Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No operating system deteced after windows update reboots?


  • This topic is locked This topic is locked
63 replies to this topic

#1 kwjamesblond

kwjamesblond

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 15 February 2018 - 09:45 PM

Hello I am having issues with my Dell Laptop after having to use my Acronis rescue media after I installed some community drivers for a Minidisc player I should not have trusted last Saturday.  The link is below for reference.  I disabled the driver signing then installed one of these drivers then rebooted my PC to scan for viruses and the laptop could not boot into windows.  It did not say "operating system not found" as it does currently.  The driver did work till I rebooted.  I booted into my Acronis rescue software and loaded a backup from February 1st and this went fine.  Now yesterday I was out of the room my computer was in and when I walked back in Windows 10 was doing a forced update that happens when forget to set your active hours correctly.  As soon as my laptop rebooted a message saying "no operating system detected" appeared in the top left of my screen.  I have checked the bios and the boot order is not messed up.  I took the battery out and booted it up without it and then switched out the memory I had added last summer and the results were the same.  I decided to use my same backup from February 1st again and it loaded alright last night.  This morning I updated Norton and ran every scan in that thing and nothing turned up.  I next booted up Norton rescue disc and Kaspersky's as well but no virus's showed up although some files in my user folder I think were corrupted according to Kaspersky.  Right now I do not know if I have a virus or if windows update is getting the location of my hard drive confused after applying the windows updates.  I am using Acronis on the laptop the last time and plan to leave the Laptop off till I deiced what to do next.  I was sure I had a virus this morning but this is the first time I have used Acronis on this laptop.

 

 

http://archivisiondirectory.blogspot.be/2010/10/64-bit-driver-for-sony-netmd-net-md-and.html

 

 

Moved to MRL @ JSntgRvr request

NickAu


Edited by NickAu, 17 February 2018 - 07:15 PM.
Mod edit


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:53 PM

Posted 17 February 2018 - 06:59 PM

Hi, and welcome.

 

Are you still unable to boot into Windows?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 kwjamesblond

kwjamesblond
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 17 February 2018 - 07:05 PM

Yes I used my backup but am pretty sure the same issue will occur with windows updates since it has happened twice to me so far, was waiting for a response before I turn it on again.

-Thanks



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:53 PM

Posted 17 February 2018 - 07:10 PM

Very well, I am moving the topic to the Malware Forum.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 kwjamesblond

kwjamesblond
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 17 February 2018 - 07:41 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.02.2018
Ran by Admin (administrator) on THEFALCON (17-02-2018 17:27:12)
Running from C:\Users\Admin\Downloads\Virus_Test
Loaded Profiles: Admin (Available Profiles: Kylor W. Jones & Admin & nx)
Platform: Windows 10 Home Version 1703 15063.850 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FACSMon.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
() C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
() C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.11.2.7\ns.exe
(NoMachine) C:\Program Files (x86)\NoMachine\bin\nxservice64.exe
() C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe
(Parallels Holdings, Ltd. and its affiliates.) C:\Program Files (x86)\Parallels\Parallels Access\Application\amd64\prl_pm_service.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NoMachine) C:\Program Files (x86)\NoMachine\bin\nxserver.bin
(NoMachine) C:\Program Files (x86)\NoMachine\bin\nxd.exe
(NoMachine) C:\Program Files (x86)\NoMachine\bin\nxnode.bin
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.11.2.7\ns.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(NoMachine) C:\Program Files (x86)\NoMachine\bin\nxclient.bin
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FAsenmon.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe
(Dell) C:\Users\Admin\AppData\Local\Apps\2.0\P1Q4H4ZX.OWQ\R2AKE8HJ.QRO\dell..tion_831211ca63b981c5_0008.0005_9a48d74816d64e41\DellSystemDetect.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Parallels Holdings, Ltd. and its affiliates.) C:\Program Files (x86)\Parallels\Parallels Access\Application\amd64\prl_deskctl_agent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
() C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.8\bin\TrayPopupE\TrayTipAgentE.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2016-01-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2016-01-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2016-01-02] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3760456 2013-08-23] (Dell Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [585296 2017-12-22] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC.)
HKLM-x32\...\Run: [FATrayAlert] => C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95536 2014-10-14] (Sensible Vision )
HKLM-x32\...\Run: [HPHUPD05] => C:\Program Files (x86)\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe [49152 2005-07-07] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Component Manager] => C:\Program Files (x86)\HP\hpcoretech\hpcmpmgr.exe [241664 2003-12-22] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPHmon05] => C:\Windows\SysWOW64\hphmon05.exe [491520 2005-07-07] (Hewlett-Packard)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4620736 2017-12-22] ()
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [407904 2015-04-08] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2015-04-08] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567936 2018-02-08] (Dropbox, Inc.)
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [118552 2016-09-11] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [508696 2016-09-11] (CyberLink Corp.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1223680 2017-02-28] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [425864 2017-09-26] (Acronis International GmbH)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.8\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
Winlogon\Notify\FastAccess: C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll [2014-10-14] (Sensible Vision )
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3035199990-2301990945-3538829572-1005\...\Run: [Google Update] => C:\Users\Admin\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-16] (Google Inc.)
HKU\S-1-5-21-3035199990-2301990945-3538829572-1005\...\Run: [Power2GoExpress8] => [X]
HKU\S-1-5-21-3035199990-2301990945-3538829572-1005\...\Run: [DellSystemDetect] => C:\Users\Admin\AppData\Local\Apps\2.0\P1Q4H4ZX.OWQ\R2AKE8HJ.QRO\dell..tion_831211ca63b981c5_0008.0005_9a48d74816d64e41\DellSystemDetect.exe [313264 2017-08-05] (Dell)
HKU\S-1-5-21-3035199990-2301990945-3538829572-1005\...\RunOnce: [Uninstall 17.3.7294.0108\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\amd64"
HKU\S-1-5-21-3035199990-2301990945-3538829572-1005\...\RunOnce: [Uninstall 17.3.7294.0108] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.7294.0108"
HKU\S-1-5-21-3035199990-2301990945-3538829572-1005\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3035199990-2301990945-3538829572-1005\...\Policies\Explorer: [NoLogOff] 0
Lsa: [Authentication Packages] msv1_0 nxlsa
Lsa: [Notification Packages] scecli FAPassSync
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2016-02-25]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{63fb9164-49fe-4390-a472-86fb5b527c01}: [DhcpNameServer] 172.18.11.1
Tcpip\..\Interfaces\{db7db17b-4bff-44a7-892e-055b4ac676f8}: [DhcpNameServer] 192.168.0.1 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-3035199990-2301990945-3538829572-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-3035199990-2301990945-3538829572-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\S-1-5-21-3035199990-2301990945-3538829572-1005 -> DefaultScope {911E7DFB-B66D-4636-8C11-DC1A943FFC2E} URL =
SearchScopes: HKU\S-1-5-21-3035199990-2301990945-3538829572-1005 -> {911E7DFB-B66D-4636-8C11-DC1A943FFC2E} URL =
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.11.2.7\coIEPlg.dll [2017-11-10] (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-01-18] (Oracle Corporation)
BHO: Face recognition web login for FastAccess -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll [2014-10-14] (Sensible Vision )
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-18] (Oracle Corporation)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.11.2.7\coIEPlg.dll [2017-11-10] (Symantec Corporation)
BHO-x32: Face recognition web login for FastAccess -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll [2014-10-14] (Sensible Vision )
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.11.2.7\coIEPlg.dll [2017-11-10] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.11.2.7\coIEPlg.dll [2017-11-10] (Symantec Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)

