Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot start Eset antivirus or Windows Defender


  • This topic is locked This topic is locked
17 replies to this topic

#1 aabill

aabill

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeast Michigan
  • Local time:03:31 AM

Posted 13 June 2018 - 04:08 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06.06.2018 01
Ran by Bill (administrator) on USER-PC (13-06-2018 15:39:14)
Running from C:\Users\Bill\Downloads
Loaded Profiles: UpdatusUser & Bill (Available Profiles: UpdatusUser & Bill)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AOMEI Tech Co., Ltd.) C:\Program Files\AOMEI Backupper\ABService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ICM-Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Space Sciences Laboratory) D:\Program Files\BOINC\boinctray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Space Sciences Laboratory) D:\Program Files\BOINC\boincmgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Sysinternals - www.sysinternals.com) C:\Users\Bill\Desktop\procexp.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Space Sciences Laboratory) D:\Program Files\BOINC\boinc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Krzysztof Kowalczyk) D:\OLD HARD DRIVE\Program Files\SumatraPDF\SumatraPDF.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Mozilla Corporation) C:\Program Files\Nightly\firefox.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
(Mozilla Corporation) C:\Program Files\Nightly\firefox.exe
(Mozilla Corporation) C:\Program Files\Nightly\firefox.exe
(Mozilla Corporation) C:\Program Files\Nightly\firefox.exe
(Mozilla Corporation) C:\Program Files\Nightly\firefox.exe
(Dominik Reichl) C:\Program Files\KeePass Password Safe\KeePass.exe
(Mozilla Corporation) C:\Program Files\Nightly\firefox.exe
() D:\ProgramData\BOINC\projects\boinc.bakerlab.org_rosetta\rosetta_4.07_windows_intelx86.exe
() D:\ProgramData\BOINC\projects\boinc.bakerlab.org_rosetta\rosetta_4.07_windows_intelx86.exe
(Mozilla Corporation) C:\Program Files\Nightly\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TkBellExe] => "D:\OLD HARD DRIVE\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
HKLM\...\Run: [SDTray] => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1298456 2015-04-20] (CANON INC.)
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [144696 2017-02-14] (Check Point Software Technologies Ltd.)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207360 2010-03-18] (ArcSoft Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [262456 2018-04-08] (Apple Inc.)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [2772128 2017-10-01] (Paramount Software UK Ltd)
HKLM\...\Run: [boinctray] => D:\Program Files\BOINC\boinctray.exe [63776 2018-05-03] (Space Sciences Laboratory)
HKLM\...\Run: [boincmgr] => D:\Program Files\BOINC\boincmgr.exe [7212832 2018-05-03] (Space Sciences Laboratory)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [170128 2018-04-19] (ESET)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation)
HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7765936 2018-03-24] (SUPERAntiSpyware)
HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\Run: [Spybot-S&D Cleaning] => "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\MountPoints2: {3bb06430-8f99-11e5-9817-001d923b8f1d} - G:\LG_PC_Programs.exe
HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\boinc.scr [1090848 2018-05-03] (Space Sciences Laboratory)
HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
IFEO\taskmgr.exe: [Debugger] "C:\USERS\BILL\DESKTOP\PROCEXP.EXE"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Philips GoGear VIBE Device Manager.lnk [2017-03-13]
ShortcutTarget: Philips GoGear VIBE Device Manager.lnk -> C:\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe (Philips)
Startup: C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\procexp.exe - Shortcut.lnk [2016-05-22]
ShortcutTarget: procexp.exe - Shortcut.lnk -> C:\Users\Bill\Desktop\procexp.exe (Sysinternals - www.sysinternals.com)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{045109CF-63E5-4646-9997-E79FA33A08E4}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002 -> {D1A2BC1B-1742-45C1-B91A-102AA5933F89} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: IEPlugin Class -> {11222041-111B-46E3-BD29-EFB2449479B1} -> C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll [2008-12-24] (ArcSoft, Inc.)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-04-18] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-18] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
IE Session Restore: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002 -> is enabled.

