Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random execution of 'default' browser / or sending current browser to home-page


  • This topic is locked This topic is locked
13 replies to this topic

#1 reddawg69

reddawg69

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 19 January 2018 - 10:40 PM

RANDOM EXECUTION OF 'DEFAULT' BROWSER / OR SENDING CURRENT BROWSER TO 'HOME PAGE'

It's now 2018. I'm using Windows 10 version 1607. This very same issue in the post

 

https://www.bleepingcomputer.com/forums/t/519342/default-internet-browser-keeps-opening-randomly/

 

has been plaguing me for several months.

My 'default' browser is set to Microsoft Edge.

If I am running a non-browser app then the Microsoft Edge (ME) will open randomly to its set startup page. It won't go to a bogus URL ... just the main page as configured in my ME settings.

If, on the other hand, I am working with Firefox or Chrome or Opera, that browser will randomly go to the 'home page' as defined in that browser settings.

Every available malware-detection app already mentioned in previous posts here has been run and no issues detected.

Checking and repairing the integrity of my system using DISM and SFC both do nothing to fix the issue.

I'm almost certain this issue is caused by the Windows 10 OS trying to get out on the internet to do something. Whatever this 'something' is it is unsuccessful and it only gets as far as activating the browser 'home page'.

Has anyone got any suggestions as to how to resolve this issue?

TIA
John
 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:17 AM

Posted 21 January 2018 - 09:58 AM

Greetings John and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Now that you have already started a topic please follow the steps as outlined here. Make sure to copy and paste both logs in your reply. If you receive an error message the content is too long simply post each report in a separate reply.

Edited by Oh My!, 21 January 2018 - 10:02 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 reddawg69

reddawg69
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 21 January 2018 - 10:57 PM

Here's my logs

FRST.TXT

==================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.01.2018
Ran by zed (administrator) on SMASHPALACE (22-01-2018 15:23:37)
Running from C:\Users\zed\Downloads
Loaded Profiles: zed (Available Profiles: admin & cha & me & zed & chanmar & fix & fred)
Platform: Windows 10 Home Version 1607 14393.1884 (X64) Language: English (United States)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Privacyware/PWI, Inc.) C:\Users\zed\Program Files\Privatefirewall\pfsvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Privacyware/PWI, Inc.) C:\Users\zed\Program Files\Privatefirewall\PFGUI.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Farbar) C:\Users\zed\Downloads\Farbar Recovery(FRST64).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8505088 2015-07-03] (Realtek Semiconductor)
HKLM\...\Run: [RtkOSD] => C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [995840 2010-01-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-07-03] (Realtek Semiconductor)
HKLM-x32\...\Run: [Privatefirewall] => C:\Users\zed\Program Files\Privatefirewall\PFGUI.exe [3048480 2013-12-17] (Privacyware/PWI, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\...\Command Processor: chcp 1252 <==== ATTENTION
HKU\S-1-5-21-3083505196-1154493879-1801792328-1014\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-16] (Piriform Ltd)
HKU\S-1-5-21-3083505196-1154493879-1801792328-1014\...\Policies\system: [EnableLUA] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2018-01-01] ()
Startup: C:\Users\zed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.exe.lnk [2017-11-20]
ShortcutTarget: ctfmon.exe.lnk -> C:\Windows\System32\ctfmon.exe (Microsoft Corporation)
Startup: C:\Users\zed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pspfix_Main.exe.lnk [2017-02-11]
ShortcutTarget: pspfix_Main.exe.lnk -> D:\DOCUMENTS\Win10config\pspfix_Main.exe ()
Startup: C:\Users\zed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StartUp.lnk [2017-08-05]
ShortcutTarget: StartUp.lnk -> C:\Users\zed\StartUp.bat ()
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 203.97.78.43 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{d508c679-7d9c-4888-bbbf-870b68425894}: [NameServer] 203.97.78.43,203.97.78.44
Tcpip\..\Interfaces\{d508c679-7d9c-4888-bbbf-870b68425894}: [DhcpNameServer] 203.97.78.43 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
URLSearchHook: [S-1-5-21-3083505196-1154493879-1801792328-1014] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {79C137C9-A295-4BB1-BCE3-4398F55BD104} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> DefaultScope {79C137C9-A295-4BB1-BCE3-4398F55BD104} URL =
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-15] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2016-08-27] (Sun Microsystems, Inc.)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-07] (Microsoft Corporation)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-03] (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-27] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-03] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-27] (Microsoft Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-3083505196-1154493879-1801792328-1014 -> about:tabs