FireFox:
========
FF DefaultProfile: j3ekf5t5.default
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\j3ekf5t5.default [2018-02-17]
FF HKLM-x32\...\Firefox\Extensions: [fassoxpcom@sensiblevision.com] - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso
FF Extension: (FastAccess Web Login) - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso [2015-03-22] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-09] ()
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-18] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-02-25] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-09] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-04-08] (Citrix Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-02-25] (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @sensiblevision.com/FastAccess,version=4.1.110 -> C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso\nprt.dll [2014-05-23] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3035199990-2301990945-3538829572-1005: @talk.google.com/GoogleTalkPlugin -> C:\Users\Admin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3035199990-2301990945-3538829572-1005: @talk.google.com/O1DPlugin -> C:\Users\Admin\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3035199990-2301990945-3538829572-1005: @tools.google.com/Google Update;version=3 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3035199990-2301990945-3538829572-1005: @tools.google.com/Google Update;version=9 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2017-09-22]
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-08-31]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-31]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-31]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-31]
CHR Extension: (Norton Security Toolbar) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-09-22]
CHR Extension: (Adobe Acrobat) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-08-31]
CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-08-31]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-22]
CHR Extension: (Norton Identity Safe) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-08-31]
CHR Extension: (Google Hangouts) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-08-31]
CHR Extension: (Skype) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-08-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-31]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-31]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-31]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.11.2.7\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3035199990-2301990945-3538829572-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.11.2.7\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [2723872 2017-12-22] (Acronis International GmbH)
R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1216760 2017-12-22] ()
R2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [6096688 2018-01-13] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
S2 CLKMSVC10_99E320F5; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe [303544 2015-07-24] (CyberLink)
R2 DAMSvc; C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe [4260112 2013-11-15] (Nuance Communications, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-10] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-10] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-02-08] (Dropbox, Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [232320 2017-11-21] (Dell Inc.)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2016-04-05] () [File not signed]
R2 FoxitReaderService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1659456 2017-10-29] (Foxit Software Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [183448 2017-05-19] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373760 2016-11-07] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-10-16] (Intel Corporation)
R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4808088 2017-09-26] (Acronis International GmbH)
S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [3004128 2017-09-26] (Acronis International GmbH)
S3 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1742464 2017-12-22] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [269480 2017-08-07] ()
R2 NS; C:\Program Files\Norton Security\Engine\22.11.2.7\NS.exe [326144 2017-11-10] (Symantec Corporation)
R2 nxservice; C:\Program Files (x86)\NoMachine\bin\nxservice64.exe [983728 2017-01-31] (NoMachine)
R2 ovpnagent; C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe [900840 2017-08-14] ()
R2 prl_mobdisp; C:\Program Files (x86)\Parallels\Parallels Access\Application\amd64\prl_pm_service.exe [21201408 2015-03-13] (Parallels Holdings, Ltd. and its affiliates.) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2016-01-02] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7003048 2017-09-26] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [263264 2017-02-16] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10883824 2017-03-17] (TeamViewer GmbH)
R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [37248 2017-09-06] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-21] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3756200 2017-08-07] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.11.0.41\Definitions\BASHDefs\20180131.001\BHDrvx64.sys [1880144 2018-01-22] (Symantec Corporation)
S3 busenum; C:\WINDOWS\System32\drivers\SteelBus64.sys [146944 2014-10-08] (SteelSeries Corporation) [File not signed]
R1 ccSet_NS; C:\WINDOWS\system32\drivers\NSx64\160B020.007\ccSetx64.sys [187544 2017-11-10] (Symantec Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [100624 2015-06-08] (CyberLink)
S3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32960 2017-06-20] (Dell Inc.)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-06-20] (Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507984 2018-01-08] (Symantec Corporation)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [33448 2016-12-07] ()
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [152656 2018-01-08] (Symantec Corporation)
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2016-07-11] () [File not signed]
S3 facap; C:\WINDOWS\system32\DRIVERS\facap.sys [37888 2012-09-03] (Windows ® Win 7 DDK provider)
R2 file_protector; C:\WINDOWS\System32\DRIVERS\file_protector.sys [569392 2018-01-13] (Acronis International GmbH)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [379664 2018-01-13] (Acronis International GmbH)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [232936 2017-05-19] (Intel Corporation)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.11.0.41\Definitions\IPSDefs\20180201.001\IDSvia64.sys [1056920 2018-01-05] (Symantec Corporation)
R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [22216 2014-02-03] ()
R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [22728 2014-02-03] ()
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD.sys [44744 2014-02-03] ()
R3 kiox_ff_driver; C:\WINDOWS\System32\drivers\kiox_ff_driver.sys [41456 2015-06-15] (Kionix, Inc.)
R3 kmloop; C:\WINDOWS\System32\drivers\loop.sys [16896 2017-03-18] (Microsoft Corporation)
S3 LcUvcUpper; C:\WINDOWS\system32\DRIVERS\LcUvcUpper.sys [34424 2015-02-09] (Microsoft Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3521032 2017-10-10] (Intel Corporation)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [81736 2017-07-27] (Insecure.Com LLC.)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 nxaudio; C:\WINDOWS\system32\drivers\nxaudio.sys [17920 2014-04-22] (NoMachine)
R2 nxfs; C:\Program Files (x86)\NoMachine\bin\drivers\nxdisk\amd64\nxfs.sys [57008 2014-10-20] (NoMachine)
R2 nxusbf; C:\WINDOWS\System32\drivers\nxusbf.sys [87216 2015-03-02] (NoMachine)
R3 nxusbh; C:\WINDOWS\System32\drivers\nxusbh.sys [68096 2015-03-02] (NoMachine)
R3 nxusbs; C:\WINDOWS\System32\drivers\nxusbs.sys [10240 2015-03-02] (NoMachine)
R3 prl_virtual_sound; C:\WINDOWS\system32\DRIVERS\prl_virtual_sound.sys [46824 2015-03-13] (Parallels Holdings, Ltd. and its affiliates.)
R3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2016-06-14] (The OpenVPN Project)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896744 2016-01-02] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [444632 2013-10-18] (Realsil Semiconductor Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72288 2017-02-16] (Synaptics Incorporated)
R1 SRTSP; C:\WINDOWS\System32\Drivers\NSx64\160B020.007\SRTSP64.SYS [812696 2017-11-10] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NSx64\160B020.007\SRTSPX64.SYS [49304 2017-11-10] (Symantec Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NSx64\160B020.007\SYMEFASI64.SYS [1938584 2017-11-10] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NSx64\160B020.007\SymELAM.sys [24608 2017-11-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [102600 2017-11-15] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NSx64\160B020.007\Ironx64.SYS [309984 2017-11-10] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\NSx64\160B020.007\SYMNETS.SYS [566936 2017-11-10] (Symantec Corporation)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2017-09-06] (The OpenVPN Project)
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1310552 2018-01-13] (Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [213336 2018-01-13] (Acronis International GmbH)
S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [690520 2018-01-13] (Acronis International GmbH)
R3 USBPcap; C:\WINDOWS\system32\DRIVERS\USBPcap.sys [50224 2017-08-20] (USBPcap)
R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [196040 2017-09-13] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [206976 2017-09-13] (Oracle Corporation)
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [331976 2018-01-13] (Acronis International GmbH)
R0 volume_tracker; C:\WINDOWS\System32\DRIVERS\volume_tracker.sys [243472 2018-01-13] (Acronis International GmbH)
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [52592 2014-11-19] (Cisco Systems, Inc.)
R0 vsock; C:\WINDOWS\system32\DRIVERS\vsock.sys [91712 2016-09-30] (VMware, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [254976 2013-10-13] (Jungo)
R2 XilinxPC4Driver; C:\WINDOWS\System32\drivers\xpc4drvr.sys [27384 2013-10-13] (Xilinx, Inc.)
U4 npcap_wifi; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-17 17:25 - 2018-02-17 17:27 - 000000000 ____D C:\FRST
2018-02-17 17:24 - 2018-02-17 17:27 - 000000000 ____D C:\Users\Admin\Downloads\Virus_Test
2018-02-17 17:23 - 2018-02-17 17:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-02-08 13:10 - 2018-02-08 13:10 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-02-08 13:10 - 2018-02-08 13:10 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-02-08 13:10 - 2018-02-08 13:10 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-02-08 13:10 - 2018-02-08 13:10 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-02-01 14:10 - 2018-02-01 14:10 - 000000233 _____ C:\WINDOWS\SysWOW64\[192.168.0.43]
2018-02-01 14:10 - 2018-02-01 14:10 - 000000231 _____ C:\WINDOWS\SysWOW64\192.168.0.43
2018-02-01 14:10 - 2018-02-01 14:10 - 000000230 _____ C:\WINDOWS\SysWOW64\192.168.0.1
2018-02-01 14:09 - 2018-02-01 14:09 - 000001038 _____ C:\Users\Admin\Desktop\Nmap - Zenmap GUI.lnk
2018-02-01 14:09 - 2018-02-01 14:09 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap
2018-02-01 14:06 - 2018-02-01 14:08 - 000000000 ____D C:\Program Files (x86)\Nmap
2018-02-01 14:06 - 2018-02-01 14:07 - 000000000 ____D C:\Program Files\Npcap
2018-02-01 14:06 - 2018-02-01 14:06 - 000000000 ____D C:\WINDOWS\SysWOW64\Npcap
2018-02-01 14:06 - 2018-02-01 14:06 - 000000000 ____D C:\WINDOWS\system32\Npcap
2018-02-01 11:18 - 2018-02-01 11:18 - 000000764 _____ C:\Users\kwjor_000\Documents\Wireshark_02.pcapng
2018-02-01 11:09 - 2018-02-01 11:09 - 000527516 _____ C:\Users\kwjor_000\Documents\Wireshark_01.pcapng
2018-02-01 09:37 - 2018-02-01 09:37 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2018-01-26 09:10 - 2018-02-17 17:21 - 000000021 _____ C:\WINDOWS\S.dirmngr
2018-01-24 13:14 - 2018-01-24 13:14 - 000001818 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-01-24 13:14 - 2018-01-24 13:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-01-24 13:14 - 2018-01-24 13:14 - 000000000 ____D C:\Program Files\iTunes
2018-01-24 13:14 - 2018-01-24 13:14 - 000000000 ____D C:\Program Files\iPod
2018-01-24 13:09 - 2018-01-24 13:09 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2018-01-24 13:09 - 2018-01-24 13:09 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2018-01-18 10:37 - 2018-01-18 10:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Log Parser 2.2
2018-01-18 10:37 - 2018-01-18 10:37 - 000000000 ____D C:\Program Files (x86)\Log Parser 2.2
2018-01-18 10:27 - 2018-01-18 10:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IISLogger
2018-01-18 10:27 - 2018-01-18 10:27 - 000000000 ____D C:\Program Files (x86)\IISlogger
2018-01-18 10:26 - 2018-01-18 10:26 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS
2018-01-18 10:26 - 2018-01-18 10:26 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2018-01-18 10:26 - 2018-01-18 10:26 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2018-01-18 10:26 - 2018-01-18 10:26 - 000000000 ____D C:\inetpub
2018-01-18 10:15 - 2018-01-18 10:15 - 004716802 _____ (Adiscon ) C:\Users\Admin\Downloads\iislogger.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-17 17:27 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-02-17 17:26 - 2017-10-19 10:00 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2018-02-17 17:24 - 2017-07-21 14:14 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3035199990-2301990945-3538829572-1005
2018-02-17 17:24 - 2017-02-10 10:23 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-02-17 17:24 - 2016-04-08 09:27 - 000002369 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-02-17 17:24 - 2016-04-08 09:27 - 000000000 ___RD C:\Users\Admin\OneDrive
2018-02-17 17:24 - 2016-04-08 09:26 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Parallels
2018-02-17 17:22 - 2017-04-09 11:51 - 000000000 ___HD C:\Users\Admin\.nx
2018-02-17 17:22 - 2015-05-15 17:04 - 000000000 ____D C:\ProgramData\Parallels
2018-02-17 17:21 - 2017-09-08 18:30 - 000190664 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_99E320F5.sys
2018-02-17 17:21 - 2017-09-01 17:30 - 000000000 ____D C:\ProgramData\VMware
2018-02-17 17:21 - 2017-07-21 13:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-02-17 17:21 - 2017-07-21 13:25 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-02-17 17:21 - 2017-07-21 13:25 - 000000000 ____D C:\Users\Admin
2018-02-17 17:21 - 2017-03-18 04:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-02-17 17:21 - 2016-11-19 16:32 - 000000000 ____D C:\Program Files (x86)\mozilla firefox
2018-02-17 17:21 - 2016-04-08 09:26 - 000000000 __SHD C:\Users\Admin\IntelGraphicsProfiles
2018-02-17 17:21 - 2015-03-22 16:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-01 21:32 - 2016-11-20 15:24 - 000000000 ____D C:\Users\kwjor_000\AppData\LocalLow\Mozilla
2018-02-01 20:48 - 2017-04-29 16:59 - 000000000 ____D C:\Users\kwjor_000\AppData\Roaming\Anki2
2018-02-01 20:01 - 2017-07-21 13:24 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-02-01 15:36 - 2017-07-21 12:14 - 000000000 ___DC C:\WINDOWS\Panther
2018-02-01 14:34 - 2018-01-13 10:15 - 000000000 ____D C:\Program Files (x86)\Dell Update
2018-02-01 14:34 - 2017-10-21 18:41 - 000000000 ____D C:\Program Files (x86)\TunnelBear
2018-02-01 14:07 - 2017-03-18 14:01 - 000000000 ____D C:\WINDOWS\INF
2018-02-01 14:06 - 2014-07-07 09:54 - 000000000 ____D C:\ProgramData\Package Cache
2018-02-01 10:11 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-02-01 10:09 - 2015-04-01 20:38 - 000000000 ____D C:\Users\kwjor_000\AppData\Local\CrashDumps
2018-02-01 09:11 - 2017-07-21 13:30 - 000000000 ____D C:\Users\nx\.nx
2018-02-01 09:11 - 2017-03-18 14:03 - 000000000 ___HD C:\Program Files\WindowsApps
2018-02-01 09:06 - 2017-04-08 16:06 - 000000000 ___HD C:\Users\kwjor_000\.nx
2018-01-31 17:20 - 2017-07-21 13:32 - 002805658 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-30 21:19 - 2015-03-22 19:12 - 000000000 ____D C:\Users\kwjor_000\AppData\Local\Spotify
2018-01-30 21:16 - 2015-03-22 19:11 - 000000000 ____D C:\Users\kwjor_000\AppData\Roaming\Spotify
2018-01-29 16:28 - 2018-01-10 11:33 - 000000000 ____D C:\Users\kwjor_000\PycharmProjects
2018-01-29 11:56 - 2015-07-31 19:22 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-01-29 09:55 - 2015-03-22 17:36 - 000000000 ____D C:\Users\kwjor_000\AppData\Roaming\vlc
2018-01-28 16:21 - 2015-03-22 15:57 - 000000000 ____D C:\Users\kwjor_000\AppData\Local\Packages
2018-01-28 09:44 - 2017-09-13 13:53 - 000000000 ____D C:\Users\kwjor_000\AppData\Roaming\MusicBee
2018-01-26 21:47 - 2015-05-15 17:04 - 000000000 ____D C:\Users\kwjor_000\AppData\Roaming\Parallels
2018-01-26 21:46 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-01-26 21:46 - 2015-03-23 11:48 - 000000000 ____D C:\Users\kwjor_000\AppData\Local\Adobe
2018-01-26 21:45 - 2016-07-25 13:50 - 000000000 ____D C:\Users\Admin\AppData\Local\Adobe
2018-01-26 09:12 - 2017-02-07 21:19 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Mozilla
2018-01-26 09:10 - 2018-01-13 10:30 - 000000352 _____ C:\WINDOWS\Tasks\HPCeeScheduleForAdmin.job
2018-01-26 00:05 - 2017-03-18 04:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2018-01-25 22:14 - 2017-08-05 17:50 - 000004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1CD7E1A4-8F20-4B14-9B0D-EC5E21A53BCC}
2018-01-25 22:04 - 2018-01-13 10:30 - 000003244 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForAdmin
2018-01-25 21:59 - 2018-01-11 18:38 - 000000000 ____D C:\Program Files\rempl
2018-01-25 14:36 - 2017-09-12 19:55 - 000000000 ____D C:\Program Files (x86)\MusicBee
2018-01-24 13:09 - 2015-03-22 18:19 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2018-01-24 09:40 - 2017-07-22 14:12 - 000003384 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3035199990-2301990945-3538829572-1001
2018-01-24 09:40 - 2015-08-01 21:09 - 000002381 _____ C:\Users\kwjor_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-01-24 09:40 - 2015-03-22 16:00 - 000000000 __RDO C:\Users\kwjor_000\OneDrive
2018-01-21 19:53 - 2017-07-16 10:21 - 000000000 ____D C:\Windows10Upgrade
2018-01-21 19:52 - 2018-01-08 17:41 - 000000733 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2018-01-21 19:52 - 2018-01-08 17:41 - 000000721 _____ C:\Users\Admin\Desktop\Windows 10 Update Assistant.lnk
2018-01-18 14:05 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\rescache
2018-01-18 10:26 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2018-01-18 10:26 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2018-01-18 10:26 - 2017-03-18 13:59 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2018-01-18 10:26 - 2017-03-18 13:59 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2018-01-18 10:26 - 2017-03-18 13:59 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2018-01-18 10:26 - 2017-03-18 13:59 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2018-01-18 10:26 - 2017-03-18 13:59 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2018-01-18 10:26 - 2017-03-18 13:59 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2018-01-18 10:26 - 2017-03-18 13:59 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2018-01-18 10:26 - 2017-03-18 13:59 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2018-01-18 10:26 - 2017-03-18 13:59 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2018-01-18 10:26 - 2017-03-18 13:59 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2018-01-18 10:26 - 2017-03-18 13:59 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2018-01-18 10:26 - 2017-03-18 13:59 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2018-01-18 10:26 - 2017-03-18 13:59 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2018-01-18 10:26 - 2017-03-18 13:59 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2018-01-18 10:26 - 2017-03-18 13:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-18 10:25 - 2017-07-21 13:24 - 000389488 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-18 10:12 - 2015-03-22 16:56 - 000000000 ____D C:\ProgramData\Oracle
2018-01-18 09:59 - 2015-03-22 16:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-01-18 09:59 - 2015-03-22 16:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2018-01-18 09:59 - 2015-03-22 16:55 - 000000000 ____D C:\Program Files\Java
2018-01-18 09:58 - 2015-03-22 16:56 - 000110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll

==================== Files in the root of some directories =======

2015-07-15 10:46 - 2015-07-15 10:07 - 000873984 _____ () C:\Users\cygwin64\setup-x86_64.exe
2017-08-20 16:04 - 2017-08-20 16:04 - 000000000 _____ () C:\Users\kwjor_000\.mongorc.js
2015-05-15 17:10 - 2015-05-15 17:26 - 092042784 _____ (Parallels Software International Inc                         ) C:\Users\kwjor_000\ParallelsAccess-2.5.2-29536-win.exe
2015-07-26 18:04 - 2016-02-25 10:47 - 021405208 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2016-04-08 09:26 - 2018-02-17 17:25 - 000157296 _____ () C:\Users\Admin\AppData\Local\parallels-pax.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-25 14:21