FireFox:
========
FF DefaultProfile: vb007v2r.default
FF ProfilePath: C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\vb007v2r.default [2018-06-13]
FF Homepage: Mozilla\Firefox\Profiles\vb007v2r.default -> hxxps://att.yahoo.com/
FF Session Restore: Mozilla\Firefox\Profiles\vb007v2r.default -> is enabled.
FF Extension: (MinimaList — To-Do List) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\vb007v2r.default\Extensions\addon@minimalist.com.xpi [2017-11-17]
FF Extension: (DNS Over HTTPS) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\vb007v2r.default\Extensions\httpdns@shield.mozilla.org.xpi [2018-06-04]
FF Extension: (NoScript) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\vb007v2r.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-05-30]
FF Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\vb007v2r.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2018-06-05]
FF Extension: (ReminderFox) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\vb007v2r.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}.xpi [2017-06-27] [Legacy]
FF ProfilePath: C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\njl9f3o4.Nightly [2018-01-26]
FF HKLM\...\Firefox\Extensions: [{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}] - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox
FF Extension: (Internet Video Downloader) - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2017-03-16] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_30_0_0_113.dll [2018-06-09] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2013-12-18] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-18] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\ATT\8.4.1.12\ma\bin\npMotive.dll [2014-08-27] (Alcatel-Lucent)
FF Plugin: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2418160549-1670195301-1622969964-1002: jpl.nasa.gov/NASAEyes -> C:\Users\Bill\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2018-05-02] (Jet Propulsion Laboratory)
FF Plugin HKU\S-1-5-21-2418160549-1670195301-1622969964-1002: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2017-02-24] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-2418160549-1670195301-1622969964-1002: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2017-02-24] (TD Ameritrade)
StartMenuInternet: Firefox-A3710B8EBB50CD3 - C:\Program Files\Nightly\firefox.exe

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default [2018-06-13]
CHR Extension: (Docs) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-15]
CHR Extension: (IBM Security Rapport) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2018-03-17]
CHR Extension: (YouTube) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-15]
CHR Extension: (Google Search) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-26]
CHR Extension: (Yahoo Partner) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dofoafnmdocgkdphpkdooahjkhpmakjd [2018-05-05]
CHR Extension: (Share link via email) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdbkikfbnnhmachnnomjfgjbgkcnjkb [2018-05-05]
CHR Extension: (Google Docs Offline) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Chromebook Recovery Utility) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndclpdbaamdhonoechobihbbiimdgai [2017-09-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
CHR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2018-06-05]
CHR Extension: (Launch Readlang Web Reader) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\odpdkefpnfejbfnmdilmfhephfffmfoh [2017-05-17]
CHR Extension: (Gmail) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-26]
CHR Extension: (Chrome Media Router) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-09]
CHR Profile: C:\Users\Bill\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-04]
CHR HKLM\...\Chrome\Extension: [dofoafnmdocgkdphpkdooahjkhpmakjd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-02-08] (SUPERAntiSpyware.com)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Backupper Service; C:\Program Files\AOMEI Backupper\ABService.exe [122728 2018-05-25] (AOMEI Tech Co., Ltd.)
S2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [1748896 2018-04-19] (ESET)
S3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [1748896 2018-04-19] (ESET)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [387144 2016-02-05] ()
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3298792 2017-11-09] (Paramount Software UK Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation)
R2 pcCMService; C:\Program Files\Common Files\Motive\pcCMService.exe [369152 2013-10-22] (Alcatel-Lucent) [File not signed]
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [4076744 2017-02-14] (Check Point Software Technologies Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2016-11-01] (Check Point Software Technologies, Ltd.)