FireFox:
========
FF DefaultProfile: redirect_test
FF ProfilePath: P:\BETA [not found] <==== ATTENTION
FF ProfilePath: P:\RAW [not found] <==== ATTENTION
FF ProfilePath: P:\ZOG_FIREFOX [2018-01-21]
FF Homepage: P:\ZOG_FIREFOX -> file:///C:/Users/zed/DOCUMENTS/homepage.html
FF Extension: (No Name) - P:\ZOG_FIREFOX\Extensions\close-all-tabs-single@codefisher.org.xpi [2017-12-15] [not signed]
FF Extension: (No Name) - P:\ZOG_FIREFOX\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2017-12-15] [not signed]
FF Extension: (No Name) - P:\ZOG_FIREFOX\Extensions\uBlock0@raymondhill.net.xpi [2017-12-15] [not signed]
FF Extension: (No Name) - P:\ZOG_FIREFOX\Extensions\{08fb86c7-5590-40b1-ba0f-22917b9a5faf}.xpi [2018-01-03] [not signed]
FF Extension: (No Name) - P:\ZOG_FIREFOX\Extensions\{6f4c858b-8034-4797-89f2-54dc2ff06404}.xpi [2017-12-15] [not signed]
FF Extension: (No Name) - P:\ZOG_FIREFOX\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2017-11-04] [not signed]
FF ProfilePath: P:\NIGHTLY [2018-01-22]
FF Homepage: P:\NIGHTLY -> file:///C:/Users/zed/DOCUMENTS/homepage.html
FF Extension: (No Name) - P:\NIGHTLY\Extensions\close-all-tabs-single@codefisher.org.xpi [2017-12-15] [not signed]
FF Extension: (No Name) - P:\NIGHTLY\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2018-01-11] [not signed]
FF Extension: (No Name) - P:\NIGHTLY\Extensions\uBlock0@raymondhill.net.xpi [2017-12-15] [not signed]
FF Extension: (No Name) - P:\NIGHTLY\Extensions\{08fb86c7-5590-40b1-ba0f-22917b9a5faf}.xpi [2018-01-03] [not signed]
FF Extension: (No Name) - P:\NIGHTLY\Extensions\{6f4c858b-8034-4797-89f2-54dc2ff06404}.xpi [2017-12-15] [not signed]
FF Extension: (No Name) - P:\NIGHTLY\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2017-11-04] [not signed]
FF ProfilePath: P:\ZOG_FIREFOX_V51 [2018-01-21]
FF Homepage: P:\ZOG_FIREFOX_V51 -> about:support
FF Extension: (No Name) - P:\ZOG_FIREFOX_V51\Extensions\@degoogle.xpi [2017-03-12] [not signed]
FF Extension: (No Name) - P:\ZOG_FIREFOX_V51\Extensions\jid1-Yw7IzTjakkfy2g@jetpack.xpi [2017-03-06] [not signed]
FF Extension: (No Name) - P:\ZOG_FIREFOX_V51\Extensions\nojavascript@china-cheats.xpi [2017-03-06] [not signed]
FF Extension: (No Name) - P:\ZOG_FIREFOX_V51\Extensions\tableft@extension.zb3.pl.xpi [2017-03-06] [not signed]
FF Extension: (No Name) - P:\ZOG_FIREFOX_V51\Extensions\uBlock0@raymondhill.net.xpi [2017-03-06] [not signed]
FF Extension: (No Name) - P:\ZOG_FIREFOX_V51\Extensions\yesscript@userstyles.org.xpi [2017-03-06] [not signed]
FF ProfilePath: P:\ZOG_FIREFOX_V56 [2018-01-21]
FF Homepage: P:\ZOG_FIREFOX_V56 -> about:blank
FF Extension: (No Name) - P:\ZOG_FIREFOX_V56\Extensions\closealltabs@michael.grafl.xpi [2017-11-04] [not signed]
FF Extension: (No Name) - P:\ZOG_FIREFOX_V56\Extensions\jid1-29GIO3byutyhpw@jetpack.xpi [2017-11-04] [not signed]
FF Extension: (No Name) - P:\ZOG_FIREFOX_V56\Extensions\jid1-Yw7IzTjakkfy2g@jetpack.xpi [2017-11-04] [not signed]
FF Extension: (No Name) - P:\ZOG_FIREFOX_V56\Extensions\nojavascript@china-cheats.xpi [2017-11-04] [not signed]
FF Extension: (No Name) - P:\ZOG_FIREFOX_V56\Extensions\tableft@extension.zb3.pl.xpi [2017-11-04] [not signed]
FF Extension: (No Name) - P:\ZOG_FIREFOX_V56\Extensions\uBlock0@raymondhill.net.xpi [2017-11-04] [not signed]
FF Extension: (No Name) - P:\ZOG_FIREFOX_V56\Extensions\yesscript@userstyles.org.xpi [2017-11-04] [not signed]
FF Extension: (No Name) - P:\ZOG_FIREFOX_V56\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2017-11-04] [not signed]
FF ProfilePath: P:\ZOG_FIREFOX_V57 [2018-01-22]
FF Homepage: P:\ZOG_FIREFOX_V57 -> file:///C:/Users/zed/DOCUMENTS/homepage.html
FF Extension: (No Name) - P:\ZOG_FIREFOX_V57\Extensions\close-all-tabs-single@codefisher.org.xpi [2017-12-15] [not signed]
FF Extension: (No Name) - P:\ZOG_FIREFOX_V57\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2018-01-11] [not signed]
FF Extension: (No Name) - P:\ZOG_FIREFOX_V57\Extensions\uBlock0@raymondhill.net.xpi [2018-01-14] [not signed]
FF Extension: (No Name) - P:\ZOG_FIREFOX_V57\Extensions\{08fb86c7-5590-40b1-ba0f-22917b9a5faf}.xpi [2018-01-03] [not signed]
FF Extension: (No Name) - P:\ZOG_FIREFOX_V57\Extensions\{6f4c858b-8034-4797-89f2-54dc2ff06404}.xpi [2017-12-15] [not signed]
FF Extension: (No Name) - P:\ZOG_FIREFOX_V57\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2017-11-04] [not signed]
FF ProfilePath: P:\ZOG_FIREFOX_V50 [2018-01-21]
FF ProfilePath: C:\Users\zed\FirefoxProfiles\redirect_test [2018-01-22]
FF Homepage: C:\Users\zed\FirefoxProfiles\redirect_test -> file:///C:/Users/zed/apage.html
FF Extension: (Avira Browser Safety) - C:\Users\zed\FirefoxProfiles\redirect_test\Extensions\abs@avira.com [2018-01-09]
FF Extension: (No Name) - C:\Users\zed\FirefoxProfiles\redirect_test\Extensions\close-all-tabs-single@codefisher.org.xpi [2017-12-03] [not signed]
FF Extension: (No Name) - C:\Users\zed\FirefoxProfiles\redirect_test\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2017-12-03] [not signed]
FF Extension: (No Name) - C:\Users\zed\FirefoxProfiles\redirect_test\Extensions\uBlock0@raymondhill.net.xpi [2017-12-03] [not signed]
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2016-09-21] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-04] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files\LastPass\nplastpass64.dll [2016-11-28] (LastPass)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2009-07-22] (Adobe Systems, Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-09-21] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files\LastPass\nplastpass64.dll [2016-11-28] (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll [2009-06-24] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-11] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [No File]
StartMenuInternet: Firefox-1D24DA2F4B67EB33 - C:\Users\zed\Program Files\Mozilla Firefox 56.0.2 32-bit\firefox.exe