==================== End of FRST.txt ============================



#6 kwjamesblond

kwjamesblond
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 17 February 2018 - 07:45 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.02.2018
Ran by Admin (17-02-2018 17:28:08)
Running from C:\Users\Admin\Downloads\Virus_Test
Windows 10 Home Version 1703 15063.850 (X64) (2017-07-21 20:37:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-3035199990-2301990945-3538829572-1005 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-3035199990-2301990945-3538829572-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3035199990-2301990945-3538829572-503 - Limited - Disabled)
Guest (S-1-5-21-3035199990-2301990945-3538829572-501 - Limited - Disabled)
Kylor W. Jones (S-1-5-21-3035199990-2301990945-3538829572-1001 - Limited - Enabled) => C:\Users\kwjor_000
nx (S-1-5-21-3035199990-2301990945-3538829572-1006 - Administrator - Enabled) => C:\Users\nx

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Security (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acronis True Image (HKLM-x32\...\{027399E9-B197-43FF-BE79-490D9F106DDF}) (Version: 22.5.10640 - Acronis) Hidden
Acronis True Image (HKLM-x32\...\{027399E9-B197-43FF-BE79-490D9F106DDF}Visible) (Version: 22.5.10640 - Acronis)
Acronis Universal Boot Media Builder (HKLM-x32\...\{8FAB072E-6028-4BCD-A6CD-D179E4860073}) (Version: 11.5.38938 - Acronis)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon) <==== ATTENTION
Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.3.3 - Angry IP Scanner)
Anki (HKLM-x32\...\Anki) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version:  - )
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.4.01054 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{6E1B1FD4-87EF-4335-A8F7-6549B36B28A3}) (Version: 4.4.01054 - Cisco Systems, Inc.) Hidden
Cisco Packet Tracer 6.1.1 Student (HKLM-x32\...\Cisco Packet Tracer 6.1.1 Student_is1) (Version:  - Cisco Systems, Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.2.100.14 - Citrix Systems, Inc.)
Corel WinDVD (HKLM-x32\...\{5849AFE4-802B-4C4D-A79F-F988C2BB7A7F}) (Version: 11 - Corel Inc.) Hidden
Corel WinDVD Pro 11 (HKLM-x32\...\_{991D8429-CFD9-48D9-BD85-6EDD3007B5A9}) (Version: 11.0.0.289 - Corel Inc.)
CPUID CPU-Z 1.80.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.80.1 - )
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink PowerProducer 5.5 (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.5.3.7516 - CyberLink Corp.)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)
Dell System Detect (HKU\S-1-5-21-3035199990-2301990945-3538829572-1005\...\d24084d039586cae) (Version: 8.5.0.4 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.55 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{632610E3-5B12-403C-9C93-EF533ED1C113}) (Version: 1.10.5.0 - Dell Inc.)
doubleTwist Sync (HKLM-x32\...\doubleTwist) (Version: 4.0.4.19779 - doubleTwist Corporation)
Dragon Assistant 3 (HKLM-x32\...\{4693847A-7139-4CF4-B274-916C046C9E50}) (Version: 3.0.219 - Nuance Communications Inc.)
Dragon Assistant 3 Language Data Pack en_US (HKLM-x32\...\{532A5345-1A42-4C55-B56E-CE753D0BAA02}) (Version: 3.0.219 - Nuance Communications Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 43.4.50 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
EaseUS Partition Master 12.8 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
EZ Vinyl/Tape Converter 11.7.0 (HKLM-x32\...\EZ Vinyl/Tape Converter_is1) (Version: 11.7.0 - inMusic Brands Inc)
Face Recognition (HKLM\...\{3CEF2DC2-D617-42E4-9DC4-D6A39CCC6843}) (Version: 4.1.219.1 - Sensible Vision)
foobar2000 v1.3.16 (HKLM-x32\...\foobar2000) (Version: 1.3.16 - Peter Pawlowski)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.0.0.29935 - Foxit Software Inc.)
GlassFish Server Open Source Edition 4.1 (HKLM\...\nbi-glassfish-mod-4.1.0.13.0) (Version:  - )
Google App Engine (HKLM-x32\...\{AE01093D-007D-11DD-A3C1-001636EEECBD}) (Version: 1.9.61.0 - Google Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Gpg4win (2.3.1) (HKLM-x32\...\GPG4Win) (Version: 2.3.1 - The Gpg4win Project)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 6520 series Basic Device Software (HKLM\...\{1151BCF8-3246-4E34-9C17-22E66318C41C}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 6520 series Help (HKLM-x32\...\{D3293275-1002-41F5-BC37-099B4251FF5B}) (Version: 28.0.0 - Hewlett Packard)
HP Photosmart 6520 series Product Improvement Study (HKLM\...\{F144E07C-4019-4092-BE25-B57819C97D2F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.4.19.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.7.27.15 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
ICA (HKLM-x32\...\{991D8429-CFD9-48D9-BD85-6EDD3007B5A9}) (Version: 1.0 - Corel Inc.) Hidden
IISLogger (HKLM-x32\...\{B1A7AA83-6D30-4234-866E-9B84404741D5}) (Version: 1.1.0.101 - Adiscon)
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1173 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 17.0.1414.3) (HKLM\...\{302600C1-6BDF-4FD1-1403-148929CC1385}) (Version: 17.0.1403.0442 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{1D5C9D08-546D-4A7E-B0F1-F33E94257B09}) (Version: 5.0.10.2832 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000080-0190-1033-84C8-B8D95FA3C8C3}) (Version: 19.80.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{8060a69f-ee27-444b-b126-775f861232ea}) (Version: 20.0.2 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
IPM (HKLM-x32\...\{82A34D1B-A36C-4B53-BFC8-2F3FDB32CFD9}) (Version: 1.00.0000 - Corel Inc.) Hidden
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java SE Development Kit 8 Update 40 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180400}) (Version: 8.0.400.26 - Oracle Corporation)
Java SE Development Kit 8 Update 66 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180660}) (Version: 8.0.660.17 - Oracle Corporation)
JetBrains PyCharm Community Edition 2017.3.2 (HKLM-x32\...\PyCharm Community Edition 2017.3.2) (Version: 173.4127.16 - JetBrains s.r.o.)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version:  - LEGO A/S)
LibreOffice 5.0.2.2 (HKLM\...\{7A0F2924-C991-40C2-851D-14DAE2E398DF}) (Version: 5.0.2.2 - The Document Foundation)
Log Parser 2.2 (HKLM-x32\...\{4AC23178-EEBC-4BAF-8CC0-AB15C8897AC9}) (Version: 2.2.10 - Microsoft Corporation)
Master of Orion (HKLM-x32\...\1207661623_is1) (Version: 2.1.0.17 - GOG.com)
Master of Orion 2 (HKLM-x32\...\1207661633_is1) (Version: 2.1.0.17 - GOG.com)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Baseline Security Analyzer 2.2 (HKLM\...\{08C3441C-4FAF-48D3-A551-70DD6031734F}) (Version: 2.2.2170 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{B45FABE7-D101-4D99-A671-E16DA40AF7F0}) (Version: 3.0.86.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{B578C85A-A84C-4230-A177-C5B2AF565B8C}) (Version: 3.0.17.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3035199990-2301990945-3538829572-1005\...\OneDriveSetup.exe) (Version: 17.005.0107.0008 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MiniTool Partition Wizard Free 10.2.2 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
MongoDB 3.2.17 2008R2Plus SSL (64 bit) (HKLM\...\{2DA96B28-05F9-4822-A8C3-3AC7D44056CD}) (Version: 3.2.17 - MongoDB)
Mozilla Firefox 52.5.3 ESR (x64 en-US) (HKLM\...\Mozilla Firefox 52.5.3 ESR (x64 en-US)) (Version: 52.5.3 - Mozilla)
Mozilla Firefox 58.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.1 (x64 en-US)) (Version: 58.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 58.0.1.6602 - Mozilla)
MusicBee 3.1 (HKLM-x32\...\MusicBee) (Version: 3.1 - Steven Mayall)
NetBeans IDE 8.0.2 (HKLM\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org)
Nmap 7.60 (HKLM-x32\...\Nmap) (Version: 7.60 - )
NoMachine (HKLM-x32\...\NoMachine_is1) (Version: 5.2.11 - NoMachine S.a.r.l.)
Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 7.1.0.26 - Symantec Corporation)
Norton Security (HKLM-x32\...\NS) (Version: 22.11.2.7 - Symantec Corporation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.4 - Notepad++ Team)
Npcap 0.93 (HKLM-x32\...\NpcapInst) (Version: 0.93 - Nmap Project)
NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
Online Plug-in (HKLM-x32\...\{C0F6F192-C145-44AF-8D68-CC6F91DE9F9B}) (Version: 14.2.100.14 - Citrix Systems, Inc.) Hidden
Oracle VM VirtualBox 5.1.28 (HKLM\...\{11BAF690-37C7-4A56-B518-3696BD15592F}) (Version: 5.1.28 - Oracle Corporation)
ORM Studio Community (HKLM-x32\...\ORM Studio Community) (Version: 1.66 - Viev Pty Ltd)
ORMLite 0.13b (HKLM-x32\...\ORMLite_is1) (Version:  - )
Parallels Access (HKLM-x32\...\{458B3F55-2F80-4391-BDF5-0EA426FACAD4}) (Version: 2.5.2.29536 - Parallels Software International Inc)
Photosmart 140,240,7200,7600,7700,7900 Series (HKLM-x32\...\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}) (Version: 2.0 - Hewlett-Packard)
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
PrivateTunnel (HKLM-x32\...\PrivateTunnel) (Version: 2.8.4.0 - OpenVPN Technologies)
PSShortcutsP (HKLM-x32\...\{DE2EBD6F-81B6-4E9A-B137-C11FD6790CFF}) (Version: 1.01.0000 - Hewlett-Packard) Hidden
PSUsage (HKLM-x32\...\{EFE26D3B-2789-4068-A5BB-77E389FAEB98}) (Version: 1.30.0000 - Hewlett-Packard) Hidden
Python 3.6.4 Add to Path (32-bit) (HKLM-x32\...\{B7F6071F-CC88-469C-9AC6-BEBA83594819}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Core Interpreter (32-bit) (HKLM-x32\...\{D188614B-E656-4EF1-9F5A-23559EBE8F5A}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Development Libraries (32-bit) (HKLM-x32\...\{C3797E33-967D-4687-8F1A-9DE771A00125}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Documentation (32-bit) (HKLM-x32\...\{E09874D3-E898-4AB6-B043-EE24DF786088}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Executables (32-bit) (HKLM-x32\...\{47A75DB9-F3F5-4697-9261-DBA5162DBB9E}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 pip Bootstrap (32-bit) (HKLM-x32\...\{54142B43-2FA5-4BBA-BF03-27C10EB50C1E}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Standard Library (32-bit) (HKLM-x32\...\{2832768E-9BCA-4421-950C-7186B3BDFC45}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Tcl/Tk Support (32-bit) (HKLM-x32\...\{20888FA1-8127-42E3-969F-9BF93245AC83}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Test Suite (32-bit) (HKLM-x32\...\{D14FB2FA-51B2-415C-93BF-5053102235EE}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Utility Scripts (32-bit) (HKLM-x32\...\{D0730E44-E519-4F39-B926-E2FC0449D67C}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{B42FF40A-60D4-4096-AC47-C86153D72797}) (Version: 3.6.6196.0 - Python Software Foundation)
QFolder (HKLM-x32\...\{8777AC6D-89F9-4793-8266-DE406F343E89}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.15 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Respondus LockDown Browser 2 (HKLM-x32\...\{BBC7F69B-7A94-41E9-8A4B-B55A8D06431F}) (Version: 2.00.0000 - Respondus)
Robo 3T 1.1.1 (HKLM-x32\...\Robo 3T 1.1.1) (Version: 1.1.1 - 3T Software Labs Ltd)
Rosetta Stone Language Training (HKLM-x32\...\{00384623-4937-4D7D-BDD9-23513D1C50AB}) (Version: 5.0.37.0 - Rosetta Stone, Ltd)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Setup (HKLM-x32\...\{2E5C5BC1-9285-45DA-8885-29AFEA541C52}) (Version: 11.0 - Corel Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.39 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.39.102 - Skype Technologies S.A.)
SolarWinds Advanced Subnet Calculator (HKLM-x32\...\{01ED1AFB-D352-413B-8415-5DC5F1D23983}) (Version: 9.1 - SolarWinds) Hidden
SolarWinds Advanced Subnet Calculator (HKLM-x32\...\InstallShield_{01ED1AFB-D352-413B-8415-5DC5F1D23983}) (Version: 9.1 - SolarWinds)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.11.0046 - ST Microelectronics)
STAR WARS® - Galactic Battlegrounds Saga (HKLM-x32\...\1421404646_is1) (Version: 2.0.0.2 - GOG.com)
StarCraft (HKLM-x32\...\StarCraft) (Version:  - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.75813 - TeamViewer)
ThinLinc Client 4.7.0 (HKLM-x32\...\tlclient) (Version:  - )
TouchCopy 12 (x64) (HKLM\...\{79B3D2A5-74C1-4216-979F-D14C9BCDF463}) (Version: 12.79 - Wide Angle Software)
TunnelBear (HKLM-x32\...\{8092fbe5-9e59-4729-a5de-5bb6a64873cc}) (Version: 3.0.37.12 - TunnelBear)
TunnelBear (HKLM-x32\...\{ABC9BE61-B890-4100-BCA4-5AC3BF1F3CB5}) (Version: 3.0.37.12 - TunnelBear) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{AC0D130B-8809-4125-811F-667893B90644}) (Version: 2.11.0.0 - Microsoft Corporation)
USBFast (HKLM-x32\...\{AED142A8-96EA-42DE-B212-60BFC98D6CC7}) (Version: 1.3.0.30 - Prolific Technology Inc.)
USBPcap 1.2.0.3 (HKLM\...\USBPcap) (Version: 1.2.0.3 - Tomasz Mon)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VMware Player (HKLM\...\{E5DF3245-80CF-48E8-AE2F-22D4D2DDD805}) (Version: 12.5.7 - VMware, Inc.)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22334 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 2.4.2 64-bit (HKLM-x32\...\Wireshark) (Version: 2.4.2 - The Wireshark developer community, hxxps://www.wireshark.org)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3035199990-2301990945-3538829572-1005_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3035199990-2301990945-3538829572-1005_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3035199990-2301990945-3538829572-1005_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [     AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [     AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [     AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [     AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} =>  -> No File
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-12-31] ()
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt_20170908_19_58_50.dll [2016-09-12] (Cyberlink)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2017-10-21] (Foxit Software Inc.)
ContextMenuHandlers1: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\GNU\GnuPG\bin\gpgex.dll [2016-04-05] (g10 Code GmbH)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.11.2.7\NavShExt.dll [2017-11-10] (Symantec Corporation)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt_20170908_19_58_50.dll [2016-09-12] (Cyberlink)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.11.2.7\NavShExt.dll [2017-11-10] (Symantec Corporation)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll [2017-06-19] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2017-06-19] (VMware, Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\GNU\GnuPG\bin\gpgex.dll [2016-04-05] (g10 Code GmbH)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-07] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2016-11-07] (Intel Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2017-10-21] (Foxit Software Inc.)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.11.2.7\NavShExt.dll [2017-11-10] (Symantec Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {033DA59A-6CEC-4E16-935E-FE31A0134293} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3035199990-2301990945-3538829572-1001UA => C:\Users\kwjor_000\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-03] (Google Inc.)