R2 ZoneAlarm ICM Service; C:\Program Files\CheckPoint\ZoneAlarm\ICM-Service.exe [1037624 2017-02-14] (Check Point Software Technologies Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [46896 2016-12-21] ()
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [150192 2016-12-21] ()
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [34864 2017-09-01] ()
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2014-05-27] (Google Inc)
S3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus.sys [15744 2014-05-27] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [24064 2014-07-07] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [28672 2014-07-07] (LG Electronics Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [120728 2018-04-12] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150784 2018-04-12] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [93688 2018-04-12] (ESET)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [220896 2018-06-13] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [98704 2015-11-10] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [163576 2015-11-10] (Oracle Corporation)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [365496 2017-03-15] (Check Point Software Technologies Ltd.)
S3 ESETCleanersDriver; \??\C:\Windows\system32\Drivers\ESETCleanersDriver.sys [X]
U3 iswSvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-13 15:39 - 2018-06-13 15:51 - 000021561 _____ C:\Users\Bill\Downloads\FRST.txt
2018-06-13 15:34 - 2018-06-13 15:34 - 001773568 _____ (Farbar) C:\Users\Bill\Downloads\FRST.exe
2018-06-13 15:19 - 2018-06-13 15:20 - 000939272 _____ C:\Users\Bill\Downloads\Statement_05_22_2018.pdf
2018-06-13 13:01 - 2018-06-13 15:47 - 000000022 ____H C:\Users\Bill\Documents\Database.kdb.lock
2018-06-09 18:06 - 2018-06-09 18:06 - 000001945 _____ C:\Windows\epplauncher.mif
2018-06-09 17:55 - 2018-06-09 17:55 - 000002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2018-06-09 17:54 - 2018-06-09 17:55 - 000000000 ____D C:\Program Files\Microsoft Security Client
2018-06-09 17:49 - 2018-06-09 17:49 - 012231000 _____ (Microsoft Corporation) C:\Users\Bill\Downloads\mseinstall.exe
2018-06-09 02:01 - 2018-06-09 02:02 - 006981240 _____ (ESET spol. s r.o.) C:\Users\Bill\Downloads\esetonlinescanner_enu (2).exe
2018-06-09 02:01 - 2018-06-09 02:02 - 006981240 _____ (ESET spol. s r.o.) C:\Users\Bill\Downloads\esetonlinescanner_enu (1).exe
2018-06-09 01:21 - 2018-06-09 01:21 - 006981240 _____ (ESET spol. s r.o.) C:\Users\Bill\Downloads\esetonlinescanner_enu(1).exe
2018-06-08 20:23 - 2018-06-08 20:24 - 006981240 _____ (ESET spol. s r.o.) C:\Users\Bill\Downloads\esetonlinescanner_enu.exe
2018-06-08 19:52 - 2018-06-08 19:52 - 004279416 _____ (ESET) C:\Users\Bill\Downloads\eset_nod32_antivirus_live_installer(4).exe
2018-06-08 16:12 - 2018-06-09 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2018-06-08 16:12 - 2018-06-08 16:12 - 000000000 ____D C:\ProgramData\ESET
2018-06-08 16:12 - 2018-06-08 16:12 - 000000000 ____D C:\Program Files\ESET
2018-06-08 16:05 - 2018-06-08 16:05 - 004279416 _____ (ESET) C:\Users\Bill\Downloads\eset_nod32_antivirus_live_installer(3).exe
2018-06-08 15:19 - 2018-06-08 15:19 - 001090168 _____ (ESET) C:\Users\Bill\Downloads\esetuninstaller(1).exe
2018-06-05 02:34 - 2018-06-13 11:27 - 000220896 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-06-02 15:59 - 2018-06-09 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BOINC
2018-06-02 15:54 - 2018-06-02 15:54 - 008636304 _____ (Space Sciences Laboratory, U.C. Berkeley) C:\Users\Bill\Downloads\boinc_7.10.2_windows_intelx86.exe