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.cha - C:\Users\cha\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Apache CouchDB; C:\CouchDB\bin\nssm.exe [331264 2016-07-19] () [File not signed]
S4 Apache2.4; C:\Apache24\bin\httpd.exe [28160 2017-06-04] (Apache Software Foundation) [File not signed]
S4 ArangoDB; c:\Users\zed\Program Files\ArangoDB\usr\bin\arangod.exe [28333568 2017-06-20] () [File not signed]
S4 Change Modem Device Service; C:\Windows\SysWOW64\ChgService.exe [135168 2010-02-04] () [File not signed]
S4 CouchbaseServer; C:\Program Files\Couchbase\Server\erts-5.10.4.0.0.1\bin\erlsrv.exe [162304 2016-07-10] () [File not signed]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-02-23] (Hewlett-Packard Company) [File not signed]
S4 MongoDB; C:\mongodb\bin\mongod.exe [27534848 2017-06-13] (MongoDB, Inc) [File not signed]
S4 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57820696 2008-07-11] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-07] (Microsoft Corporation)
S4 MySQL57; C:\Program Files\MySQL\MySQL Server 5.7\bin\mysqld.exe [39334400 2017-03-18] () [File not signed]
S4 nodejs.exe; C:\Apache24\htdocs\daemon\nodejs.exe [59392 2017-08-12] (CloudBees, Inc.) [File not signed]
S4 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [51112 2016-06-17] (Microsoft)
R2 PFNet; C:\Users\zed\Program Files\Privatefirewall\pfsvc.exe [374600 2013-12-17] (Privacyware/PWI, Inc.)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-07-03] (Realtek Semiconductor)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [430616 2008-07-11] (Microsoft Corporation)
S4 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103704 2017-10-09] (Microsoft Corporation)
S4 postgresql-9.6; "C:\Program Files (x86)\PostgreSQL\9.6\bin\pg_ctl.exe" runservice -N "postgresql-9.6" -D "C:\Program Files (x86)\PostgreSQL\9.6\data" -w
S4 SeaPort; "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Capsax64Drv; C:\WINDOWS\System32\Drivers\Capsax64Drv.sys [53616 2017-07-11] (Colasoft Co., Ltd.)
R0 dcrypt; C:\WINDOWS\System32\drivers\dcrypt.sys [210632 2014-07-09] ()
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-17] ()
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
U5 PROCMON20; C:\Windows\System32\Drivers\PROCMON20.sys [59784 2016-08-15] (Sysinternals - www.sysinternals.com) [File not signed]
U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [92344 2017-12-22] (Sysinternals - www.sysinternals.com)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-23] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-17] (Realtek )
R1 SafeRamDisk; C:\WINDOWS\System32\drivers\safe_ramdisk_x64.sys [21504 2016-12-15] ()
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [52904 2016-03-31] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [198248 2016-08-12] (IDRIX)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-17] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-17] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-17] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 iswSvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-22 15:01 - 2018-01-22 15:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registrar Registry Manager
2018-01-22 13:40 - 2018-01-22 13:43 - 000046432 _____ C:\Users\zed\Downloads\Addition.txt
2018-01-22 13:37 - 2018-01-22 15:25 - 000018891 _____ C:\Users\zed\Downloads\FRST.txt
2018-01-22 13:35 - 2018-01-22 15:23 - 000000000 ____D C:\FRST
2018-01-22 13:29 - 2018-01-22 13:30 - 002393088 _____ (Farbar) C:\Users\zed\Downloads\Farbar Recovery(FRST64).exe
2018-01-21 11:06 - 2018-01-21 11:06 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2018-01-21 11:04 - 2018-01-21 11:05 - 002376368 _____ (Kaspersky Lab) C:\Users\zed\Downloads\kaspersky(kfa18.0.0.405aben_12579).exe
2018-01-18 23:03 - 2018-01-18 23:03 - 008198432 _____ (Malwarebytes) C:\Users\zed\Downloads\adwcleaner_7.0.6.0.exe
2018-01-18 08:52 - 2018-01-18 08:52 - 000000000 ____D C:\ProgramData\Privacyware
2018-01-18 08:52 - 2018-01-18 08:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Privatefirewall 7.0
2018-01-17 16:31 - 2018-01-17 16:31 - 000406582 _____ C:\Users\zed\startmenu.diagcab
2018-01-17 16:07 - 2018-01-17 16:07 - 000406582 _____ C:\Users\chanmar\Downloads\startmenu.diagcab
2018-01-16 07:45 - 2018-01-16 07:47 - 053564880 _____ C:\Users\zed\Downloads\torbrowser-install-7.0.11_en-US.exe
2018-01-11 08:19 - 2017-12-29 08:34 - 000000958 _____ C:\WINDOWS\StartUp.bat
2018-01-09 09:00 - 2018-01-21 10:52 - 000000000 ____D C:\ProgramData\Avg
2018-01-09 09:00 - 2018-01-09 09:00 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\zed\Downloads\AVG_Protection_Free_1606.exe
2018-01-07 15:58 - 2018-01-07 15:58 - 000001354 _____ C:\Users\Public\Desktop\Firefox 57.0.4 32bit.lnk
2018-01-07 15:53 - 2018-01-07 15:54 - 035755960 _____ (Mozilla) C:\Users\zed\Downloads\Firefox Setup 57.0.4(32bit).exe
2018-01-01 23:53 - 2018-01-18 08:27 - 000000258 __RSH C:\ProgramData\ntuser.pol
2017-12-29 10:27 - 2017-12-30 00:51 - 000001370 _____ C:\Users\Public\Desktop\Firefox 57.0.3 32bit.lnk
2017-12-29 10:24 - 2017-12-29 10:25 - 035736776 _____ (Mozilla) C:\Users\zed\Downloads\Firefox Setup 57.0.3(32bit).exe
2017-12-28 15:59 - 2017-12-28 15:59 - 000000000 ____D C:\Users\zed\AppData\LocalLow\Adobe
2017-12-28 15:54 - 2017-12-28 15:53 - 001207800 _____ (Adobe Systems Incorporated) C:\Users\zed\Downloads\readerdc_en_xa_crd_install - Copy.exe
2017-12-25 18:44 - 2017-12-25 18:44 - 000001308 _____ C:\Users\Public\Desktop\Firefox Nightly.lnk
2017-12-25 18:38 - 2018-01-13 23:23 - 039182064 _____ (Mozilla) C:\Users\zed\Downloads\firefox-59.0a1.en-US.win32.installer.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-22 15:11 - 2016-08-10 19:19 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-22 15:04 - 2016-08-10 19:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-22 15:02 - 2016-07-16 19:04 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2018-01-22 14:32 - 2016-07-17 00:45 - 000000000 ____D C:\WINDOWS\INF
2018-01-22 14:08 - 2016-07-17 00:47 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-01-22 14:07 - 2016-11-17 12:50 - 000000000 ____D C:\Program Files\Common Files\AV
2018-01-22 14:07 - 2015-10-30 19:28 - 000000000 ____D C:\Users\Default.migrated
2018-01-22 13:36 - 2017-02-11 09:17 - 000000000 ____D C:\Users\zed\AppData\LocalLow\Mozilla
2018-01-22 11:37 - 2016-07-17 00:47 - 000000000 ____D C:\WINDOWS\SystemApps
2018-01-21 11:12 - 2017-02-05 09:16 - 000000000 ____D C:\Users\zed
2018-01-21 00:09 - 2017-03-10 19:44 - 000000000 ____D C:\WINDOWS\Minidump
2018-01-21 00:09 - 2016-07-17 00:47 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-01-20 19:58 - 2017-06-17 10:32 - 000001318 _____ C:\Users\zed\Desktop\Control Panel.lnk
2018-01-20 19:52 - 2016-07-17 00:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-20 19:05 - 2016-07-17 00:47 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-01-20 12:01 - 2016-09-17 11:03 - 000000000 ____D C:\Users\zed\databases
2018-01-19 15:20 - 2017-11-30 18:17 - 000000000 ____D C:\AdwCleaner
2018-01-18 08:52 - 2017-04-11 09:29 - 000000000 ____D C:\Users\zed\Program Files
2018-01-18 08:52 - 2012-08-25 12:53 - 000002094 _____ C:\WINDOWS\ODBC.INI
2018-01-17 16:32 - 2017-12-10 18:54 - 000016713 _____ C:\Users\zed\_viminfo
2018-01-17 16:10 - 2017-08-31 14:04 - 000000000 ____D C:\Users\chanmar\AppData\LocalLow\Mozilla
2018-01-15 22:32 - 2016-09-21 11:16 - 000000000 __SHD C:\Users\Public\DRM
2018-01-09 09:44 - 2017-12-09 10:29 - 000000000 ____D C:\Users\fred
2018-01-09 09:07 - 2013-12-17 13:37 - 000000000 ____D C:\Program Files (x86)\Google
2018-01-09 08:02 - 2016-09-16 13:28 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-06 08:57 - 2016-08-06 15:25 - 000000000 ____D C:\Users\zed\secure
2018-01-05 11:47 - 2012-05-30 09:01 - 000000000 ____D C:\temp
2018-01-05 08:59 - 2017-09-13 09:18 - 000001204 _____ C:\Users\zed\Desktop\DOCUMENTS.lnk
2018-01-01 23:48 - 2016-07-17 00:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-01 23:48 - 2009-07-14 16:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-01-01 23:47 - 2016-07-17 00:47 - 000000000 ____D C:\WINDOWS\security
2018-01-01 23:47 - 2016-07-17 00:47 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-01-01 23:47 - 2016-07-17 00:43 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AdmTmpl.dll
2018-01-01 23:47 - 2016-07-17 00:43 - 000550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrptadm.dll
2018-01-01 23:47 - 2016-07-17 00:43 - 000477184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrptadm.dll
2018-01-01 23:47 - 2016-07-17 00:43 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgr.dll
2018-01-01 23:47 - 2016-07-17 00:43 - 000410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppIdPolicyEngineApi.dll
2018-01-01 23:47 - 2016-07-17 00:43 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SrpUxNativeSnapIn.dll
2018-01-01 23:47 - 2016-07-17 00:43 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SrpUxNativeSnapIn.dll
2018-01-01 23:47 - 2016-07-17 00:43 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppIdPolicyEngineApi.dll
2018-01-01 23:47 - 2016-07-17 00:43 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuditNativeSnapIn.dll
2018-01-01 23:47 - 2016-07-17 00:43 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuditNativeSnapIn.dll
2018-01-01 23:47 - 2016-07-17 00:43 - 000147439 _____ C:\WINDOWS\SysWOW64\gpedit.msc
2018-01-01 23:47 - 2016-07-17 00:43 - 000147439 _____ C:\WINDOWS\system32\gpedit.msc
2018-01-01 23:47 - 2016-07-17 00:43 - 000120458 _____ C:\WINDOWS\system32\secpol.msc
2018-01-01 23:47 - 2016-07-17 00:43 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\auditpolmsg.dll
2018-01-01 23:47 - 2016-07-17 00:43 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\auditpolmsg.dll
2018-01-01 23:47 - 2016-07-17 00:43 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuditPolicyGPInterop.dll
2018-01-01 23:47 - 2016-07-17 00:43 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuditPolicyGPInterop.dll
2018-01-01 23:47 - 2016-07-17 00:43 - 000043566 _____ C:\WINDOWS\SysWOW64\rsop.msc
2018-01-01 23:47 - 2016-07-17 00:43 - 000043566 _____ C:\WINDOWS\system32\rsop.msc
2018-01-01 23:46 - 2016-07-17 00:43 - 000454144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AdmTmpl.dll
2018-01-01 23:46 - 2016-07-17 00:43 - 000368640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll
2018-01-01 23:45 - 2016-07-17 00:44 - 000565760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2018-01-01 23:45 - 2016-07-17 00:44 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgmts.dll
2018-01-01 23:45 - 2016-07-17 00:44 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpscript.dll
2018-01-01 23:45 - 2016-07-17 00:44 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpscript.exe
2018-01-01 23:45 - 2016-07-17 00:43 - 000674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2018-01-01 23:45 - 2016-07-17 00:43 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgmts.dll
2018-01-01 23:45 - 2016-07-17 00:43 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpscript.dll
2018-01-01 23:45 - 2016-07-17 00:43 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpscript.exe
2018-01-01 16:43 - 2017-12-10 10:08 - 000002130 _____ C:\WINDOWS\System32\Tasks\SidebarExecute
2017-12-29 08:34 - 2017-02-11 10:22 - 000000958 _____ C:\Users\zed\StartUp.bat
2017-12-28 16:29 - 2016-07-17 00:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-12-28 16:29 - 2016-07-17 00:47 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-28 16:27 - 2010-03-27 13:26 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-12-28 16:00 - 2010-03-27 13:26 - 000000000 ____D C:\ProgramData\Adobe
2017-12-28 15:59 - 2017-02-17 07:56 - 000000000 ____D C:\Users\zed\AppData\Roaming\Adobe
2017-12-28 13:26 - 2017-03-12 09:06 - 000039424 ___SH C:\Users\zed\Downloads\Thumbs.db
2017-12-24 10:31 - 2017-02-16 09:45 - 000000000 ____D C:\Users\zed\.borland

