\drivers\x64\3\NetFaxMon64.exe
FirewallRules: [{2B415828-9EBA-4B50-B76F-BF18F8460AEE}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{DF08F7EB-37CA-4B8A-BE78-112143BB21F7}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [TCP Query User{D7217DCC-E8B4-4153-8C31-E1D2A80ADFB9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{ECD1C55E-F970-44E0-B85B-A0D98BC35C17}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{E68403D8-D9C2-4CFB-8A2E-98893614B151}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{DFBB3B45-FAC7-48CF-8495-546088E3E764}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{D59F7CAE-93C0-4C15-970A-EEA6E187F411}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
FirewallRules: [{F7F93719-DAE7-4D36-83DD-F1B13EEB5C0D}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
FirewallRules: [{12949652-703A-43A0-A218-A6E6B529A26C}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Printer Center\SamsungPrinterCenter.exe
FirewallRules: [{2E30DAD1-592A-4480-806A-A247FC1EBDA9}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{3BB0E57B-F87A-4D76-A803-CAD52665BB57}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{7E3143C4-A3AF-494A-946F-D83820FE0722}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [{F2C2C5E6-316A-4FEC-83DD-8693D1C8E083}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
FirewallRules: [TCP Query User{CBDDAAF2-89B5-4868-B356-4A3E865804D0}C:\program files (x86)\slimjet\slimjet.exe] => (Allow) C:\program files (x86)\slimjet\slimjet.exe
FirewallRules: [UDP Query User{97EB105C-42BB-46A5-A356-99104BD843B8}C:\program files (x86)\slimjet\slimjet.exe] => (Allow) C:\program files (x86)\slimjet\slimjet.exe
FirewallRules: [TCP Query User{918B8BB6-CDF9-4B54-B46A-1D66D68666CA}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{C0546531-BB7F-4613-9D19-37123FAE8F74}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{03F86B70-79E0-4C5A-BDE1-4B2070E1F374}C:\program files (x86)\slimjet\slimjet.exe] => (Allow) C:\program files (x86)\slimjet\slimjet.exe
FirewallRules: [UDP Query User{29139723-FF0C-4D4A-AC96-3666EFBE3278}C:\program files (x86)\slimjet\slimjet.exe] => (Allow) C:\program files (x86)\slimjet\slimjet.exe
FirewallRules: [{2935F3A8-D0EB-4A9C-BD91-73506E05A4AD}] => (Allow) C:\Windows\twain_32\Samsung\CLX3300\SCNSearch\USDAgent.exe
FirewallRules: [{7A03D995-BD10-4679-950D-E0F725FB2DBB}] => (Allow) C:\Windows\twain_32\Samsung\CLX3300\SCNSearch\USDAgent.exe
FirewallRules: [{0A39A34E-B71D-40D1-AEA9-E4C36F4D55C9}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{20C8658A-D69B-4365-9DD7-3C7A2FE61306}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{63CF3858-E3C8-4D9C-8AF9-F760EAC1E5D6}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{1F9A5C35-483E-47C3-946E-F3F50FA66095}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{D2D10F43-D023-4A5D-8EBC-FCFF48936542}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{E36DAEC2-5C66-4D36-8A54-B514E789A856}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{73791923-3359-404B-AE38-76E22AF60F67}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{C98EB3EE-6023-4A1B-8455-835B0215D656}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{36244945-C399-4B43-B83F-05F69BAAE6C0}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{7A553AE6-B791-47CD-BA46-F3C686F5F642}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{571CFA49-E152-4745-8B65-E20FE6BBBBFA}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{10B4F7B9-9D67-44D2-960B-0EB33521BF01}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
FirewallRules: [{9A75572D-AD11-4BEF-9016-A1993DBE0B60}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
FirewallRules: [{8ED06F2A-AF44-4A86-ADC0-9B0A134CF82A}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Printer Diagnostics\SEInstall\SPD\ESM.exe
FirewallRules: [{0C6F95B8-42BC-40EE-8268-A6A9DE449922}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Printer Diagnostics\SEInstall\SPD\WebInstallAgent\SPNTInst.exe
FirewallRules: [{867D26E0-BF88-4DF7-9C58-FA17FDEA2FBC}] => (Allow) C:\Users\Dr. Ron\AppData\Local\Temp\196661\SCPSetup\SCPSetup.exe
FirewallRules: [{A1EEF40C-A4BD-4B55-892E-3FF4C4CAFE08}] => (Allow) C:\Users\Dr. Ron\AppData\Local\Temp\196661\SCPSetup\SCPSetup.exe
FirewallRules: [{483B4E8C-7EE6-4AC8-8FA1-87870C7B1F8E}] => (Allow) C:\Users\Dr. Ron\AppData\Local\Temp\196661\SCPSetup\SCPSetup.exe
FirewallRules: [{65E70F2C-191D-42E2-A751-DAE319D836F0}] => (Allow) C:\Users\Dr. Ron\AppData\Local\Temp\196661\SCPSetup\SCPSetup.exe
FirewallRules: [TCP Query User{ADFEEB5F-870C-45F5-AED3-8D24735AA89B}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => (Allow) C:\program files (x86)\samsung\easy printer manager\ids.application.exe
FirewallRules: [UDP Query User{2C45F3A4-6D1B-468B-A94C-35A7A8CDCB22}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => (Allow) C:\program files (x86)\samsung\easy printer manager\ids.application.exe
FirewallRules: [{C5ADDCFF-7F10-43B9-B601-9C33704D3F56}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{989DF835-2EC2-43E0-BF4C-CC393ECA93B9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{30ABD1D3-CBF0-4460-9546-A54C7170EAB1}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Printer Diagnostics\SEInstall\SPD\ESM.exe
FirewallRules: [{201FAF1D-F2E4-4FE8-9CEA-6C39E85C9A86}] => (Allow) C:\Program Files\Opera\48.0.2685.52\opera.exe
FirewallRules: [{A34F6C58-A5EA-49B8-B204-698170034149}] => (Allow) C:\Program Files\Opera\48.0.2685.52_0\opera.exe
FirewallRules: [{91F2CE96-4748-4199-ACB9-E06BF6466241}] => (Allow) C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
FirewallRules: [{35B86420-E05E-4B0E-950C-F7DF0D632DE9}] => (Allow) C:\WINDOWS\AutoKMS\AutoKMS.exe
FirewallRules: [{5526BC3E-D5B9-4DDE-95B3-BB0C51F3B743}] => (Allow) C:\WINDOWS\AutoKMS\AutoKMS.exe