2018-06-02 15:48 - 2018-06-02 15:48 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-06-02 15:47 - 2018-06-05 02:33 - 000128736 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-06-02 15:47 - 2018-06-02 15:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-02 15:47 - 2018-06-02 15:47 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-05-29 10:41 - 2018-05-28 16:26 - 003885323 _____ C:\Users\Bill\Documents\weather_weekly-05-22-2018 - Copy.pdf
2018-05-28 15:35 - 2018-05-28 16:26 - 007050056 _____ C:\Users\Bill\Documents\weather_weekly-05-15-2018.pdf
2018-05-28 15:35 - 2018-05-28 16:26 - 003885323 _____ C:\Users\Bill\Documents\weather_weekly-05-22-2018.pdf
2018-05-28 11:54 - 2018-05-28 12:00 - 282486851 _____ C:\Users\Bill\Documents\Firefox 60.0.1 (x86 en-US) - 2018-05-28.pcv
2018-05-25 17:28 - 2018-05-25 17:28 - 000001024 ____H C:\SYSTAG.BIN
2018-05-25 17:28 - 2018-05-25 17:28 - 000000000 ____D C:\System Backup(1)
2018-05-25 17:26 - 2018-06-13 11:27 - 000000082 _____ C:\Windows\system32\winsevr.dat
2018-05-25 17:26 - 2018-05-25 21:51 - 000000000 ____D C:\ProgramData\AomeiBR
2018-05-25 17:26 - 2018-05-25 17:26 - 000001023 _____ C:\Users\Public\Desktop\AOMEI Backupper Standard.lnk
2018-05-25 17:25 - 2018-06-13 11:27 - 000000000 ____D C:\Program Files\AOMEI Backupper
2018-05-25 17:25 - 2018-05-25 17:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper
2018-05-25 17:25 - 2017-09-01 18:12 - 000034864 _____ C:\Windows\system32\amwrtdrv.sys
2018-05-25 17:25 - 2016-12-21 22:54 - 000046896 _____ C:\Windows\system32\ambakdrv.sys
2018-05-25 17:25 - 2016-12-21 22:53 - 000150192 _____ C:\Windows\system32\ammntdrv.sys
2018-05-25 17:19 - 2018-05-25 17:21 - 054336672 _____ (AOMEI Technology Co., Ltd. ) C:\Users\Bill\Downloads\Backupper.exe
2018-05-25 16:25 - 2018-05-25 16:25 - 000001950 _____ C:\Users\Public\Desktop\Macrium Reflect.lnk
2018-05-25 16:25 - 2018-05-25 16:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2018-05-25 16:25 - 2018-05-25 16:25 - 000000000 ____D C:\Program Files\Macrium
2018-05-25 16:13 - 2018-05-25 17:00 - 000000000 ____D C:\ProgramData\Macrium
2018-05-25 16:13 - 2018-05-25 16:19 - 000000000 ____D C:\Users\Bill\Downloads\Macrium
2018-05-25 16:12 - 2018-05-25 16:12 - 003758120 _____ (Paramount Software UK Ltd) C:\Users\Bill\Downloads\ReflectDLHF.exe
2018-05-25 11:08 - 2018-05-10 20:40 - 000741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-05-25 11:08 - 2018-05-10 20:40 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2018-05-25 11:08 - 2018-05-10 20:39 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2018-05-25 11:08 - 2018-04-06 12:38 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-05-21 12:19 - 2018-05-21 12:19 - 000001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-05-21 12:19 - 2018-05-21 12:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-05-21 12:13 - 2018-05-21 12:18 - 000000000 ____D C:\Program Files\iTunes
2018-05-15 16:16 - 2018-05-15 16:16 - 000000913 _____ C:\Users\Public\Desktop\Anki.lnk
2018-05-15 16:14 - 2018-05-15 16:15 - 029616771 _____ C:\Users\Bill\Downloads\anki-2.0.51.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-13 15:40 - 2016-11-16 14:57 - 000000000 ____D C:\Users\Bill\AppData\LocalLow\Mozilla
2018-06-13 15:39 - 2016-04-20 14:31 - 000000000 ____D C:\FRST
2018-06-13 15:28 - 2016-04-22 11:51 - 000000000 ____D C:\Users\Bill\AppData\Local\CrashDumps
2018-06-13 11:36 - 2009-07-14 00:34 - 000014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-13 11:36 - 2009-07-14 00:34 - 000014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-13 11:26 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-13 11:25 - 2017-11-22 14:59 - 000000000 ____D C:\Program Files\Nightly
2018-06-13 11:25 - 2014-05-13 20:02 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-06-12 21:55 - 2014-05-14 16:25 - 000000000 ____D C:\Users\Bill\AppData\Roaming\Kodi