==================== Files in the root of some directories =======

2017-06-22 14:16 - 2017-06-22 14:16 - 000000000 _____ () C:\Users\zed\.mongorc.js
2017-12-03 08:57 - 2016-07-17 00:42 - 000050616 _____ (Microsoft Corporation) C:\Users\zed\ApplicationFrameHost.exe
2017-12-03 09:20 - 2016-07-17 00:42 - 000019808 _____ (Microsoft Corporation) C:\Users\zed\backgroundTaskHost.exe
2017-12-03 08:58 - 2016-07-17 00:42 - 000033616 _____ (Microsoft Corporation) C:\Users\zed\RuntimeBroker.exe
2017-02-11 10:22 - 2017-12-29 08:34 - 000000958 _____ () C:\Users\zed\StartUp.bat
2017-12-10 15:10 - 2017-12-10 15:10 - 000011554 _____ () C:\Users\zed\AppData\Roaming\CairoAppConfig.xml
2017-12-10 15:09 - 2017-12-10 15:09 - 000000255 _____ () C:\Users\zed\AppData\Roaming\CairoStacksConfig.xml
2017-05-29 15:12 - 2017-05-29 15:12 - 000037153 _____ () C:\Users\zed\AppData\Roaming\Comma Separated Values (DOS).ADR
2017-03-03 09:08 - 2017-03-03 09:08 - 000013030 _____ () C:\Users\zed\AppData\Roaming\PDOXUSRS.NET
2017-02-11 08:34 - 1997-08-01 01:00 - 000000002 _____ () C:\Users\zed\AppData\Roaming\Microsoft\ArtGalry.cag
2017-07-09 15:38 - 2017-07-09 15:38 - 000007414 _____ () C:\Users\zed\AppData\Local\recently-used.xbel
2017-03-15 15:54 - 2017-03-15 15:54 - 000000552 _____ () C:\Users\zed\AppData\Local\TroubleshooterConfig.json

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-16 22:09

==================== End of FRST.txt ============================

 

ADDITION.TXT

==================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.01.2018
Ran by zed (22-01-2018 15:26:42)
Running from C:\Users\zed\Downloads
Windows 10 Home Version 1607 14393.1884 (X64) (2016-08-10 06:55:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

admin (S-1-5-21-3083505196-1154493879-1801792328-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-3083505196-1154493879-1801792328-500 - Administrator - Disabled)
cha (S-1-5-21-3083505196-1154493879-1801792328-1003 - Limited - Enabled) => C:\Users\cha
chanmar (S-1-5-21-3083505196-1154493879-1801792328-1015 - Limited - Enabled) => C:\Users\chanmar
DefaultAccount (S-1-5-21-3083505196-1154493879-1801792328-503 - Limited - Disabled)
fix (S-1-5-21-3083505196-1154493879-1801792328-1016 - Limited - Enabled) => C:\Users\fix
fred (S-1-5-21-3083505196-1154493879-1801792328-1017 - Administrator - Enabled) => C:\Users\fred
Guest (S-1-5-21-3083505196-1154493879-1801792328-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3083505196-1154493879-1801792328-1008 - Limited - Enabled)
me (S-1-5-21-3083505196-1154493879-1801792328-1004 - Limited - Enabled) => C:\Users\me
zed (S-1-5-21-3083505196-1154493879-1801792328-1014 - Administrator - Enabled) => C:\Users\zed