Task: {099BD8CC-E901-476A-8145-2909169D16C5} - \Microsoft\Windows\Shell\FamilySafetyUpload -> No File <==== ATTENTION
Task: {0B454500-D895-48F3-A346-337AB951E21B} - \Synaptics TouchPad Enhancements -> No File <==== ATTENTION
Task: {0BF17B6F-0E3F-4ABA-9D4A-37D4311AD434} - \Hewlett-Packard\HP Support Assistant\PC Health Analysis -> No File <==== ATTENTION
Task: {1253AC2C-AB0A-4F1C-9766-9F6E0044C6E2} - \Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources -> No File <==== ATTENTION
Task: {1A4230A2-E136-4936-9B22-DDF624BB8332} - \Microsoft\Windows\IME\SQM data sender -> No File <==== ATTENTION
Task: {2243366F-B72E-4BD9-953C-8478FBD38D07} - \Microsoft\XblGameSave\XblGameSaveTaskLogon -> No File <==== ATTENTION
Task: {2BA818AC-E800-49AB-B19B-05CBDFFD639D} - \PocketCloudUpdater -> No File <==== ATTENTION
Task: {2CCFE77C-0863-4D24-80E1-BA62745E132A} - \Dell\Dell Product Registration Update -> No File <==== ATTENTION
Task: {310E7176-6D18-48F5-AC35-BD68D254FEC9} - \Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate -> No File <==== ATTENTION
Task: {32535DDC-FDB5-495B-B18A-10C9C837311C} - \Optimize Start Menu Cache Files-S-1-5-21-3035199990-2301990945-3538829572-1001 -> No File <==== ATTENTION
Task: {34428C36-05EE-491F-B1B4-60331675CF32} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - \Microsoft\Windows\Workplace Join\Automatic-Workplace-Join -> No File <==== ATTENTION
Task: {3604299C-7807-4B7F-8607-1FFDC1E2B1B9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {44430731-48AE-4D07-8821-30AFFA4177A1} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.11.2.7\SymErr.exe [2017-11-10] (Symantec Corporation)
Task: {4455352F-8963-4323-8CF4-839B8AD48131} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4520E8A9-AF06-4122-859B-E4B655B29B36} - \Microsoft\Windows\AppID\SmartScreenSpecific -> No File <==== ATTENTION
Task: {464741FA-4DA4-485C-8B96-464AEE2DAE9C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-27] (Google Inc.)
Task: {4669CF3C-1D4E-42E0-B7A5-DD13174AFD0F} - \Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start -> No File <==== ATTENTION
Task: {4FB702C3-1D07-4278-A92F-CB42C44BEDD5} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {5172F7E7-47A7-4B3C-B516-43ABF445316F} - \DropboxUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {51B7FB15-4DCB-400E-9A98-10E802F21FB3} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff -> No File <==== ATTENTION
Task: {5272E6F8-CB66-4092-B3E5-4B62F2C5C63A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-27] (Google Inc.)
Task: {591A7DD5-7D1B-47B7-86E9-645CC15EB325} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - \Microsoft\Windows\Customer Experience Improvement Program\BthSQM -> No File <==== ATTENTION
Task: {5BFCC90E-C804-4C3B-904D-EEEB2EBB2891} - \Microsoft\Windows\WindowsUpdate\Scheduled Start With Network -> No File <==== ATTENTION
Task: {5CCBE4C1-7B9A-4048-B000-F6B537D85E1D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {5EE7A123-384C-4E79-B0A0-1C1FE518C5A3} - \Dell\Dell Product Registration -> No File <==== ATTENTION
Task: {611C823C-437B-46E7-9683-5312DFFCFD7B} - \Microsoft\Windows\UpdateOrchestrator\Policy Install -> No File <==== ATTENTION
Task: {6392CDC5-6E33-4B67-9C3F-12692AB83A9E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6D9DBC67-AA30-4936-899A-3C697DC098C8} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - \Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task -> No File <==== ATTENTION
Task: {6FEED656-9EC2-46D5-A76C-793DAC1F3808} - \{51090019-65AA-4852-B0AE-E985876A73A8} -> No File <==== ATTENTION
Task: {73280D06-0BE7-4E77-90D7-5AA3F874E53C} - \Microsoft\Windows\WindowsUpdate\AUSessionConnect -> No File <==== ATTENTION
Task: {74DDF1C2-22BC-4A25-8A8A-62581B8BE471} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {7B3C0768-EA1C-434D-AC5E-753CF6E56F70} - \DropboxUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {848DCC36-520C-4946-BF68-C7EFFEFA2F84} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - \Microsoft\Windows\SkyDrive\Routine Maintenance Task -> No File <==== ATTENTION
Task: {89665BBF-7249-46C8-A182-E0C58DA8A057} - \HPCustParticipation HP Photosmart 6520 series -> No File <==== ATTENTION
Task: {8E48256B-9C34-4524-B243-63C1B3ED4994} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {91E5669F-077A-4B5C-A711-325669734F9D} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {924CFC10-6E36-4578-9D50-922AEBF2620F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {9849F00F-87AF-40DC-A85D-803AAF3F6A43} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9D5D42AA-B5B2-4540-9753-678703CDC5D3} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {9EE2493A-414A-4F2B-880C-693118F03862} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_137_pepper.exe [2018-01-09] (Adobe Systems Incorporated)
Task: {9EEDC55D-902B-4654-B390-7D33E1060967} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2017-11-10] (Symantec Corporation)
Task: {A5DBA07D-0F35-44B1-91B7-9937DC399CAE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A8B55D2A-AE92-4500-BB89-9B22A0ECC3D2} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
Task: {ACC6D68C-E906-40B1-B933-CD7BF8855B87} - \PocketCloud -> No File <==== ATTENTION
Task: {B320E058-C6FA-413F-876B-0C9B4428AE66} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6 -> No File <==== ATTENTION
Task: {B3895530-5B9F-4796-BECE-997905679303} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {B3D20710-3818-469F-81CC-CAD6E18AA905} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.11.2.7\WSCStub.exe [2017-11-10] (Symantec Corporation)
Task: {C092C4CF-76AD-4F58-9EB0-15E8D45BB370} - System32\Tasks\HPCeeScheduleForAdmin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {C10912B3-E608-4FC0-99FC-2D4931AEE23E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-01-10] (HP Inc.)
Task: {C27C29D8-FB84-43F8-B3F7-F910E4CFD6B2} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {C4178546-FEF3-4126-9ECC-AB1F93DA2CE1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3035199990-2301990945-3538829572-1001Core => C:\Users\kwjor_000\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-03] (Google Inc.)
Task: {C6B2579B-4962-4D12-883D-BBD420573A6C} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1 -> No File <==== ATTENTION
Task: {C70A93C1-B072-4564-95C6-77E3CFBD40C3} - \goloader1 -> No File <==== ATTENTION
Task: {C7C5E626-CA25-48C7-96C8-7508A65B7EFC} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.11.2.7\SymErr.exe [2017-11-10] (Symantec Corporation)
Task: {C9ACBFD2-20AA-4A3F-BE1A-A3D5279BB1BB} - \Microsoft\Windows\Plug and Play\Plug and Play Cleanup -> No File <==== ATTENTION
Task: {CCB131F9-24FF-4F65-86B7-E280EE8052BD} - \PocketCloudVirtualChannel -> No File <==== ATTENTION
Task: {CCD1E070-334D-445B-849A-26787B6A4A1A} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe [2015-07-22] (CyberLink Corp.)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor -> No File <==== ATTENTION
Task: {D19A2726-897E-4F7D-9CE4-0773B449CE9E} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork -> No File <==== ATTENTION
Task: {D4CAEF0E-C2E7-4C96-A632-926C8D05BAB4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D6BDC126-16EE-46A0-81A4-568014A389DA} - \Microsoft\Windows\WindowsUpdate\AUFirmwareInstall -> No File <==== ATTENTION
Task: {D94F51A0-33F0-48C3-A6EC-970E45F82A3C} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.11.2.7\SymErr.exe [2017-11-10] (Symantec Corporation)
Task: {DA43B2A1-F9B5-43C0-A41E-AAD3F1E53968} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E2753E60-FAE2-4BCF-9A61-E3700E460AE0} - System32\Tasks\Norton Remove and Reinstall\Norton Remove and Reinstall => C:\Users\kwjor_000\Downloads\New Downloads\Newer Downloads\Newest Downloads\NRnR.exe [2017-10-19] (Symantec Corporation)
Task: {E4AC9EDE-1E24-4700-9745-F7C86D7E717E} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d -> No File <==== ATTENTION
Task: {E6010D43-6AE7-4B59-8E67-EC78FD8E8E96} - \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler -> No File <==== ATTENTION
Task: {E77830C8-0EE5-46CB-8D31-4AEC48F30EB3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {E8765030-2AFB-4326-844F-E6269A5F4B42} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3035199990-2301990945-3538829572-1005Core => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2017-08-27] (Google Inc.)
Task: {EA3F661E-B31C-44A9-B40C-E3D5D56149D4} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> No File <==== ATTENTION
Task: {EAAE8F28-9C06-4636-ABDE-09E6149E0F20} - \Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval -> No File <==== ATTENTION
Task: {ECC01EB6-F4A9-44F4-9C4E-EA9518E17D71} - \Microsoft\Windows\WindowsUpdate\AUScheduledInstall -> No File <==== ATTENTION
Task: {ECC10AB0-1D30-47DB-B344-044DF03FD27F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3035199990-2301990945-3538829572-1005UA => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2017-08-27] (Google Inc.)
Task: {FBAAD703-D9F1-4174-BD36-D02F6640A440} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {FC14714A-8DF4-434E-B0B0-56F5C631CDC0} - \Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate -> No File <==== ATTENTION
Task: {FE5E68E2-E7E7-4B53-A61E-BB908C829DEF} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon -> No File <==== ATTENTION
Task: {FEDBF307-F2D2-43B2-AD53-FDFA5A3336C6} - \Microsoft\Windows\PLA\System\{D6F8AFB4-8E73-48E6-B996-1A147FD31A28}_System Diagnostics -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForAdmin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-04-08 16:03 - 2014-08-13 12:05 - 002203648 _____ () C:\WINDOWS\system32\nxlsa.DLL
2017-04-08 16:02 - 2017-01-31 15:09 - 000850608 _____ () C:\Program Files (x86)\NoMachine\bin\libnxlp64.dll
2017-12-22 01:00 - 2017-12-22 01:00 - 001216760 _____ () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-05 00:13 - 2018-01-05 00:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-01-13 15:34 - 2018-01-13 15:34 - 006096688 _____ () C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
2016-04-05 04:25 - 2016-04-05 04:25 - 000216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2015-05-19 09:11 - 2015-05-19 09:11 - 000007680 _____ () C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
2017-04-08 16:02 - 2017-01-31 15:09 - 000074928 _____ () C:\Program Files (x86)\NoMachine\bin\libnxfs64.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000881840 _____ () C:\Program Files (x86)\NoMachine\bin\libnxusb64.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 001382064 _____ () C:\Program Files (x86)\NoMachine\bin\libnxservice64.dll
2017-08-14 14:43 - 2017-08-14 14:43 - 000900840 _____ () C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe
2015-03-13 17:46 - 2015-03-13 17:46 - 000263680 _____ () C:\Program Files (x86)\Parallels\Parallels Access\Application\amd64\AbstractTask.dll
2017-09-06 16:48 - 2017-09-06 16:48 - 000037248 _____ () C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe
2013-08-22 11:40 - 2013-08-22 11:40 - 000016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2016-11-07 16:47 - 2016-11-07 16:47 - 000401920 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-09-26 13:41 - 2017-09-26 13:41 - 005825576 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2017-12-31 18:07 - 2017-12-31 18:07 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-03-18 13:58 - 2017-03-18 13:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 13:59 - 2017-03-18 19:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-14 11:32 - 2014-11-18 14:44 - 000255072 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.8\bin\TrayPopupE\TrayTipAgentE.exe
2017-09-26 13:41 - 2017-09-26 13:41 - 007003048 _____ () C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
2014-10-14 12:17 - 2014-10-14 12:17 - 000094000 _____ () C:\WINDOWS\SYSTEM32\FAIEExtension.DLL
2013-04-04 14:42 - 2013-04-04 14:42 - 000012424 _____ () C:\Program Files (x86)\Sensible Vision\Fast Access\MFCaptureD3D_2_DLL.dll
2017-02-28 13:24 - 2017-02-28 13:24 - 000073728 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2017-09-26 13:41 - 2017-09-26 13:41 - 000277538 _____ () C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\LIBMAGIC.dll
2017-09-26 13:41 - 2017-09-26 13:41 - 002386352 _____ () C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\xerces_c.dll
2017-09-26 13:41 - 2017-09-26 13:41 - 000160168 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\libevent.dll
2017-09-26 13:41 - 2017-09-26 13:41 - 000685488 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sqlite3.dll
2016-04-05 04:12 - 2016-04-05 04:12 - 000221696 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2016-04-05 04:01 - 2016-04-05 04:01 - 000050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2016-04-05 04:12 - 2016-04-05 04:12 - 000073728 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2016-04-05 04:15 - 2016-04-05 04:15 - 000750592 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2016-04-05 04:06 - 2016-04-05 04:06 - 000087552 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2017-12-22 01:44 - 2017-12-22 01:44 - 003485808 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\atih_mms_addon.dll
2017-12-22 01:43 - 2017-12-22 01:43 - 001331696 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\services_mms_addon.dll
2017-12-22 01:43 - 2017-12-22 01:43 - 022715144 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
2017-12-22 00:48 - 2017-12-22 00:48 - 000412704 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\resource.dll
2017-12-22 00:34 - 2017-12-22 00:34 - 000136736 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\afcdpapi.dll
2017-09-26 13:41 - 2017-09-26 13:41 - 000255008 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sync_agent_api.dll