2018-06-12 15:46 - 2016-05-03 12:17 - 000002170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-12 15:46 - 2016-05-03 12:17 - 000002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-12 11:10 - 2016-12-04 12:20 - 000000000 ____D C:\Users\Bill\Documents\Beigebook
2018-06-10 22:22 - 2014-12-21 09:35 - 000000000 ____D C:\Users\Bill\AppData\Roaming\Anki2
2018-06-09 16:03 - 2017-03-16 18:52 - 000000000 ____D C:\Users\Bill\AppData\Roaming\ArcSoft
2018-06-09 16:03 - 2015-08-09 15:10 - 000000000 ____D C:\Users\Bill\AppData\Roaming\KeePass
2018-06-09 16:03 - 2015-07-04 11:01 - 000000000 ____D C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NASA's Eyes
2018-06-09 16:03 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\registration
2018-06-09 16:03 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
2018-06-09 13:42 - 2014-09-24 17:12 - 000000000 ____D C:\Users\Bill\AppData\Local\Adobe
2018-06-09 13:39 - 2014-05-14 10:52 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-06-09 13:39 - 2014-05-14 10:52 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-06-09 13:39 - 2014-05-14 10:52 - 000000000 ____D C:\Windows\system32\Macromed
2018-06-08 21:43 - 2014-05-14 16:54 - 000000000 ____D C:\Users\Bill\AppData\Local\ESET
2018-06-08 15:57 - 2016-04-27 11:38 - 001030346 _____ C:\Windows\ntbtlog.txt
2018-06-07 22:38 - 2014-11-10 07:01 - 000000000 ____D C:\Users\Bill\Documents\BankofAmerica
2018-06-02 15:54 - 2014-05-16 08:55 - 000000000 ____D C:\Windows\Downloaded Installations
2018-06-02 15:39 - 2015-10-22 09:58 - 000015196 _____ C:\Users\Bill\Documents\Database.kdb
2018-05-25 19:01 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\rescache
2018-05-23 19:09 - 2014-05-14 15:24 - 000000000 ____D C:\Users\Bill\AppData\Local\ElevatedDiagnostics
2018-05-23 08:37 - 2017-02-08 22:11 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2018-05-22 11:35 - 2017-05-20 09:52 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-05-21 12:18 - 2017-09-14 22:04 - 000000000 ____D C:\Program Files\iPod
2018-05-16 23:45 - 2015-04-16 11:50 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-15 16:16 - 2014-12-21 01:18 - 000000925 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
2018-05-15 16:16 - 2014-12-21 01:18 - 000000000 ____D C:\Program Files\Anki

==================== Files in the root of some directories =======

2016-02-27 20:16 - 2016-02-27 20:16 - 000000000 ____H () C:\Users\Bill\AppData\Local\BITB7D9.tmp
2014-05-14 15:23 - 2014-05-14 15:23 - 000000017 _____ () C:\Users\Bill\AppData\Local\resmon.resmoncfg
2016-04-29 09:45 - 2016-04-29 09:51 - 000000000 _____ () C:\Users\Bill\AppData\Local\{9A81729D-FD6F-4398-B9EF-A67153513C44}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-07 02:50

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06.06.2018 01
Ran by Bill (13-06-2018 15:53:01)
Running from C:\Users\Bill\Downloads
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2002-01-01 08:29:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2418160549-1670195301-1622969964-500 - Administrator - Disabled)
Bill (S-1-5-21-2418160549-1670195301-1622969964-1002 - Administrator - Enabled) => C:\Users\Bill
Guest (S-1-5-21-2418160549-1670195301-1622969964-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-2418160549-1670195301-1622969964-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AV: ESET NOD32 Antivirus (Disabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus (Disabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.12 (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Anki (HKLM\...\Anki) (Version:  - )
AOMEI Backupper Standard (HKLM\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Apple Application Support (32-bit) (HKLM\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0C2DA7BB-67D2-4F9E-A80F-EC59037F9F9A}) (Version: 11.3.1.6 - Apple Inc.)