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Privatefirewall (Disabled) {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (HKLM-x32\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 3.0.0.1 - Hewlett-Packard) Hidden
Administrative Templates (ADMX) for Windows 10 (HKLM-x32\...\{166A4A62-D19E-4DFB-8499-FBA08716D847}) (Version: 1.0 - Microsoft Corporation)
Adobe Shockwave Player (HKLM-x32\...\{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}) (Version: 11.5.1.601 - Adobe Systems, Inc.)
Agatha Christie - Death on the Nile (HKLM-x32\...\WT083492) (Version: 2.2.0.82 - WildTangent) Hidden
AoA DVD Copy (HKLM-x32\...\AoA DVD Copy_is1) (Version:  - AoAMedia)
Apache CouchDB (HKLM\...\{4CD776E0-FADF-4831-AF56-E80E39F34CFC}) (Version: 2.0.0.1 - The Apache Software Foundation)
ArangoDB3 3.1.23 (HKLM\...\ArangoDB3 3.1.23) (Version: 3.1.23 - ArangoDB GmbH)
AxCrypt 1.7.3180.0 (HKLM\...\{302F28C9-8FF9-4941-A8CE-8F35EF7576D6}) (Version: 1.7.3180.0 - Axantum Software AB)
Bejeweled 2 Deluxe (HKLM-x32\...\WT082192) (Version: 2.2.0.82 - WildTangent) Hidden
BigoLiveConnector 1.0.1.2 (HKLM-x32\...\BigoLiveConnector) (Version: 1.0.1.2 - Bigo, Inc.)
Blackhawk Striker 2 (HKLM-x32\...\WT082122) (Version: 2.2.0.82 - WildTangent) Hidden
BlackWidow version 6.30 (HKLM-x32\...\{69A7A3D0-AE00-4C7E-83AC-61804FA9B7ED}_is1) (Version: 6.30 - Softbyte Labs, Inc.)
Blasterball 3 (HKLM-x32\...\WT082124) (Version: 2.2.0.82 - WildTangent) Hidden
Borland C++Builder 6 (HKLM-x32\...\{2864C41B-EF2D-4640-95A2-526276524519}) (Version: 6.0 - Borland Software Corporation)
Borland Delphi 7 (HKLM-x32\...\{72263053-50D1-4598-9502-51ED64E54C51}) (Version: 7.0 - Borland Software Corporation)
Bus Driver (HKLM-x32\...\WT082439) (Version: 2.2.0.82 - WildTangent) Hidden
Cairo Desktop Environment (HKLM\...\CairoShell) (Version: 0.3 - Cairo Development Team)
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
Chuzzle Deluxe (HKLM-x32\...\WT082200) (Version: 2.2.0.82 - WildTangent) Hidden
Couchbase Server (HKLM\...\{B457D40B-E596-E1D4-417A-4DD6219B64B0}) (Version: 4.5.1 - Couchbase, Inc.) Hidden
Couchbase Server (HKLM-x32\...\InstallShield_{B457D40B-E596-E1D4-417A-4DD6219B64B0}) (Version: 4.5.1 - Couchbase, Inc.)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2216 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3419 - CyberLink Corp.)
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.1.1110 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2201 - CyberLink Corp.)
DB Browser for SQLite (HKLM-x32\...\DB Browser for SQLite) (Version: 3.9.1 - DB Browser for SQLite Team)
DiskCryptor 1.1 (HKLM\...\DiskCryptor_is1) (Version: 1.1 - hxxp://diskcryptor.net/)
doPDF (HKLM\...\{F64C9051-AF79-4416-9522-EDBE765F062C}) (Version: 8.6.942 - Softland) Hidden
doPDF 8 (HKLM-x32\...\{413fb852-4e7d-4e52-bcaa-6270ff9a9347}) (Version: 8.6.942 - Softland)
Dora's Carnival Adventure (HKLM-x32\...\WT082133) (Version: 2.2.0.82 - WildTangent) Hidden
Escape Rosecliff Island (HKLM-x32\...\WT083484) (Version: 2.2.0.82 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Faerie Solitaire (HKLM-x32\...\WT082442) (Version: 2.2.0.82 - WildTangent) Hidden
FATE (HKLM-x32\...\WT082141) (Version: 2.2.0.82 - WildTangent) Hidden
FirePasswordViewer (HKLM-x32\...\{E7221074-36E4-48F1-8972-C48F687229BC}) (Version: 8.0 - SecurityXploded) Hidden
Free MP4 to MP3 Converter 1.0 (HKLM-x32\...\Free MP4 to MP3 Converter_is1) (Version:  - MediaProLab.com)
Geany 1.30.1 (HKLM-x32\...\Geany) (Version: 1.30.1 - The Geany developer team)
Go Programming Language amd64 go1.8.1 (HKLM\...\{9CE87BC4-2DCC-4ACC-8FD6-4CB2BD75ED86}) (Version: 1.8.1 - hxxps://golang.org)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.31.5 - Google Inc.) Hidden
H2 (HKU\S-1-5-21-3083505196-1154493879-1801792328-1014\...\H2) (Version:  - )
HHD Software Free Hex Editor Neo 6.24 (HKLM\...\{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}) (Version: 6.24.0.5920 - HHD Software, Ltd.)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.80 - WildTangent)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
HPAsset component for HP Active Support Library (HKLM-x32\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 3.0.0.3 - Hewlett-Packard) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java SE Development Kit 8 Update 131 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180131}) (Version: 8.0.1310.11 - Oracle Corporation)
Java™ 6 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java-Editor 14.05, 2017.04.21 (HKLM-x32\...\{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1) (Version:  - Gerhard Röhner)
JCreator Pro 5.00 (HKLM-x32\...\JCreator Pro_is1) (Version:  - Xinox Software)
jEdit 5.4.0 (HKLM\...\jEdit_is1) (Version: 5.4.0 - Contributors)
Jewel Quest 3 (HKLM-x32\...\WT082443) (Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (HKLM-x32\...\{E2DFE069-083E-4631-9B6C-43C48E991DE5}) (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.1.3.3 - PandoraTV)
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2215 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2215 - CyberLink Corp.)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
LibreOffice 5.2.0.4 (HKLM-x32\...\{8FA59B7B-1D26-408F-A798-BD11A65A68B9}) (Version: 5.2.0.4 - The Document Foundation)
LightScribe System Software (HKLM-x32\...\{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}) (Version: 1.18.12.1 - LightScribe)
LiveUSB Creator (remove only) (HKLM-x32\...\LiveUSB Creator) (Version:  - )
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft Office 2000 SR-1 Professional (HKLM-x32\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (English) (HKLM\...\{EB0A3BCB-B9DF-4906-B066-BDEC6E213B91}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 Design Tools ENU (HKLM-x32\...\{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 ENU (HKLM-x32\...\{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{6E740973-8E71-42F9-A910-C18452E60450}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual Basic 2008 Express Edition - ENU (HKLM-x32\...\Microsoft Visual Basic 2008 Express Edition - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual C# 2008 Express Edition - ENU (HKLM-x32\...\Microsoft Visual C# 2008 Express Edition - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Express Edition - ENU (HKLM-x32\...\Microsoft Visual C++ 2008 Express Edition - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework (HKLM\...\{62577E41-C350-3D07-97C8-2B6CDB4BAD60}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 (HKLM\...\{11EB1163-5761-4BC6-8F48-98DCF6A46BBF}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}) (Version: 6.1.5288.17011 - Microsoft Corporation)
MongoDB 3.4.5 2008R2Plus (64 bit) (HKLM\...\{C8A84E68-77F5-4C1B-A0C4-8A7E0F5D11D6}) (Version: 3.4.5 - MongoDB)
Mozilla Firefox 56.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 56.0.2 (x86 en-US)) (Version: 56.0.2 - Mozilla)
Mozilla Firefox 57.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.1 (x64 en-US)) (Version: 57.0.1 - Mozilla)
Mozilla Firefox 57.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 57.0.3 (x86 en-US)) (Version: 57.0.3 - Mozilla)
Mozilla Firefox 57.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 57.0.4 (x86 en-US)) (Version: 57.0.4 - Mozilla)
Mozilla Thunderbird 45.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.4.0 (x86 en-US)) (Version: 45.4.0 - Mozilla)
Mp3tag v2.79 (HKLM-x32\...\Mp3tag) (Version: v2.79 - Florian Heidenreich)
MSDN Library for Microsoft Visual Studio 2008 Express Editions (HKLM-x32\...\{DF38F332-2AC3-37FF-9FDC-8C4C80E531FB}) (Version: 9.0.21022 - Microsoft Corporation) Hidden
MSDN Library for Microsoft Visual Studio 2008 Express Editions (HKLM-x32\...\MSDN Library for Microsoft Visual Studio 2008 Express Editions) (Version:  - Microsoft Corporation)
MySQL Connector C++ 1.1.8 (HKLM\...\{4BFAEC5F-9E57-467F-A19F-2FF716DDC9E6}) (Version: 1.1.8 - Oracle and/or its affiliates)
MySQL Connector J (HKLM-x32\...\{22F665B5-4E0A-4991-8C0A-6DB9544AE9E3}) (Version: 5.1.41 - Oracle Corporation)
MySQL Connector Net 6.9.9 (HKLM-x32\...\{E09F82E9-3EB3-4725-BDC8-3C77F83E262C}) (Version: 6.9.9 - Oracle)
MySQL Connector/C 6.1 (HKLM\...\{C59B92D2-9D0F-4F4E-9C38-021754CD2890}) (Version: 6.1.9 - Oracle Corporation)
MySQL Connector/ODBC 5.2 32bit (community edition) (HKLM-x32\...\{12A47162-DE00-4A9D-A82B-2EC881139B10}) (Version: 5.2.5 - Oracle Corporation)
MySQL Documents 5.7 (HKLM-x32\...\{B3E47FBC-B036-4AC9-975E-55AA7252A7A0}) (Version: 5.7.18 - Oracle Corporation)
MySQL Examples and Samples 5.7 (HKLM-x32\...\{A991DCE5-AB3B-4E9F-A58E-EF5E02742665}) (Version: 5.7.18 - Oracle Corporation)
MySQL Installer - Community (HKLM-x32\...\{BE906937-C749-47B0-9378-C6AA2786F37D}) (Version: 1.4.19.0 - Oracle Corporation)