2016-07-04 20:01 - 2012-08-23 10:38 - 000574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-07-31 19:22 - 2014-05-13 12:04 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-07-31 19:22 - 2014-05-13 12:04 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-07-04 20:01 - 2014-05-13 12:04 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-07-04 20:01 - 2012-04-03 17:06 - 000565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000176816 _____ () C:\Program Files (x86)\NoMachine\bin\libnxhs.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000379568 _____ () C:\Program Files (x86)\NoMachine\bin\libnxh.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000129200 _____ () C:\Program Files (x86)\NoMachine\lib\perl\POSIX.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 001100464 _____ () C:\Program Files (x86)\NoMachine\bin\perl58.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 001131184 _____ () C:\Program Files (x86)\NoMachine\bin\libnx.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 001104560 _____ () C:\Program Files (x86)\NoMachine\bin\libnxc.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000361136 _____ () C:\Program Files (x86)\NoMachine\bin\libnxn.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000153776 _____ () C:\Program Files (x86)\NoMachine\bin\libnxcl.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000302256 _____ () C:\Program Files (x86)\NoMachine\bin\libnxd.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000370352 _____ () C:\Program Files (x86)\NoMachine\bin\libnxne.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000110280 _____ () C:\Program Files (x86)\NoMachine\bin\libgcc_s_sjlj-1.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000911048 _____ () C:\Program Files (x86)\NoMachine\bin\libstdc++-6.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000081584 _____ () C:\Program Files (x86)\NoMachine\bin\libnxlo.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000183984 _____ () C:\Program Files (x86)\NoMachine\bin\libnxup.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000076976 _____ () C:\Program Files (x86)\NoMachine\bin\libminizip.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000122544 _____ () C:\Program Files (x86)\NoMachine\bin\libz.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000282800 _____ () C:\Program Files (x86)\NoMachine\bin\libnxcsl.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000548528 _____ () C:\Program Files (x86)\NoMachine\bin\libnxdixl.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000277680 _____ () C:\Program Files (x86)\NoMachine\bin\libssh.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000396976 _____ () C:\Program Files (x86)\NoMachine\bin\libssl.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 001902256 _____ () C:\Program Files (x86)\NoMachine\bin\libcrypto.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000211120 _____ () C:\Program Files (x86)\NoMachine\bin\libnxs.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000057008 _____ () C:\Program Files (x86)\NoMachine\bin\libmdnsd.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 003719856 _____ () C:\Program Files (x86)\NoMachine\bin\libpixman.dll
2017-04-08 16:02 - 2017-01-31 14:34 - 000174706 _____ () C:\Program Files (x86)\NoMachine\lib\perl\libperl\auto\List\Util\Util.dll
2017-04-08 16:02 - 2017-01-31 14:34 - 000145040 _____ () C:\Program Files (x86)\NoMachine\lib\perl\libperl\auto\Fcntl\Fcntl.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000066736 _____ () C:\Program Files (x86)\NoMachine\lib\perl\Win32.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000121008 _____ () C:\Program Files (x86)\NoMachine\bin\libnxhc.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000306352 _____ () C:\Program Files (x86)\NoMachine\bin\libjsoncpp.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000407728 _____ () C:\Program Files (x86)\NoMachine\bin\libvmiso.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000048304 _____ () C:\Program Files (x86)\NoMachine\lib\perl\Process.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000040112 _____ () C:\Program Files (x86)\NoMachine\bin\libnxhn.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000364720 _____ () C:\Program Files (x86)\NoMachine\bin\libnxdimi.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000219824 _____ () C:\Program Files (x86)\NoMachine\bin\libnxcex.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000427184 _____ () C:\Program Files (x86)\NoMachine\bin\libnxdiex.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000691376 _____ () C:\Program Files (x86)\NoMachine\bin\libnxcim.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000192688 _____ () C:\Program Files (x86)\NoMachine\bin\libpng.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000479408 _____ () C:\Program Files (x86)\NoMachine\bin\libjpeg.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000141488 _____ () C:\Program Files (x86)\NoMachine\bin\libmfx.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000828592 _____ () C:\Program Files (x86)\NoMachine\bin\libvp8.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000256688 _____ () C:\Program Files (x86)\NoMachine\bin\libyuv.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000221360 _____ () C:\Program Files (x86)\NoMachine\bin\libwebm.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 001073840 _____ () C:\Program Files (x86)\NoMachine\bin\libnxdiag.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000132272 _____ () C:\Program Files (x86)\NoMachine\bin\libnxdi.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000348336 _____ () C:\Program Files (x86)\NoMachine\bin\libnxcau.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000054960 _____ () C:\Program Files (x86)\NoMachine\bin\libnxau.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000114864 _____ () C:\Program Files (x86)\NoMachine\bin\libnxm.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000044208 _____ () C:\Program Files (x86)\NoMachine\bin\libogg.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000320176 _____ () C:\Program Files (x86)\NoMachine\bin\libnxdift.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000116912 _____ () C:\Program Files (x86)\NoMachine\bin\libspeex.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000085680 _____ () C:\Program Files (x86)\NoMachine\bin\libspeexdsp.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000337072 _____ () C:\Program Files (x86)\NoMachine\bin\libopus.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000182448 _____ () C:\Program Files (x86)\NoMachine\bin\libvorbis.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000054960 _____ () C:\Program Files (x86)\NoMachine\bin\libvorbisfile.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000297648 _____ () C:\Program Files (x86)\NoMachine\bin\libfontconfig.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 001557680 _____ () C:\Program Files (x86)\NoMachine\bin\libvorbisenc.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000044208 _____ () C:\Program Files (x86)\NoMachine\bin\libfontenc.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000189616 _____ () C:\Program Files (x86)\NoMachine\bin\libexpat.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 001743536 _____ () C:\Program Files (x86)\NoMachine\bin\libnxdifb.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000542896 _____ () C:\Program Files (x86)\NoMachine\bin\libfreetype.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 004981936 _____ () C:\Program Files (x86)\NoMachine\bin\libnxnws.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000642736 _____ () C:\Program Files (x86)\NoMachine\bin\libnxcde.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 000339632 _____ () C:\Program Files (x86)\NoMachine\bin\libnxdiwi.dll
2017-04-08 16:02 - 2017-01-31 15:09 - 007528112 _____ () C:\Program Files (x86)\NoMachine\bin\libqt.dll
2017-09-08 18:28 - 2015-07-06 03:01 - 000627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2015-07-06 18:01 - 2015-07-06 18:01 - 000016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2018-01-14 11:32 - 2014-02-13 15:27 - 000222792 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.8\bin\TrayPopupE\traynet.dll
2018-01-14 11:32 - 2014-02-13 15:27 - 000275528 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.8\bin\TrayPopupE\libcurl.dll
2018-01-14 11:32 - 2014-02-13 15:27 - 000113166 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.8\bin\TrayPopupE\zlib1.dll
2018-01-14 11:32 - 2014-02-13 15:27 - 000249928 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.8\bin\TrayPopupE\uexper.dll
2017-11-21 13:50 - 2017-11-21 13:50 - 000134016 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2015-10-16 06:14 - 2015-10-16 06:14 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-09-26 13:41 - 2017-09-26 13:41 - 000444336 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2017-09-26 13:31 - 2017-09-26 13:31 - 000115632 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\expat.dll
2018-02-17 17:23 - 2018-02-08 13:10 - 000740168 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-02-17 17:23 - 2018-02-08 13:10 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-02-10 10:24 - 2018-02-08 13:10 - 000100312 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-02-10 10:24 - 2018-02-08 13:10 - 000018896 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-02-10 10:24 - 2018-02-08 13:12 - 000020808 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-02-10 10:24 - 2018-02-08 13:10 - 000035808 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-02-10 10:24 - 2018-02-08 13:10 - 000694232 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2018-02-17 17:23 - 2018-02-08 13:12 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-02-10 10:24 - 2018-02-08 13:10 - 000130520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2018-02-17 17:23 - 2018-02-08 13:12 - 001856864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2018-02-17 17:23 - 2018-02-08 13:12 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2018-02-17 17:23 - 2018-02-08 13:10 - 000145880 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2018-02-17 17:23 - 2018-02-08 13:10 - 000116696 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-02-10 10:24 - 2018-02-08 13:10 - 000105944 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-02-10 10:24 - 2018-02-08 13:13 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2018-02-17 17:23 - 2018-02-08 13:12 - 000063312 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-02-10 10:24 - 2018-02-08 13:10 - 000024536 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2018-02-17 17:23 - 2018-02-08 13:12 - 000077120 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2018-02-17 17:23 - 2018-02-08 13:10 - 000020952 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-02-10 10:24 - 2018-02-08 13:10 - 000124888 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-02-10 10:24 - 2018-02-08 13:10 - 000116184 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2018-02-17 17:23 - 2018-02-08 13:10 - 000392664 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-02-10 10:24 - 2018-02-08 13:12 - 000392520 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-02-10 10:24 - 2018-02-08 13:13 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-02-10 10:24 - 2018-02-08 13:10 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-02-10 10:24 - 2018-02-08 13:10 - 000175576 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-02-10 10:24 - 2018-02-08 13:10 - 000030168 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-02-10 10:24 - 2018-02-08 13:10 - 000043480 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-09-21 12:27 - 2018-02-08 13:10 - 000026072 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2017-02-10 10:24 - 2018-02-08 13:10 - 000048600 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-02-10 10:24 - 2018-02-08 13:10 - 000057816 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2018-02-17 17:23 - 2018-02-08 13:12 - 000021840 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-09-08 14:28 - 2018-02-08 13:13 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2018-02-17 17:23 - 2018-02-08 13:12 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-05-17 14:26 - 2018-02-08 13:12 - 000066400 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2018-02-17 17:23 - 2018-02-08 13:12 - 001796416 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-02-10 10:24 - 2018-02-08 13:10 - 000084944 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2018-02-17 17:23 - 2018-02-08 13:12 - 001956672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2018-02-17 17:23 - 2018-02-08 13:12 - 003859272 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2018-02-17 17:23 - 2018-02-08 13:12 - 000155472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2018-02-17 17:23 - 2018-02-08 13:12 - 000521032 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2018-02-17 17:23 - 2018-02-08 13:12 - 000051024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2018-02-17 17:23 - 2018-02-08 13:12 - 000043336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2018-02-17 17:23 - 2018-02-08 13:12 - 000131400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2018-02-17 17:23 - 2018-02-08 13:12 - 000219984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2018-02-17 17:23 - 2018-02-08 13:12 - 000204104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-02-10 10:24 - 2018-02-08 13:13 - 000025440 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-02-10 10:24 - 2018-02-08 13:10 - 000060888 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-02-27 14:41 - 2018-02-08 13:13 - 000054616 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-02-10 10:24 - 2018-02-08 13:10 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-02-10 10:24 - 2018-02-08 13:13 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-02-10 10:24 - 2018-02-08 13:12 - 000100704 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-02-10 10:24 - 2018-02-08 13:10 - 000028632 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-02-10 10:24 - 2018-02-08 13:13 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-02-10 10:24 - 2018-02-08 13:13 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-02-10 10:24 - 2018-02-08 13:13 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2018-02-17 17:23 - 2018-02-08 13:12 - 000027496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-02-10 10:24 - 2018-02-08 13:10 - 000349144 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2018-02-17 17:23 - 2018-02-08 13:12 - 000101704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-02-10 10:24 - 2018-02-08 13:13 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2018-02-17 17:23 - 2018-02-08 13:12 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2018-02-17 17:23 - 2018-02-08 13:10 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-02-17 17:23 - 2018-02-08 13:12 - 000032608 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2018-02-17 17:23 - 2018-02-08 13:10 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2018-01-11 15:03 - 2018-02-08 13:13 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-02-17 17:23 - 2018-02-08 13:12 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-02-10 10:24 - 2018-02-08 13:12 - 000030544 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2018-02-17 17:23 - 2018-02-08 13:12 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-02-17 17:23 - 2018-02-08 13:12 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-02-10 10:24 - 2018-02-08 13:13 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:B3503B59 [274]
AlternateDataStreams: C:\Users\kwjor_000\Amazon Drive:com.amazon.drive.sync [86]
AlternateDataStreams: C:\Users\kwjor_000\Amazon Drive:com.amazon.drive.sync.root [42]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3035199990-2301990945-3538829572-1005\...\localhost -> hxxps://localhost
IE trusted site: HKU\S-1-5-21-3035199990-2301990945-3538829572-1005\...\TheFalcon -> hxxps://TheFalcon