Apple Software Update (HKLM\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
AT&T Troubleshoot & Resolve (HKLM\...\ATT-AT&T Troubleshoot & Resolve) (Version: 8.4.1.12 - AT&T)
Audacity 2.1.1 (HKLM\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
AudibleManager (HKLM\...\AudibleManager) (Version: 2008178128.48.56.3875682 - Audible, Inc.)
BabasChess (HKLM\...\{93CF9FA6-2A5E-4F8E-923E-F7D8741CB312}) (Version: 3.9.12275 - RRaf)
BOINC (HKLM\...\{8BE0340D-F2C8-45AE-B136-117169FEF98B}) (Version: 7.10.2 - Space Sciences Laboratory, U.C. Berkeley)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: 4.1.6 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: 1.1.20.13 - Canon Inc.)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: 5.1.0 - Canon Inc.)
Canon MG5700 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5700_series) (Version: 1.00 - Canon Inc.)
Canon MG5700 series On-screen Manual (HKLM\...\Canon MG5700 series On-screen Manual) (Version: 7.8.0 - Canon Inc.)
Canon MG5700 series User Registration (HKLM\...\Canon MG5700 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 3.3.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 3.2.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.6.1 - Canon Inc.)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Emulator Starter (HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\32bce9526e87661e) (Version: 1.0.0.141 - Free Game Empire)
ESET Security (HKLM\...\{E567E054-DD31-4608-ACB3-A89658672639}) (Version: 11.1.54.0 - ESET, spol. s r.o.)
FBReader for Windows (HKLM\...\FBReader for Windows) (Version:  - )
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
FOREXTraderPro (HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\1df0cdb088182ccc) (Version: 3.2.0.27 - FOREXTraderPro)
Free MP3 Cutter 2.1 (HKLM\...\{847E0734-4457-4B48-BF49-998D1CF2CFA1}_is1) (Version: 2.1 - PolySoft Solutions)
FXCM Trading Station (HKLM\...\{494367EC-82A9-4C0D-A788-74A967998E8C}) (Version: 111313 - FXCM) Hidden
FXCM Trading Station (HKLM\...\FXCM Trading Station) (Version: 111313 - )
GoGear VIBE Device Manager (HKLM\...\{CC8E0363-B20C-4792-8A1C-8DF5E01B68A6}) (Version: 01.06 - Philips)
Google Chrome (HKLM\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{D1D4D7EA-62B8-4665-9FF7-02A91B925CC9}) (Version: 1.0.18.74 - Google)
HostsMan 4.5.102 (HKLM\...\{1A3DD1A9-7B7B-4ECA-AD2F-98466F49F62C}_is1) (Version: 4.5.102.0 - abelhadigital.com)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{4BEA72D4-63AB-4720-8E6B-95986802CD41}) (Version: 12.7.4.80 - Apple Inc.)