MySQL Notifier 1.1.7 (HKLM-x32\...\{724CDD73-430E-47DA-8F4E-7DF2000BA268}) (Version: 1.1.7 - Oracle)
MySQL Server 5.7 (HKLM\...\{2DA17C9C-993C-4A53-8C65-C05A470A2849}) (Version: 5.7.18 - Oracle Corporation)
MySQL Shell 1.0.9 (HKLM\...\{69E5F01E-8F6B-44F8-92D9-54EC39F846DA}) (Version: 1.0.9 - Oracle and/or its affiliates)
MySQL Utilities (HKLM\...\{BEDAC2EF-DBA2-4B25-857A-7DF385FA645E}) (Version: 1.6.5 - Oracle Corporation)
NetBeans IDE 8.2 (HKLM\...\nbi-nb-base-8.2.0.0.201609300101) (Version: 8.2 - NetBeans.org)
Nightly 59.0a1 (x86 en-US) (HKLM-x32\...\Nightly 59.0a1 (x86 en-US)) (Version: 59.0a1 - Mozilla)
Node.js (HKLM\...\{8EB45FE3-A3A1-435E-9F2C-0C5373D0FD44}) (Version: 8.1.4 - Node.js Foundation)
novaPDF 8 add-in for Microsoft Office (x64) (HKLM\...\{A53F3DB0-ECBA-4CA0-A4AC-518FA7347A02}) (Version: 8.6.942 - Softland)
novaPDF 8 add-in for Microsoft Office (x86) (HKLM-x32\...\{A0B71772-5AC4-47D5-A175-99238C057B37}) (Version: 8.6.942 - Softland)
novaPDF 8 Printer Driver (HKLM\...\{1A9E9E77-B29B-47C6-ADEB-9E7D6F7A08CE}) (Version: 8.6.942 - Softland)
Old Calculator for Windows 10 (HKLM-x32\...\OldCalcForWin10) (Version: 1.1 - hxxp://winaero.com)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.318.1 - Tracker Software Products Ltd)
Penguins! (HKLM-x32\...\WT082168) (Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (HKLM-x32\...\WT082170) (Version: 2.2.0.82 - WildTangent) Hidden
Poker Superstars III (HKLM-x32\...\WT082171) (Version: 2.2.0.82 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WT082172) (Version: 2.2.0.82 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WT082173) (Version: 2.2.0.82 - WildTangent) Hidden
PostgreSQL 9.6  (x86) (HKLM-x32\...\PostgreSQL 9.6) (Version: 9.6 - PostgreSQL Global Development Group)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3415 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3415 - CyberLink Corp.)
PowerDirector (HKLM-x32\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3420 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3420 - CyberLink Corp.)
Privatefirewall 7.0 (HKLM-x32\...\{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}) (Version: 7.0.30.3 - PWI, Inc.)
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
psqlODBC (HKLM-x32\...\{4ADF3CE1-3B73-49E9-903C-166DEC8AB99F}) (Version: 09.06.0310 - PostgreSQL Global Development Group)
Python 3.5.2 Add to Path (32-bit) (HKLM-x32\...\{7E08C4EE-B1C7-4138-8227-7CD3837636AA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 (32-bit) (HKU\S-1-5-21-3083505196-1154493879-1801792328-1014\...\{8388fa07-1617-4b8d-8ad8-6a940ad8052c}) (Version: 3.6.2150.0 - Python Software Foundation)
Python 3.6.2 Add to Path (32-bit) (HKLM-x32\...\{5FEE3F00-F984-49A6-880C-CDEB3A9DC308}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Core Interpreter (32-bit) (HKLM-x32\...\{4542573C-6216-4584-BA90-72BAF7954404}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Development Libraries (32-bit) (HKLM-x32\...\{69E3E4A6-2A0F-4A32-9C2D-591EEC107289}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Documentation (32-bit) (HKLM-x32\...\{796410A7-1669-4FE4-8332-F684B61269E2}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Executables (32-bit) (HKLM-x32\...\{348C0EFF-60B1-4E68-88B8-33D7DF70DFCF}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 pip Bootstrap (32-bit) (HKLM-x32\...\{6B2D61BA-C42D-4324-B23F-1D7B5A2808EF}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Standard Library (32-bit) (HKLM-x32\...\{79B4337D-166F-4BC0-B67A-F73806CC730E}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{DF24AFFD-23AB-4A7D-A0E0-6410CE3B6B9D}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Test Suite (32-bit) (HKLM-x32\...\{433FD2E2-839C-4211-88B7-45C90F738842}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Utility Scripts (32-bit) (HKLM-x32\...\{9B79DE7E-E864-4758-8DFC-85DA43B19671}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{2636F1E4-2BC5-4B19-BFFD-A08F72598309}) (Version: 3.6.6032.0 - Python Software Foundation)
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.11.1127.2009 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM-x32\...\{901F0D4C-009D-1112-8DE4-03599E7B0C5C}) (Version: 1.00.10.0104 - REALTEK Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.2214 - CyberLink Corp.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Registrar Registry Manager 8.03 (HKLM\...\RegistrarHome_is1) (Version:  - Resplendence Software Projects Sp.)
ResophNotes (HKLM-x32\...\{96620F43-9E25-4452-ACE8-6C408C96659B}) (Version: 1.5.7 - C.Y.Yen)
SetFileDate 2.0 (HKLM-x32\...\SetFileDate_is1) (Version:  - No Nonsense Software)
SoftStylus (HKLM-x32\...\{85EAFAD8-9FDB-4343-82CE-29674C1AC6E1}) (Version: 2.2.112.0 - Motorola)
Sql Server Customer Experience Improvement Program (HKLM\...\{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}) (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
SQLite ODBC Driver (remove only) (HKLM-x32\...\SQLite ODBC Driver) (Version:  - )
TDM-GCC (HKLM-x32\...\TDM-GCC) (Version: 1.1309.0 - TDM)
Telerik Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.6.20171.7553 - Telerik)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{61702639-6539-473A-8FE5-618E194C0069}) (Version: 2.7.0.0 - Microsoft Corporation)
VC Runtimes MSI (HKLM-x32\...\{FF29527A-44CD-3422-945E-981A13584000}) (Version: 9.0.21022 - Microsoft) Hidden
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.17 - IDRIX)
Vim 8.0 (self-installing) (HKLM\...\Vim 8.0) (Version:  - )
Virtual Families (HKLM-x32\...\WT082188) (Version: 2.2.0.82 - WildTangent) Hidden
Virtual Villagers - The Secret City (HKLM-x32\...\WT082241) (Version: 2.2.0.82 - WildTangent) Hidden
Visual Basic 5.0 Professional Edition (HKLM-x32\...\VB5) (Version:  - )
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Winaero Tweaker (HKLM\...\Winaero Tweaker_is1) (Version: 0.9.0.0 - Winaero)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Desktop Gadgets (HKLM\...\Windows Desktop Gadgets_is1) (Version: 2.0 - hxxp://gadgetsrevived.com)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Resource Kit Tools (HKLM-x32\...\{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}) (Version: 5.2.3790 - Microsoft Corporation)
WinHTTrack Website Copier 3.48-22 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.22 - HTTrack)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 4.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wireshark 2.2.4 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.2.4 - The Wireshark developer community, hxxps://www.wireshark.org)
Zuma's Revenge (HKLM-x32\...\WT082463) (Version: 2.2.0.82 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3083505196-1154493879-1801792328-1014_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\zed\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3083505196-1154493879-1801792328-1014_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\zed\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3083505196-1154493879-1801792328-1014_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\zed\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [axcrypt.File] -> {C3DFC144-30F8-4138-81F9-578DBEB9324A} => C:\Program Files\Axantum\AxCrypt\ShellExt.dll [2016-07-04] (Axantum Software AB)
ContextMenuHandlers1: [gvim] -> {51EEE242-AD87-11d3-9C1E-0090278BBD99} => C:\Program Files (x86)\Vim\vim80\gvimext.dll [2016-08-29] (Tianmiao Hu's Developer Studio)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Users\me\Program Files\WinRAR\rarext64.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Users\me\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-07] (Piriform Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6: [axcrypt.File] -> {C3DFC144-30F8-4138-81F9-578DBEB9324A} => C:\Program Files\Axantum\AxCrypt\ShellExt.dll [2016-07-04] (Axantum Software AB)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-07] (Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Users\me\Program Files\WinRAR\rarext64.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Users\me\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4A23EF54-4326-4760-9459-D8DA503BA498} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-10-09] (Microsoft Corporation)
Task: {6B221673-5BE9-4F2D-8486-8681913B2A1C} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {83040B94-980C-40EF-B25F-61251DFF1516} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-10-09] (Microsoft Corporation)
Task: {B0FA440B-2AA6-4368-B907-8760ED64EC8C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-10-09] (Microsoft Corporation)
Task: {DF37EADC-B04F-4C5F-9281-DC4050BED5F2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-10-09] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\zed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StartUp.lnk -> C:\Users\zed\StartUp.bat ()