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2018-01-14 16:55 - 000450771 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15465 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3035199990-2301990945-3538829572-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "Install LastPass FF RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "ISCT Tray"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "QuickSet"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKLM\...\StartupApproved\Run32: => "FATrayAlert"
HKLM\...\StartupApproved\Run32: => "HPHmon05"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "HPHUPD05"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{378B0A6E-B2DC-4A1E-96AC-1A558D2700B3}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{8484B1DA-7E50-4A7A-A2A2-E04D30C307EE}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{5F30C7B2-626B-4715-8C73-B17EC8D53AFD}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{116CA684-5443-4FD8-809C-DEE5BAB813D8}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{3CEF51EE-3098-4776-8BCF-0107494A7F36}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{6CDD90F1-1B67-49DA-8C49-D683C6BFF204}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FFCDEF9A-51C8-4456-81D9-E9AC4983B9DF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8876AE9A-9E0B-44AE-A26A-70FE38019673}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C708A977-0DF6-4A60-841B-A6D7EBF375A4}] => (Allow) C:\Program Files (x86)\NoMachine\bin\nxclient.bin
FirewallRules: [{CDCBF75F-F9BB-464A-8267-C227321AE51C}] => (Allow) C:\Program Files (x86)\NoMachine\bin\nxclient.bin
FirewallRules: [{3F86F342-7401-4FDD-A110-9035E98E34A1}] => (Allow) C:\Program Files (x86)\NoMachine\bin\nxnode.bin
FirewallRules: [{F9200E89-E37D-4907-A9DF-216323431F1B}] => (Allow) C:\Program Files (x86)\NoMachine\bin\nxnode.bin
FirewallRules: [{73E35F82-37CD-4D6E-85B3-17760E09B5F3}] => (Allow) C:\Program Files (x86)\NoMachine\bin\nxserver.bin
FirewallRules: [{142EB7E6-48D4-4F34-8BDF-2AE54DCBB734}] => (Allow) C:\Program Files (x86)\NoMachine\bin\nxserver.bin
FirewallRules: [{AFB120C4-CC33-41FD-9B1E-D1E4E032F102}] => (Allow) C:\Program Files (x86)\NoMachine\bin\nxd.exe
FirewallRules: [{AC5D1DAB-7BD6-4036-884A-13AA6A2B0994}] => (Allow) C:\Program Files (x86)\NoMachine\bin\nxd.exe
FirewallRules: [{FB5517BA-232C-4F0E-94B1-9CDB0E3886D6}] => (Allow) C:\Program Files (x86)\NoMachine\bin\nxplayer.bin
FirewallRules: [{17CEDEE1-94E8-4761-AC1B-FD6F31038400}] => (Allow) C:\Program Files (x86)\NoMachine\bin\nxplayer.bin
FirewallRules: [{8B193A52-4F23-410E-9959-F4E458408690}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{444A0488-7BA0-445F-B4EB-3FF28F67F1AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{9BDBAC45-AE07-41E8-98C9-F68ABF2FBCA7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7401901C-EE7E-4CCE-842C-5DBFDBE9CB34}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{663F42A9-01D6-45A1-A06D-AB6830F9E345}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{47F3617A-4D48-44FF-9812-1F13FE1DC2F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{1FDEADF3-79BA-4067-B0A3-4D3C40F613DC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{632A0501-1469-4E11-B44A-2FC6EF9CE6A5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{76D060CB-4054-4BB7-9C45-8BC1842F510A}] => (Allow) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{FBB4867E-B792-4568-9DF3-792B86456EAA}] => (Allow) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{4577D93A-1BD2-47AD-A1DA-51B3ECFF64A7}] => (Allow) C:\Program Files\HP\HP Photosmart 6520 series\Bin\DeviceSetup.exe
FirewallRules: [{47CF43EA-B56E-4DB5-81E7-F6D4DF6FFF64}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{53540C12-6D36-4E6F-861B-0343068691B9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7101BD0F-866F-490A-8E7D-74BD92021D16}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BB1E929D-59DB-42BD-A0CB-8BE2178154C4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AD1089AE-D815-4860-86B9-3FEEC37F0327}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
FirewallRules: [{B9912862-2E2E-4ACD-AAA9-AF85DB616413}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exe
FirewallRules: [{CE88C2E3-68B9-4B2D-835C-78BC52171D82}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
FirewallRules: [{EAF57352-1A49-421D-B7E4-BC0AEACE4376}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{10DD1736-AFC5-49F9-948D-B5A19C63800E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{6E8AF929-EC80-41E9-9A1A-A4AEF6E9DFCF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1E0FE52D-51C6-4C51-830B-21B912A2768A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A766F7E2-6A5D-48C0-A000-839F61A70F7A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{F6ED2357-62E8-4007-A113-F3D7484BF325}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{BA08D4AE-4FBB-49CD-9CA7-94C4A8AC99B5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D9994317-1AA8-40D5-A4B2-C847C1C7C197}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F4C29E3E-EAEF-42A0-801F-D578E548B3D5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2FFAAAA9-AF2B-4CBA-9AB6-8EB4ABF244A4}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B70F432D-1194-46CF-A82A-76C72BEABE6E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{6BE727BB-97AA-4487-9352-386B3AA7E275}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [TCP Query User{512177CD-2BE7-4E42-9C40-4C05A1CFE215}C:\users\kwjor_000\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kwjor_000\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C2134025-831E-4262-9D3A-8F29B9446B59}C:\users\kwjor_000\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kwjor_000\appdata\roaming\spotify\spotify.exe
FirewallRules: [{0BFDF382-DBBD-48C3-84BB-EFBF1A0E30E9}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{C68543B0-8FC3-4342-8E1C-520855531549}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{5850BD2C-E3F3-455E-8023-23A17B74083D}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{64D28CA9-FF15-4092-BCBA-E7D4678959A9}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{9E47740B-958F-49F9-8DE5-6E3300839CB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{1CC7BD7F-D820-4E0B-9711-5FBDB7A3AB62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{C2A41585-C22D-462D-9145-517252DA3CAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{C7D7CFA8-3658-496C-8D5D-5D96AD6D2ED3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{EEE2C0D8-B243-47FB-8B30-B5B97CC15682}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{AA8120C4-2941-4752-864E-C4D2A4E1C372}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{FC4D26FF-9C22-403B-BEA6-EBF9F69DEDCD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{7B53BADC-493A-4993-A384-52311FB485EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{E2E6ECD5-B2B7-430D-B316-B63101709A2A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command and Conquer Red Alert 3 Uprising\RA3EP1.exe
FirewallRules: [{F033303B-7023-4178-A5C7-B136AC0DA491}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command and Conquer Red Alert 3 Uprising\RA3EP1.exe
FirewallRules: [{3AFDA2DF-C382-4519-B566-E9185A07287C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Endless Space\EndlessSpace.exe
FirewallRules: [{87ACAAC4-BB59-4AA4-B55B-4E86960B682D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Endless Space\EndlessSpace.exe
FirewallRules: [{4794246E-1156-4E52-9F4D-69E74B0DE304}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\IL-2 Sturmovik Cliffs of Dover\Launcher.exe
FirewallRules: [{8CED103D-71DA-4514-AF56-8D073B656E17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\IL-2 Sturmovik Cliffs of Dover\Launcher.exe
FirewallRules: [TCP Query User{002AAEEB-1E48-4F27-8A6E-E09ED4129742}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{75A92F37-A9BD-4F9C-9431-17F876878059}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{196F9BBF-E751-4D6B-95CB-980DFBCED468}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program Demo\KSP.exe
FirewallRules: [{0F8B8D2A-261C-49EF-B36E-21FE895AE8DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program Demo\KSP.exe
FirewallRules: [{E9CBA5DB-1443-4490-870D-38B654BBEBB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe
FirewallRules: [{58792064-B997-4D40-AFCA-48DB98B6E0B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe
FirewallRules: [{FFF8A5ED-6DD2-474D-A53A-DA68DBF16375}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jedi Outcast\GameData\jk2sp.exe
FirewallRules: [{3862EA31-5AB6-4906-8A85-C84BDE4924F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jedi Outcast\GameData\jk2sp.exe
FirewallRules: [{CE1E652C-E1CD-44B2-9587-03D03AB0E5DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jedi Outcast\GameData\jk2mp.exe
FirewallRules: [{21A6FD61-0F65-4A0A-94CE-FCBAA5649DE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jedi Outcast\GameData\jk2mp.exe
FirewallRules: [{5FAEDE7B-A313-4C77-A884-FA353F96D654}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Starfighter\Starfighter.exe
FirewallRules: [{0A255D2B-DA57-4985-8E93-E03C9D6AD656}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Starfighter\Starfighter.exe
FirewallRules: [{C1330DEE-EA6E-49B2-A208-12BA945FB644}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Jedi Knight\JK.EXE
FirewallRules: [{E911BE67-5AEE-4123-B196-24ACBF26E10D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Jedi Knight\JK.EXE
FirewallRules: [{89E1A627-14CA-41E3-B44B-85A23C1E1B01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jedi Academy\GameData\jasp.exe
FirewallRules: [{D23CC447-D786-49BA-8707-5D72E83AC187}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jedi Academy\GameData\jasp.exe
FirewallRules: [{375287A1-CC43-4A8D-8DD3-6DCBD1B80DD8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jedi Academy\GameData\jamp.exe
FirewallRules: [{683B0F71-0209-47A6-A934-667389FA9603}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jedi Academy\GameData\jamp.exe
FirewallRules: [{3A14769D-C1AD-48AF-B3DD-7AA3C7835B38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Forces\DosBox\dosbox.exe
FirewallRules: [{5B274664-0C01-467D-925D-9EF870A84A1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Forces\DosBox\dosbox.exe
FirewallRules: [{B04026FE-7FB8-4ECE-B25D-C4CD5468E484}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{C1B25E98-3FBA-4F3D-AA5E-DC1BC7DE08EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{D2C57AAA-3A15-4340-87F5-4F55B6535535}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars The Force Unleashed\SWTFU Launcher.exe
FirewallRules: [{ECBEC715-2F39-48D6-A58C-3F51B7E34A29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars The Force Unleashed\SWTFU Launcher.exe
FirewallRules: [{5C4E31FE-520A-49E3-BEE0-D0CD7478D7F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Empire at War\runme.exe
FirewallRules: [{FF888BB2-65CB-4C76-BD71-8E9547B31AEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Empire at War\runme.exe
FirewallRules: [{61E7F600-8334-4485-833D-EAF564309551}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Empire at War\runme2.exe
FirewallRules: [{06702B37-6A98-444E-A291-95098996D6EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Empire at War\runme2.exe
FirewallRules: [{26970BCA-AAEF-4158-BDEE-F39DB47D1573}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars The Force Unleashed 2\SWTFU2.exe
FirewallRules: [{B5D27BD6-DA7A-43E0-817E-4D9BA01A32AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars The Force Unleashed 2\SWTFU2.exe
FirewallRules: [{630F3450-C481-4B8C-8E41-2264E71D1D32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Knights of the Old Republic II\swkotor2.exe
FirewallRules: [{BAFA1A4C-7B41-40F2-8D86-292448288E23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Knights of the Old Republic II\swkotor2.exe
FirewallRules: [{A5AEF04B-D0DA-4EDA-B97C-7987C1DBB40F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\swkotor\swkotor.exe
FirewallRules: [{436D67E9-ED83-4215-9B0D-0E1BE7B75EEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\swkotor\swkotor.exe
FirewallRules: [{89915470-1555-490C-A931-4ABA69ECF2A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jedi Knight Mysteries of the Sith\JKM.EXE
FirewallRules: [{868FF3D5-028F-41CE-8F19-F794971C6157}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jedi Knight Mysteries of the Sith\JKM.EXE
FirewallRules: [{D981641C-0E43-42BD-A57E-0FB04F900F07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars The Clone Wars\RepublicHeroesLauncher.exe
FirewallRules: [{5032392D-4C19-476C-B903-4296315502D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars The Clone Wars\RepublicHeroesLauncher.exe
FirewallRules: [TCP Query User{BA0FB710-3724-4CF6-90F1-A5664EFE98BB}C:\users\kwjor_000\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kwjor_000\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{93D378E4-5C72-4F26-BCFB-4FDFDD73EF1D}C:\users\kwjor_000\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kwjor_000\appdata\roaming\spotify\spotify.exe
FirewallRules: [{F1B36AB0-C128-4455-8B9E-297A17016394}] => (Allow) C:\Program Files (x86)\Parallels\Parallels Access\Application\amd64\prl_pm_service.exe
FirewallRules: [{8D075E80-0EB6-490C-9704-D089B865E113}] => (Allow) C:\Program Files (x86)\Parallels\Parallels Access\Application\amd64\prl_pm_service.exe
FirewallRules: [{2F6DB8D7-D787-4E55-A616-7F1D20300E05}] => (Allow) C:\Program Files (x86)\Parallels\Parallels Access\Application\amd64\prl_pm_service.exe
FirewallRules: [{1F34DFC6-F661-4BD9-9C44-2D136070A96D}] => (Allow) C:\Program Files (x86)\Parallels\Parallels Access\Application\amd64\prl_pm_service.exe
FirewallRules: [{FE7905AA-F4BA-4B8D-8277-DA43553D0889}] => (Allow) C:\Program Files (x86)\Parallels\Parallels Access\Application\amd64\prl_pm_service.exe
FirewallRules: [{07D177BC-EBEB-4EE9-B223-78C8F30D4155}] => (Allow) C:\Program Files (x86)\Parallels\Parallels Access\Application\amd64\prl_pm_service.exe
FirewallRules: [{B24CE452-56F1-4B68-9190-41AEE5D16AC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Homeworld\HWLauncher\Launcher.exe
FirewallRules: [{AECAA19F-30F0-4993-9529-3EC50B8A98A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Homeworld\HWLauncher\Launcher.exe
FirewallRules: [{187E16FC-A4F9-4E30-888D-858EE888122B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{2456BD8D-496A-41D0-B876-73FCB0FDC5BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{81D98AAB-B1BE-4FD4-8C30-2840912AA9A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hell Yeah\HELLYEAH.exe
FirewallRules: [{D8423D32-910D-4D30-99A7-604AAD69C497}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hell Yeah\HELLYEAH.exe
FirewallRules: [{9EA88F6A-B0CB-4540-ABE0-C36B434C2EDB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jet Set Radio\jsrsetup.exe
FirewallRules: [{7B5588E8-72B8-4FFA-9EF9-80C8B2D9F9B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jet Set Radio\jsrsetup.exe
FirewallRules: [{808E5182-953D-426D-A339-E8DC0FD85B92}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sega Classics\SEGAGameRoom.exe
FirewallRules: [{3969BD03-7BC7-4A57-95E8-3556438D85BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sega Classics\SEGAGameRoom.exe
FirewallRules: [{965199C5-B23B-46B6-965E-C3453AE7BBA2}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe
FirewallRules: [{1A2C8DE8-02A2-4A30-95AB-DC06F4FA0212}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe
FirewallRules: [{2CACFBBD-E182-4E47-942A-047402FC2035}] => (Allow) C:\Program Files (x86)\Corel\WinDVD11\\WinDVD.exe
FirewallRules: [{8E364BDB-A567-49DF-8806-BBDFEC1DEBCD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{50061EAE-B87A-431C-AEB7-E568D6BC2F4F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C912E17D-698A-4B85-8478-9EC8C7EE78B5}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{3E8527FE-F9D3-4D07-A039-402433149A59}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{082139E5-A9C6-46F0-BD62-734C43F9673F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Jedi Knight\JediKnight.EXE
FirewallRules: [{8BC9DF76-7A48-4DC9-AFE1-89A5A233D5FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Jedi Knight\JediKnight.EXE
FirewallRules: [{28B3F5B0-C8D6-4075-8261-21F864DA6C48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jedi Knight Mysteries of the Sith\JediKnightM.EXE
FirewallRules: [{FCC4DD92-6634-4138-8B4B-187F9EC225D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jedi Knight Mysteries of the Sith\JediKnightM.EXE
FirewallRules: [{56C58C41-6355-44F3-AC48-B0CBC40D244E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{2E912A99-126F-47CB-8CED-41708B8C07AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{1E46513F-256E-478B-B4D8-0EFAD266D509}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{616D16A6-8D64-4BC7-989A-797E6BBA0ED7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{5973C52D-84F9-48B4-B2A6-76FD00DD08DE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{0C236132-7082-4255-895E-75F51DEC6D67}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{39395A51-58FC-4AF8-B399-9CEEE740C266}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{537180CF-5D4F-4435-80E9-F035B47A2DD4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{22676ED3-7E20-48C7-A167-61C3A59F8149}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{94F6F5C3-AABE-4CE1-A780-87F50F0CD966}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{B1E5C062-15C1-401F-A44E-7556A93BABF3}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe
FirewallRules: [{81D6BE5F-ED71-4A58-99A0-C88230221461}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
FirewallRules: [{EA12E4A7-6E2C-4D87-A1A7-D425E60D4EA7}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe
FirewallRules: [{8BDF779D-55D6-4217-BFB4-99A73B0B931D}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe
FirewallRules: [{2E469677-1E67-4E02-9B03-5D4623C2D0F9}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\MediaBuilder.exe
FirewallRules: [{003ED0E6-89FC-4CD7-B615-50508FF924E8}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\SystemReport.exe
FirewallRules: [{E84A3C5A-7C80-4B90-9F6D-73917A3102E0}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\acronis_drive.exe
FirewallRules: [{51B57966-2EEF-4C5D-9462-8F023D9218F4}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe
FirewallRules: [{E3ADF362-9438-47EA-B2B1-7E0C1CDBA0B7}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe
FirewallRules: [{B5345551-AD4F-49C3-AD53-8CAE941D48EC}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\ga_service.exe
FirewallRules: [{F1C438F2-3410-4170-BB0B-BBDBC3D733F5}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
FirewallRules: [{DF5C31EA-A936-4FEB-A025-9AC89D15AB9A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{9C255E57-9642-4799-9124-A46D5B34353C}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TunnelBear Adapter V9
Description: TunnelBear Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TunnelBear Provider V9
Service: tap-tb-0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: facap, FastAccess Video Capture
Description: facap, FastAccess Video Capture
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Sensible Vision
Service: facap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/17/2018 05:28:41 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.15063.724_none_9e8a868b2d8a538d\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x80070422).