==================== Restore Points =========================

23-11-2017 15:00:47 Scheduled Checkpoint
02-12-2017 23:07:59 Scheduled Checkpoint
12-12-2017 18:06:43 Installed ESET NOD32 Antivirus

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/13/2017 10:11:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoKMS.exe, version: 2.6.0.0, time stamp: 0x5610111d
Faulting module name: KERNELBASE.dll, version: 10.0.10586.916, time stamp: 0x59029143
Exception code: 0xe0434352
Fault offset: 0x0000000000071f28
Faulting process id: 0x6c4
Faulting application start time: 0x01d37422eaa89589
Faulting application path: C:\WINDOWS\AutoKMS\AutoKMS.exe
Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report Id: 297752c5-eae5-4984-96c1-5622215003cf
Faulting package full name:
Faulting package-relative application ID:

Error: (12/13/2017 10:10:57 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileInfo.Delete()
   at ##.#IA(System.String)
   at ##.#ty()
   at #j.#Lf.#Jf(#P.#cb, System.String, Boolean, System.String, Int32, System.String, System.String, Boolean, Boolean, Boolean, Boolean, Boolean, Boolean, System.String, System.String)
   at ##.#ay(System.String, Boolean, Boolean, Boolean, System.String, System.String, System.String, Boolean, Boolean, System.String, Int32, #P.#cb, Boolean, Boolean)
   at ##.#GA(#Eb.#Eb)
   at #Eb.#e.#d()

Error: (12/13/2017 10:04:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: launcher.exe_Opera Internet Browser, version: 48.0.2685.52, time stamp: 0x59ee3b6c
Faulting module name: launcher.exe, version: 48.0.2685.52, time stamp: 0x59ee3b6c
Exception code: 0x80000003
Fault offset: 0x0000000000040476
Faulting process id: 0x994
Faulting application start time: 0x01d374239bdffca7
Faulting application path: C:\Program Files\Opera\launcher.exe
Faulting module path: C:\Program Files\Opera\launcher.exe
Report Id: c3c63d27-f89e-4482-b179-0af6f362d583
Faulting package full name:
Faulting package-relative application ID:

Error: (12/13/2017 09:59:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DrRon-PC)
Description: Activation of app Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/13/2017 09:59:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DrRon-PC)
Description: Activation of app Microsoft.CommsPhone_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/13/2017 09:59:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DrRon-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/13/2017 09:59:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DrRon-PC)
Description: Activation of app Microsoft.CommsPhone_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/13/2017 10:36:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: launcher.exe_Opera Internet Browser, version: 48.0.2685.52, time stamp: 0x59ee3b6c
Faulting module name: launcher.exe, version: 48.0.2685.52, time stamp: 0x59ee3b6c
Exception code: 0x80000003
Fault offset: 0x0000000000040476
Faulting process id: 0x1b68
Faulting application start time: 0x01d374281107b334
Faulting application path: C:\Program Files\Opera\launcher.exe
Faulting module path: C:\Program Files\Opera\launcher.exe
Report Id: 0bd110aa-ebeb-4808-8d7f-50d90bcb5a17
Faulting package full name:
Faulting package-relative application ID:

Error: (12/13/2017 10:53:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Online-Guardian.exe, version: 2.0.9.0, time stamp: 0x58998359
Faulting module name: ntdll.dll, version: 10.0.10586.672, time stamp: 0x580efaf8
Exception code: 0xc0000005
Fault offset: 0x00041385
Faulting process id: 0x3a38
Faulting application start time: 0x01d3742a7392ff18
Faulting application path: C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: b37ed2e3-6baf-43d5-a364-9634d67d1eb9
Faulting package full name:
Faulting package-relative application ID:

Error: (12/13/2017 10:14:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: launcher.exe_Opera Internet Browser, version: 48.0.2685.52, time stamp: 0x59ee3b6c
Faulting module name: launcher.exe, version: 48.0.2685.52, time stamp: 0x59ee3b6c
Exception code: 0x80000003
Fault offset: 0x0000000000040476
Faulting process id: 0x166c
Faulting application start time: 0x01d374250fc905e9
Faulting application path: C:\Program Files\Opera\launcher.exe
Faulting module path: C:\Program Files\Opera\launcher.exe
Report Id: 06bf63a5-fa15-481c-9594-a74c80958039
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (12/13/2017 10:05:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
The requested resource is in use.

Error: (12/13/2017 10:05:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
The requested resource is in use.

Error: (12/13/2017 10:04:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
The requested resource is in use.

Error: (12/13/2017 10:02:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Touchpoint Analytics service failed to start due to the following error:
The requested resource is in use.

Error: (12/13/2017 09:59:56 AM) (Source: DCOM) (EventID: 10010) (User: DrRon-PC)
Description: The server Microsoft.ZuneVideo.AppXjgy0dfr6tssa93yj5px65cbv2gsc8r39.mca did not register with DCOM within the required timeout.

Error: (12/13/2017 09:59:48 AM) (Source: DCOM) (EventID: 10010) (User: DrRon-PC)
Description: The server CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca did not register with DCOM within the required timeout.

Error: (12/13/2017 09:59:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinDefend service failed to start due to the following error:
The requested resource is in use.

Error: (12/13/2017 09:59:09 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (12/13/2017 10:25:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_42c730 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/13/2017 10:25:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_42c730 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2017-10-15 20:52:06.107
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-10-15 20:42:33.424
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-08-27 08:34:22.818
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-08-25 12:04:47.734
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-08-24 10:20:13.139
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-08-18 15:20:40.665
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-08-06 16:05:18.003
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-08-04 09:07:56.866
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-08-02 17:49:58.466
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-08-01 18:18:17.076
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU M 450 @ 2.40GHz
Percentage of memory in use: 38%
Total physical RAM: 6005.86 MB
Available physical RAM: 3676.56 MB
Total Virtual: 12149.86 MB
Available Virtual: 9805.28 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:675.14 GB) (Free:581.48 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 10A444CC)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=675.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=23.4 GB) - (Type=27)

==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:23 PM

Posted 14 December 2017 - 08:04 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please run this Malwarebytes Anti-Rootkit.

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

Before you run the program make sure you follow the instructions under Section 5.
5. Unselect sectors and system below. Hit the scan button.

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-TODAY'S-DATE.txt" log that is located in the MBAR folder here after.
<<<>>>

If all went well and the "mbar-log-TODAY'S-DATE.txt" log was created restart the computer normally.

Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Next,
Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • -> I suggest you clean everything that was found.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please run the Farbar program one more time and attach the fresh FRST and Addition.txt logs for my review.
Make sure that the box to create an Addition.txt log is checked. This will create a fresh log.

Post the logs and let me know what problems persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:23 PM

Posted 20 December 2017 - 09:48 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users