==================== Loaded Modules (Whitelisted) ==============

2016-07-17 00:42 - 2016-07-17 00:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-09-30 12:51 - 2017-09-07 19:01 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-14 10:13 - 2016-09-07 17:56 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-04-14 23:47 - 2017-03-04 19:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\DRM:احتضان [98]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3083505196-1154493879-1801792328-1014\Software\Classes\.exe: exefile =>  <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-01-25 14:58 - 2017-07-12 10:20 - 000002093 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1  localhost
127.0.0.1  doubleclick.net
127.0.0.1  www.doubleclick.net
127.0.0.1  ad.doubleclick.net
127.0.0.1  ad.au.doubleclick.net
127.0.0.1  googleads.g.doubleclick.net
127.0.0.1  pagead2.googlesyndication.com
127.0.0.1  www.googletagservices.com
127.0.0.1  www.googleadservices.com
127.0.0.1  pubads.g.doubleclick.net
127.0.0.1  cdn-ssl.vidible.tv

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3083505196-1154493879-1801792328-1014\Control Panel\Desktop\\Wallpaper -> D:\DOCUMENTS\wallpapers\8zKoIOr.jpg
DNS Servers: 203.97.78.43 - 203.97.78.44
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "Microsoft Office.lnk"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "RtkOSD"
HKLM\...\StartupApproved\Run: => "TinyWall Controller"
HKLM\...\StartupApproved\Run: => "RtHDVBg"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "AppleSyncNotifier"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "NortonOnlineBackupReminder"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-3083505196-1154493879-1801792328-1014\...\StartupApproved\StartupFolder: => "pspfix_Main.exe.lnk"
HKU\S-1-5-21-3083505196-1154493879-1801792328-1014\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3083505196-1154493879-1801792328-1014\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3083505196-1154493879-1801792328-1014\...\StartupApproved\Run: => "BlueStacks Agent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

17-10-2017 12:43:37 Windows Update
21-10-2017 17:57:07 Removed AxCrypt 1.7.3180.0
29-10-2017 15:48:49 Removed Microsoft Office 2000 SR-1 Professional
01-11-2017 13:08:55 Removed Privatefirewall 7.0
05-11-2017 11:47:38 Windows Update
05-11-2017 11:48:46 Windows Update
14-11-2017 09:04:00 Removed AxCrypt 1.7.3180.0
17-11-2017 16:18:11 Removed Privatefirewall 7.0
21-11-2017 18:21:22 Installed TinyWall
25-11-2017 23:28:29 Installed Privatefirewall 7.0
30-11-2017 17:46:19 Removed Cisco EAP-FAST Module
09-12-2017 15:33:37 Restore Operation
16-12-2017 12:38:26 Removed Borland Delphi 7
18-12-2017 17:08:23 Removed Microsoft Office 2000 SR-1 Professional
28-12-2017 16:26:26 Removed Adobe Acrobat Reader DC.
01-01-2018 23:44:04 Windows Modules Installer
18-01-2018 08:51:54 Installed Privatefirewall 7.0

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/22/2018 03:29:07 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2117-12-29T02:29:07Z. Error Code: 0x80070002.

Error: (01/22/2018 03:28:37 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2117-12-29T02:28:37Z. Error Code: 0x80070002.

Error: (01/22/2018 03:28:07 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2117-12-29T02:28:07Z. Error Code: 0x80070002.

Error: (01/22/2018 03:27:37 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2117-12-29T02:27:37Z. Error Code: 0x80070002.

Error: (01/22/2018 03:27:07 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2117-12-29T02:27:07Z. Error Code: 0x80070002.

Error: (01/22/2018 03:26:37 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2117-12-29T02:26:37Z. Error Code: 0x80070002.

Error: (01/22/2018 03:26:07 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2117-12-29T02:26:07Z. Error Code: 0x80070002.

Error: (01/22/2018 03:25:37 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2117-12-29T02:25:37Z. Error Code: 0x80070002.

Error: (01/22/2018 03:25:07 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2117-12-29T02:25:07Z. Error Code: 0x80070002.

Error: (01/22/2018 03:24:37 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2117-12-29T02:24:37Z. Error Code: 0x80070002.


System errors:
=============
Error: (01/22/2018 03:06:10 PM) (Source: DCOM) (EventID: 10001) (User: SMASHPALACE)
Description: Unable to start a DCOM Server: CortanaUI as Unavailable/Unavailable. The error:
"267"
Happened while starting this command:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

Error: (01/22/2018 03:06:08 PM) (Source: DCOM) (EventID: 10001) (User: SMASHPALACE)
Description: Unable to start a DCOM Server: CortanaUI as Unavailable/Unavailable. The error:
"267"
Happened while starting this command:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

Error: (01/22/2018 03:06:06 PM) (Source: DCOM) (EventID: 10001) (User: SMASHPALACE)
Description: Unable to start a DCOM Server: CortanaUI as Unavailable/Unavailable. The error:
"267"
Happened while starting this command:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

Error: (01/22/2018 03:06:04 PM) (Source: DCOM) (EventID: 10001) (User: SMASHPALACE)
Description: Unable to start a DCOM Server: CortanaUI as Unavailable/Unavailable. The error:
"267"
Happened while starting this command:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

Error: (01/22/2018 03:06:01 PM) (Source: DCOM) (EventID: 10001) (User: SMASHPALACE)
Description: Unable to start a DCOM Server: CortanaUI as Unavailable/Unavailable. The error:
"267"
Happened while starting this command:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

Error: (01/22/2018 03:05:59 PM) (Source: DCOM) (EventID: 10001) (User: SMASHPALACE)
Description: Unable to start a DCOM Server: CortanaUI as Unavailable/Unavailable. The error:
"267"
Happened while starting this command:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

Error: (01/22/2018 03:04:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The iphlpsvc service depends on the WinHttpAutoProxySvc service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/22/2018 03:03:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error:
This driver has been blocked from loading

Error: (01/22/2018 03:00:21 PM) (Source: DCOM) (EventID: 10001) (User: SMASHPALACE)
Description: Unable to start a DCOM Server: CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca as Unavailable/Unavailable. The error:
"267"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca

Error: (01/22/2018 03:00:21 PM) (Source: DCOM) (EventID: 10001) (User: SMASHPALACE)
Description: Unable to start a DCOM Server: CortanaUI.AppXvtawfp8s388m3217mfbq5fa3myj37wpa.mca as Unavailable/Unavailable. The error:
"267"
Happened while starting this command:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe" -ServerName:RemindersServer


CodeIntegrity:
===================================
  Date: 2017-11-16 08:20:31.897
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-11-15 07:53:50.826
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-11-13 19:44:53.514
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-11-12 09:14:33.892
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-11-05 20:34:50.659
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-13 16:40:54.443
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-01 08:12:46.163
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-31 07:18:34.953
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-29 19:35:12.645
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-29 08:58:15.474
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Celeron® Dual-Core CPU T3300 @ 2.00GHz
Percentage of memory in use: 62%
Total physical RAM: 1978.92 MB
Available physical RAM: 737.45 MB
Total Virtual: 3121.92 MB
Available Virtual: 2089.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:283.89 GB) (Free:20.44 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: () (Fixed) (Total:13.9 GB) (Free:10.32 GB) NTFS
Drive e: (ARCHIVE) (Removable) (Total:3.61 GB) (Free:0.03 GB) FAT32
Drive m: () (Fixed) (Total:13.9 GB) (Free:10.32 GB) NTFS
Drive n: () (Fixed) (Total:283.89 GB) (Free:20.44 GB) NTFS
Drive p: () (Fixed) (Total:4 GB) (Free:3.34 GB) NTFS
Drive z: () (Fixed) (Total:2 GB) (Free:1.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 777FC6A1)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=283.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.6 GB) (Disk ID: 500A0DFF)
No partition Table on disk 1.

==================== End of Addition.txt ============================



#4 reddawg69

reddawg69
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 21 January 2018 - 11:02 PM

Oh My!

 

My issue has nothing to do with ANY browsers. This issue is NOT browser related.

 

I have completely disabled Windows Defender. I run Privacyware's Privatefirewall in lieu of Windows Defender realtime mode.



#5 reddawg69

reddawg69
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 21 January 2018 - 11:03 PM

Oh My!

 

I have completely removed Microsoft Edge and completely removed Cortana.

 

The issue persists with or with both Edge and Cortana enabled.



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:17 AM

Posted 22 January 2018 - 01:52 PM

Greetings.