Error: (02/17/2018 05:24:37 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (02/17/2018 05:23:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (02/17/2018 05:22:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (02/17/2018 05:22:43 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80004005, "file:///C:\[8615879d-6bed-4fb3-902e-83faf3867118]\Users\">.

Error: (02/17/2018 05:22:43 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80004005, "file:///C:\[8615879d-6bed-4fb3-902e-83faf3867118]\ProgramData\Microsoft\Windows\Start Menu\">.

Error: (02/17/2018 05:22:42 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (02/17/2018 05:22:10 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)


System errors:
=============
Error: (02/17/2018 05:22:32 PM) (Source: DCOM) (EventID: 10005) (User: TheFalcon)
Description: DCOM got error "1053" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (02/17/2018 05:22:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (02/17/2018 05:22:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (02/17/2018 05:22:32 PM) (Source: DCOM) (EventID: 10005) (User: TheFalcon)
Description: DCOM got error "1053" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (02/17/2018 05:22:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (02/17/2018 05:22:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (02/17/2018 05:22:30 PM) (Source: DCOM) (EventID: 10005) (User: TheFalcon)
Description: DCOM got error "1053" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (02/17/2018 05:22:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Windows Defender:
===================================
Date: 2017-10-19 09:59:18.662
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {6217EEB2-375E-41A0-8C26-459AB2239320}
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===================================

Date: 2018-02-17 17:27:32.127
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-17 17:27:32.123
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-17 17:27:32.095
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-17 17:27:32.090
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-17 17:21:31.189
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-17 17:21:31.186
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-17 17:21:30.140
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-26 10:39:12.521
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i7-4510U CPU @ 2.00GHz
Percentage of memory in use: 23%
Total physical RAM: 16282.51 MB
Available physical RAM: 12464.2 MB
Total Virtual: 18714.51 MB
Available Virtual: 14943.27 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:921.85 GB) (Free:382.85 GB) NTFS

\\?\Volume{1423c304-e314-4817-8c7f-efa9002822da}\ (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.31 GB) NTFS
\\?\Volume{1295cb1c-925b-4bce-85bf-19cd3e90080d}\ () (Fixed) (Total:0.92 GB) (Free:0.34 GB) NTFS
\\?\Volume{95dbf082-19b6-4fd8-93c3-8ca08e3656d0}\ (PBR Image) (Fixed) (Total:7.35 GB) (Free:0.7 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 3B212E82)

Partition: GPT.

==================== End of Addition.txt ============================



#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:53 PM

Posted 17 February 2018 - 08:16 PM

I don't believe you have a malware issue.

 

Remove Spybot - Search & Destroy as it will interfere with all fixes.

 

These are orphan entries:

 

 

  • Highlight the entire content of the quote box below.

Start::  
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon) <==== ATTENTION
Task: {099BD8CC-E901-476A-8145-2909169D16C5} - \Microsoft\Windows\Shell\FamilySafetyUpload -> No File <==== ATTENTION
Task: {0B454500-D895-48F3-A346-337AB951E21B} - \Synaptics TouchPad Enhancements -> No File <==== ATTENTION
Task: {0BF17B6F-0E3F-4ABA-9D4A-37D4311AD434} - \Hewlett-Packard\HP Support Assistant\PC Health Analysis -> No File <==== ATTENTION
Task: {1253AC2C-AB0A-4F1C-9766-9F6E0044C6E2} - \Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources -> No File <==== ATTENTION
Task: {1A4230A2-E136-4936-9B22-DDF624BB8332} - \Microsoft\Windows\IME\SQM data sender -> No File <==== ATTENTION
Task: {2243366F-B72E-4BD9-953C-8478FBD38D07} - \Microsoft\XblGameSave\XblGameSaveTaskLogon -> No File <==== ATTENTION
Task: {2BA818AC-E800-49AB-B19B-05CBDFFD639D} - \PocketCloudUpdater -> No File <==== ATTENTION
Task: {2CCFE77C-0863-4D24-80E1-BA62745E132A} - \Dell\Dell Product Registration Update -> No File <==== ATTENTION
Task: {310E7176-6D18-48F5-AC35-BD68D254FEC9} - \Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate -> No File <==== ATTENTION
Task: {32535DDC-FDB5-495B-B18A-10C9C837311C} - \Optimize Start Menu Cache Files-S-1-5-21-3035199990-2301990945-3538829572-1001 -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - \Microsoft\Windows\Workplace Join\Automatic-Workplace-Join -> No File <==== ATTENTION
Task: {3604299C-7807-4B7F-8607-1FFDC1E2B1B9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4455352F-8963-4323-8CF4-839B8AD48131} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4520E8A9-AF06-4122-859B-E4B655B29B36} - \Microsoft\Windows\AppID\SmartScreenSpecific -> No File <==== ATTENTION
Task: {4669CF3C-1D4E-42E0-B7A5-DD13174AFD0F} - \Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start -> No File <==== ATTENTION
Task: {4FB702C3-1D07-4278-A92F-CB42C44BEDD5} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {5172F7E7-47A7-4B3C-B516-43ABF445316F} - \DropboxUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {51B7FB15-4DCB-400E-9A98-10E802F21FB3} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff -> No File <==== ATTENTION
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - \Microsoft\Windows\Customer Experience Improvement Program\BthSQM -> No File <==== ATTENTION
Task: {5BFCC90E-C804-4C3B-904D-EEEB2EBB2891} - \Microsoft\Windows\WindowsUpdate\Scheduled Start With Network -> No File <==== ATTENTION
Task: {5CCBE4C1-7B9A-4048-B000-F6B537D85E1D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {5EE7A123-384C-4E79-B0A0-1C1FE518C5A3} - \Dell\Dell Product Registration -> No File <==== ATTENTION
Task: {611C823C-437B-46E7-9683-5312DFFCFD7B} - \Microsoft\Windows\UpdateOrchestrator\Policy Install -> No File <==== ATTENTION
Task: {6392CDC5-6E33-4B67-9C3F-12692AB83A9E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - \Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task -> No File <==== ATTENTION
Task: {6FEED656-9EC2-46D5-A76C-793DAC1F3808} - \{51090019-65AA-4852-B0AE-E985876A73A8} -> No File <==== ATTENTION
Task: {73280D06-0BE7-4E77-90D7-5AA3F874E53C} - \Microsoft\Windows\WindowsUpdate\AUSessionConnect -> No File <==== ATTENTION
Task: {74DDF1C2-22BC-4A25-8A8A-62581B8BE471} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {7B3C0768-EA1C-434D-AC5E-753CF6E56F70} - \DropboxUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {848DCC36-520C-4946-BF68-C7EFFEFA2F84} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - \Microsoft\Windows\SkyDrive\Routine Maintenance Task -> No File <==== ATTENTION
Task: {89665BBF-7249-46C8-A182-E0C58DA8A057} - \HPCustParticipation HP Photosmart 6520 series -> No File <==== ATTENTION
Task: {8E48256B-9C34-4524-B243-63C1B3ED4994} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {91E5669F-077A-4B5C-A711-325669734F9D} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {9849F00F-87AF-40DC-A85D-803AAF3F6A43} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9D5D42AA-B5B2-4540-9753-678703CDC5D3} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {A5DBA07D-0F35-44B1-91B7-9937DC399CAE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A8B55D2A-AE92-4500-BB89-9B22A0ECC3D2} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
Task: {ACC6D68C-E906-40B1-B933-CD7BF8855B87} - \PocketCloud -> No File <==== ATTENTION
Task: {B320E058-C6FA-413F-876B-0C9B4428AE66} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6 -> No File <==== ATTENTION
Task: {C27C29D8-FB84-43F8-B3F7-F910E4CFD6B2} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {C6B2579B-4962-4D12-883D-BBD420573A6C} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1 -> No File <==== ATTENTION
Task: {C70A93C1-B072-4564-95C6-77E3CFBD40C3} - \goloader1 -> No File <==== ATTENTION
Task: {C9ACBFD2-20AA-4A3F-BE1A-A3D5279BB1BB} - \Microsoft\Windows\Plug and Play\Plug and Play Cleanup -> No File <==== ATTENTION
Task: {CCB131F9-24FF-4F65-86B7-E280EE8052BD} - \PocketCloudVirtualChannel -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor -> No File <==== ATTENTION
Task: {D19A2726-897E-4F7D-9CE4-0773B449CE9E} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork -> No File <==== ATTENTION
Task: {D4CAEF0E-C2E7-4C96-A632-926C8D05BAB4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D6BDC126-16EE-46A0-81A4-568014A389DA} - \Microsoft\Windows\WindowsUpdate\AUFirmwareInstall -> No File <==== ATTENTION
Task: {DA43B2A1-F9B5-43C0-A41E-AAD3F1E53968} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E4AC9EDE-1E24-4700-9745-F7C86D7E717E} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d -> No File <==== ATTENTION
Task: {E6010D43-6AE7-4B59-8E67-EC78FD8E8E96} - \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler -> No File <==== ATTENTION
Task: {E77830C8-0EE5-46CB-8D31-4AEC48F30EB3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {EA3F661E-B31C-44A9-B40C-E3D5D56149D4} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> No File <==== ATTENTION
Task: {EAAE8F28-9C06-4636-ABDE-09E6149E0F20} - \Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval -> No File <==== ATTENTION
Task: {ECC01EB6-F4A9-44F4-9C4E-EA9518E17D71} - \Microsoft\Windows\WindowsUpdate\AUScheduledInstall -> No File <==== ATTENTION
Task: {FC14714A-8DF4-434E-B0B0-56F5C631CDC0} - \Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate -> No File <==== ATTENTION
Task: {FE5E68E2-E7E7-4B53-A61E-BB908C829DEF} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon -> No File <==== ATTENTION
Task: {FEDBF307-F2D2-43B2-AD53-FDFA5A3336C6} - \Microsoft\Windows\PLA\System\{D6F8AFB4-8E73-48E6-B996-1A147FD31A28}_System Diagnostics -> No File <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-3035199990-2301990945-3538829572-1005_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} =>  -> No File
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {099BD8CC-E901-476A-8145-2909169D16C5} - \Microsoft\Windows\Shell\FamilySafetyUpload -> No File <==== ATTENTION
Task: {0B454500-D895-48F3-A346-337AB951E21B} - \Synaptics TouchPad Enhancements -> No File <==== ATTENTION
Task: {0BF17B6F-0E3F-4ABA-9D4A-37D4311AD434} - \Hewlett-Packard\HP Support Assistant\PC Health Analysis -> No File <==== ATTENTION
Task: {1253AC2C-AB0A-4F1C-9766-9F6E0044C6E2} - \Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources -> No File <==== ATTENTION
Task: {1A4230A2-E136-4936-9B22-DDF624BB8332} - \Microsoft\Windows\IME\SQM data sender -> No File <==== ATTENTION
Task: {2243366F-B72E-4BD9-953C-8478FBD38D07} - \Microsoft\XblGameSave\XblGameSaveTaskLogon -> No File <==== ATTENTION
Task: {2BA818AC-E800-49AB-B19B-05CBDFFD639D} - \PocketCloudUpdater -> No File <==== ATTENTION
Task: {2CCFE77C-0863-4D24-80E1-BA62745E132A} - \Dell\Dell Product Registration Update -> No File <==== ATTENTION
Task: {310E7176-6D18-48F5-AC35-BD68D254FEC9} - \Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate -> No File <==== ATTENTION
Task: {32535DDC-FDB5-495B-B18A-10C9C837311C} - \Optimize Start Menu Cache Files-S-1-5-21-3035199990-2301990945-3538829572-1001 -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - \Microsoft\Windows\Workplace Join\Automatic-Workplace-Join -> No File <==== ATTENTION
Task: {3604299C-7807-4B7F-8607-1FFDC1E2B1B9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4455352F-8963-4323-8CF4-839B8AD48131} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4520E8A9-AF06-4122-859B-E4B655B29B36} - \Microsoft\Windows\AppID\SmartScreenSpecific -> No File <==== ATTENTION
Task: {4669CF3C-1D4E-42E0-B7A5-DD13174AFD0F} - \Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start -> No File <==== ATTENTION
Task: {4FB702C3-1D07-4278-A92F-CB42C44BEDD5} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {5172F7E7-47A7-4B3C-B516-43ABF445316F} - \DropboxUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {51B7FB15-4DCB-400E-9A98-10E802F21FB3} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff -> No File <==== ATTENTION
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - \Microsoft\Windows\Customer Experience Improvement Program\BthSQM -> No File <==== ATTENTION
Task: {5BFCC90E-C804-4C3B-904D-EEEB2EBB2891} - \Microsoft\Windows\WindowsUpdate\Scheduled Start With Network -> No File <==== ATTENTION
Task: {5CCBE4C1-7B9A-4048-B000-F6B537D85E1D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {5EE7A123-384C-4E79-B0A0-1C1FE518C5A3} - \Dell\Dell Product Registration -> No File <==== ATTENTION
Task: {611C823C-437B-46E7-9683-5312DFFCFD7B} - \Microsoft\Windows\UpdateOrchestrator\Policy Install -> No File <==== ATTENTION
Task: {6392CDC5-6E33-4B67-9C3F-12692AB83A9E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - \Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task -> No File <==== ATTENTION
Task: {6FEED656-9EC2-46D5-A76C-793DAC1F3808} - \{51090019-65AA-4852-B0AE-E985876A73A8} -> No File <==== ATTENTION
Task: {73280D06-0BE7-4E77-90D7-5AA3F874E53C} - \Microsoft\Windows\WindowsUpdate\AUSessionConnect -> No File <==== ATTENTION
Task: {74DDF1C2-22BC-4A25-8A8A-62581B8BE471} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {7B3C0768-EA1C-434D-AC5E-753CF6E56F70} - \DropboxUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {848DCC36-520C-4946-BF68-C7EFFEFA2F84} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - \Microsoft\Windows\SkyDrive\Routine Maintenance Task -> No File <==== ATTENTION
Task: {89665BBF-7249-46C8-A182-E0C58DA8A057} - \HPCustParticipation HP Photosmart 6520 series -> No File <==== ATTENTION
Task: {8E48256B-9C34-4524-B243-63C1B3ED4994} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {91E5669F-077A-4B5C-A711-325669734F9D} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {9849F00F-87AF-40DC-A85D-803AAF3F6A43} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9D5D42AA-B5B2-4540-9753-678703CDC5D3} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {A5DBA07D-0F35-44B1-91B7-9937DC399CAE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A8B55D2A-AE92-4500-BB89-9B22A0ECC3D2} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
Task: {ACC6D68C-E906-40B1-B933-CD7BF8855B87} - \PocketCloud -> No File <==== ATTENTION
Task: {B320E058-C6FA-413F-876B-0C9B4428AE66} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6 -> No File <==== ATTENTION
Task: {C27C29D8-FB84-43F8-B3F7-F910E4CFD6B2} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {C6B2579B-4962-4D12-883D-BBD420573A6C} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1 -> No File <==== ATTENTION
Task: {C70A93C1-B072-4564-95C6-77E3CFBD40C3} - \goloader1 -> No File <==== ATTENTION
Task: {C9ACBFD2-20AA-4A3F-BE1A-A3D5279BB1BB} - \Microsoft\Windows\Plug and Play\Plug and Play Cleanup -> No File <==== ATTENTION
Task: {CCB131F9-24FF-4F65-86B7-E280EE8052BD} - \PocketCloudVirtualChannel -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor -> No File <==== ATTENTION
Task: {D19A2726-897E-4F7D-9CE4-0773B449CE9E} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork -> No File <==== ATTENTION
Task: {D4CAEF0E-C2E7-4C96-A632-926C8D05BAB4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D6BDC126-16EE-46A0-81A4-568014A389DA} - \Microsoft\Windows\WindowsUpdate\AUFirmwareInstall -> No File <==== ATTENTION
Task: {DA43B2A1-F9B5-43C0-A41E-AAD3F1E53968} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E4AC9EDE-1E24-4700-9745-F7C86D7E717E} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d -> No File <==== ATTENTION
Task: {E6010D43-6AE7-4B59-8E67-EC78FD8E8E96} - \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler -> No File <==== ATTENTION
Task: {E77830C8-0EE5-46CB-8D31-4AEC48F30EB3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {EA3F661E-B31C-44A9-B40C-E3D5D56149D4} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> No File <==== ATTENTION
Task: {EAAE8F28-9C06-4636-ABDE-09E6149E0F20} - \Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval -> No File <==== ATTENTION
Task: {ECC01EB6-F4A9-44F4-9C4E-EA9518E17D71} - \Microsoft\Windows\WindowsUpdate\AUScheduledInstall -> No File <==== ATTENTION
Task: {FC14714A-8DF4-434E-B0B0-56F5C631CDC0} - \Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate -> No File <==== ATTENTION
Task: {FE5E68E2-E7E7-4B53-A61E-BB908C829DEF} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon -> No File <==== ATTENTION
Task: {FEDBF307-F2D2-43B2-AD53-FDFA5A3336C6} - \Microsoft\Windows\PLA\System\{D6F8AFB4-8E73-48E6-B996-1A147FD31A28}_System Diagnostics -> No File <==== ATTENTION
EMPTYTEMP:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

 

 

If you restart and is unable to to boot into windows, enter the BIOS and Set the Defaults, Save and exit. Then allow the computer to start.
 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 kwjamesblond

kwjamesblond
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 17 February 2018 - 08:38 PM

OK I attempted to do the above step but when it rebooted it tried to install Windows update, failed then said windows update were being unapplied and now I am locked out of it again.  I reloaded the defaults but still no luck could this be an issue with my backup Acronis backup software not operating correctly?  Just wanted to add I started the tool before I copy and pasted everything in, was not sure if this is an issue?  Should I reload the backup and try again tomorrow or is this a different issue?

-Thanks again


Edited by kwjamesblond, 17 February 2018 - 08:46 PM.


#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:53 PM

Posted 17 February 2018 - 09:05 PM

  • Highlight the entire content of the quote box below.

Quote

Start::
CMD: dism.exe /image:C:\ /cleanup-image /revertpendingactions
Reg: Reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackagesPending"
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 kwjamesblond

kwjamesblond
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 17 February 2018 - 09:09 PM

Is there a for sure way to disable windows update on reboot as I thing the issue is triggered by windows update.  I thought I had disabled it based on a google search but is still happened maybe then I can get somewhere.

-Thanks for all the help



#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:53 PM

Posted 17 February 2018 - 09:29 PM

If it is already pending, it will attempt to install even if we disable Windows Updates. Lets try the above, and if we need to disable Windows Updates we will.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 kwjamesblond

kwjamesblond
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 17 February 2018 - 09:33 PM

Do I need to still uninstall spybot search and destroy because when I tried that earlier it requires a reboot.



#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:53 PM

Posted 17 February 2018 - 09:54 PM

Run it with spybot and lets see the report.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:53 PM

Posted 17 February 2018 - 10:37 PM

I am about to log off. Do you have that report?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 kwjamesblond

kwjamesblond
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 17 February 2018 - 10:40 PM

Hey I have to restore my computer with my backups because that last time running that tool rebooted it and now it still cannot find the operating system again.  I will start working on it again tomorrow morning once it completes the recovery operation.

-Thanks






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users