A lot of modifications have been done to your computer and I don't know whether they were done by you. I need some clarity before we change anything on your system.

-----

Can you tell me if you recognize these?
 

FF DefaultProfile: redirect_test
FF ProfilePath: P:\BETA
FF ProfilePath: P:\RAW
P:\NIGHTLY
P:\ZOG_FIREFOX_V51
P:\ZOG_FIREFOX_V56
P:\ZOG_FIREFOX_V57
P:\ZOG_FIREFOX_V50
FF ProfilePath: C:\Users\zed\FirefoxProfiles\redirect_test [2018-01-22]
FF Homepage: C:\Users\zed\FirefoxProfiles\redirect_test -> file:///C:/Users/zed/apage.html
D:\DOCUMENTS\Win10config\pspfix_Main.exe
C:\Users\zed\Downloads\readerdc_en_xa_crd_install - Copy.exe


-----

Did you change the Command Processor Code Page to 1252 (West European Latin)?
 

HKLM\...\Command Processor: chcp 1252


-----

Did you set these?
 

URLSearchHook: [S-1-5-21-3083505196-1154493879-1801792328-1014] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope value is missing
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-03] (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-27] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-03] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-27] (Microsoft Corporation)


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 reddawg69

reddawg69
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 22 January 2018 - 10:19 PM

Hi

Part #1
-------
FF DefaultProfile: redirect_test
FF ProfilePath: P:\BETA
FF ProfilePath: P:\RAW
P:\NIGHTLY
P:\ZOG_FIREFOX_V51
P:\ZOG_FIREFOX_V56
P:\ZOG_FIREFOX_V57
P:\ZOG_FIREFOX_V50
FF ProfilePath: C:\Users\zed\FirefoxProfiles\redirect_test [2018-01-22]
FF Homepage: C:\Users\zed\FirefoxProfiles\redirect_test -> file:///C:/Users/zed/apage.html
D:\DOCUMENTS\Win10config\pspfix_Main.exe
C:\Users\zed\Downloads\readerdc_en_xa_crd_install - Copy.exe

ANSWER: Yes these changes are all mine. The Firefox (FF) profiles all sit on an encrypted Truecrypt volume (P:) and would not have been accessible during the FRST scan. The HOMEPAGE and PROFILEPATH are all part of my setup and are not an issue. pspfix_Main.exe is a small app I wrote to correct an INI file fault with PSP.EXE, an old version of Paint Shop Pro which I purchased way back last century. "readerdc_en_xa_crd_install - Copy.exe" is just a backup copy I did before running Adobe Reader "readerdc_en_xa_crd_install.exe" which self deletes after running (saves me having to download it again if it fails).

Part #2
-------

HKLM\...\Command Processor: chcp 1252

I did this. This is a simple setting in any version of Windows to force the command prompt CMD.EXE to use the desired codepage.

Part #3
-------

You asked, "Did you set these?"

ANSWER: No

My laptop was updated from Windows 7 64-bit Home Edition --to--> Windows 10 64-bit Home Edition version 1607 back in 2016/2017 and immediately after these updates there was NO ISSUE.

Windows Live Messenger was used on Windows 7 but never used on Windows 10. Windows Live was uninstalled back in August 2017 and I don't know why settings would appear in the FRST logs I did a few days ago.

*******

Thanks for your help so far. This is a baffling issue and I have seen many reports of this dating back to Windows 7 days.

There is no evidence whatsoever of any virus or trojan on my laptop. It seems that there is a setting in either the registry or the Task Scheduler which is causing this. I have monitored Task Manager when this thing does a 'batch' of random browser requests and can't see any evidence of another task running. I suspect the activation vector is via svchost.exe and svchost.exe is the 'clean'[ version that comes with Windows 10.

I have disabled the Task Scheduler (now currently re-enabled) to see if the issue persists ... and it does!

I'm totally stumped as to how this issue manifests itself and is extremely persistent.

As I said, I don't believe this is a virus or trojan but some Operating System 'feature' that doesn't reach its true destination and keeps on requesting a call to a browser.

I appreciate any help you can give but if this outside your expertise then I may refer this to a Microsoft forum.

Cheers
John



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:17 AM

Posted 23 January 2018 - 03:26 PM

Thank you for the explanation John.

As you have stated, this may be outside my area of expertise but I don't mind taking a peek at things.

Please boot into Safe Mode without Networking and tell me if the issue persists.

Are there other devices connected to the same network and if so are there any issues?

Does this occur when you are connected to different networks?

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
URLSearchHook: [S-1-5-21-3083505196-1154493879-1801792328-1014] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {79C137C9-A295-4BB1-BCE3-4398F55BD104} URL =
U3 idsvc; no ImagePath
U3 iswSvc; no ImagePath
HKU\S-1-5-21-3083505196-1154493879-1801792328-1014\Software\Classes\.exe: exefile
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-03] (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-27] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-03] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-27] (Microsoft Corporation)
cmd: type "C:\Users\zed\StartUp.bat"
cmd: type "C:\WINDOWS\StartUp.bat"
Folder: C:\Users\Public\DRM
cmd: ipconfig /all
cmd: Bitsadmin /Reset /Allusers
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Reply to questions
  • Safe Mode?
  • Fixlog
  • Please describe your current browser symptoms

Edited by Oh My!, 23 January 2018 - 05:01 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 reddawg69

reddawg69
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 25 January 2018 - 02:57 PM

Gary?

 

I'm still here. I want to do a safe boot with Networking disabled but I can't do this as my laptop's monitor is broken and I'm using an external monitor (configured before the laptop's screen died). So what I will do is turn off my internet wifi connection and watch my laptop for 24 hours to see if networking-off prevents the issue from occurring.

 

I'll PERSONAL MESSAGE you on 28 Jan 2018 when I've done this for 24 hours. I will also run the other tasks you suggested BEFORE I contact you.

 

Thanks mate

John



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:17 AM

Posted 25 January 2018 - 04:52 PM

Hi John.

The most important part is booting into Safe Mode. Without networking is just a secondary add-on.

If we can't test Safe Mode let's do the next best thing. Replace the Safe Mode steps with this:

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Clean Boot

--------------------
  • Press the Windows Key + R on your keyboard at the same time.
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • Click the General tab then click Selective Startup
  • Check Load system services
  • Uncheck Load Startup Items
  • Click the Services tab
  • Click to select the Hide All Microsoft Services check box
  • Click Disable All, and then click OK
  • When you are prompted, click Restart and boot into Normal Mode
  • Check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Computer performance?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 reddawg69

reddawg69
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 25 January 2018 - 05:52 PM

Gary

 

I think we're getting no where, fast.

 

In order for the 'issue' to manifest itself a 'process' must be running on my laptop. Things don't happen on a PC without something to trigger them. Settings in the registry and other startup places will not be 'recognized' if an APP is not running to read these settings and take action. I have shut down (disabled) about 5 services on my system including TASK SCHEDULER and BITS. This has not stopped my issue. I firmly believe this is an Operating System issue. Microsoft are running something (the 'trigger') that causes this.

 

Here's the logic AND IT'S *NOT* FIREFOX:

 

Firefox started :: Scenario #1: Firefox is the active window. Redirect to HOMEPAGE occurs and current firefox tab redirects to my 'firefox homepage' URL.

 

Firefox started :: Scenario #2: Firefox is NOT the active window. An attempt to redirect to default browser (MS EDGE) homepage occurs and Edge starts and goes to Edge's homepage (via setting URL in Edge).

 

I'm totally perplexed as to how this trigger is activating.

 

We can spend all year changing settings via FRST, but this issue will not be fixed until you and I determine what triggers the problem.

 

Thanks for your continued perseverance.

 

JOHN



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:17 AM

Posted 25 January 2018 - 09:10 PM

Greetings,

 

I understand your frustration and if you are certain this is a Microsoft issue then maybe it is best you contact them. There are some troubleshooting steps we could take but it appears you prefer to forego any potential non-Microsoft troubleshooting steps.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:17 AM

Posted 28 January 2018 - 08:43 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:17 AM

Posted 30 January 2018 - 10:02 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users