Java 8 Update 171 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
JOSM 13053 (HKLM\...\JOSM) (Version: 13053 - OpenStreetMap JOSM team)
KeePass Password Safe 1.35 (HKLM\...\KeePass Password Safe_is1) (Version: 1.35 - Dominik Reichl)
Kodi (HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\Kodi) (Version:  - XBMC-Foundation)
Learn To Speak Spanish 8.1 (HKLM\...\Learn To Speak Spanish 8.1) (Version:  - )
LG United Mobile Drivers (HKLM\...\{F193D8D7-3D5E-4DB5-A74C-F8CD5378EE7B}) (Version: 3.12.3.0 - LG Electronics)
Macrium Reflect Free Edition (HKLM\...\{5E2785E5-B964-4771-B037-642F9B5F4304}) (Version: 7.1.3196 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.1 - Paramount Software (UK) Ltd.)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Media Converter for Philips (HKLM\...\{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}) (Version: 2.5.2.231 - ArcSoft)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla A Team - mozregression-gui - regression range finder for Mozilla nightly and inbound builds (HKLM\...\Mozilla A Team mozregression-gui) (Version:  - "Mozilla A Team")
Mozilla Firefox 60.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 60.0.1 (x86 en-US)) (Version: 60.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0.0.6737 - Mozilla)
Mozilla Thunderbird 52.8.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 52.8.0 (x86 en-US)) (Version: 52.8.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nightly 62.0a1 (x86 en-US) (HKLM\...\Nightly 62.0a1 (x86 en-US)) (Version: 62.0a1 - Mozilla)
Node.js (HKLM\...\{C6249A36-0049-4492-9E4E-1DDD819ED0EA}) (Version: 0.10.32 - Joyent, Inc. and other Node contributors)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 309.08 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
OpenOffice 4.1.5 (HKLM\...\{ABCAD346-4F4B-49E9-9AA1-28EF8C26059D}) (Version: 4.15.9789 - Apache Software Foundation)
Oracle VM VirtualBox 5.0.10 (HKLM\...\{5EF918B8-5E04-4DB2-98CE-A0EAD834CD99}) (Version: 5.0.10 - Oracle Corporation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
SSA Benefit Calculator (HKLM\...\{340D61BB-350A-40F4-8CFD-4F860E12066E}) (Version: 1.17.0001 - Social Security Administration)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1146 - SUPERAntiSpyware.com)
thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
Visual MP3 Splitter & Joiner 9.1 (HKLM\...\Visual MP3 Splitter & Joiner_is1) (Version:  - ManiacTools.com)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Yahoo Search Set (HKLM\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)
ZoneAlarm Firewall (HKLM\...\{F21C5C41-E759-472F-B5AE-501AC583B693}) (Version: 15.0.653.17211 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM\...\ZoneAlarm Free Firewall) (Version: 15.0.653.17211 - Check Point)
ZoneAlarm Security (HKLM\...\{06F804D0-A69C-423A-8F77-A158EA7DF295}) (Version: 15.0.653.17211 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar  (HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001_Classes\CLSID\{79b4acff-94d2-58c5-baf6-23df99c7fcba}\InprocServer32 -> C:\Program Files\thinkorswim\npthinkorswim.dll (TD Ameritrade)
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001_Classes\CLSID\{cacd3178-4c86-52cb-87bf-eb0ef10e6e26}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll => No File
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001_Classes\CLSID\{dcc9a6f3-492c-5f51-a65d-3dd92b26c165}\InprocServer32 -> C:\Program Files\thinkorswim\nptossc.dll (TD Ameritrade)
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{79b4acff-94d2-58c5-baf6-23df99c7fcba}\InprocServer32 -> C:\Program Files\thinkorswim\npthinkorswim.dll (TD Ameritrade)
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{cacd3178-4c86-52cb-87bf-eb0ef10e6e26}\InprocServer32 -> C:\Users\Bill\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll (Jet Propulsion Laboratory)
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{dcc9a6f3-492c-5f51-a65d-3dd92b26c165}\InprocServer32 -> C:\Program Files\thinkorswim\nptossc.dll (TD Ameritrade)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-04-19] (ESET)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-04-19] (ESET)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-01-30] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-04-19] (ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01D6D764-20BD-451A-A9CC-6F998ABBB013} - System32\Tasks\{7885DD0E-5774-4C45-830E-4C1C0A82095D} => C:\Windows\system32\pcalua.exe -a "D:\Program Files\Candleworks\FXTS2\uninstall.exe" -d "D:\Program Files\Candleworks\FXTS2"
Task: {1A170C42-1087-4C4C-A830-5C98D1FC34CA} - System32\Tasks\{195763AC-E88D-438C-AC41-D8E4019922F5} => C:\Windows\system32\pcalua.exe -a "D:\Program Files\Candleworks\FXTS2\PackageInstaller.exe" -d "D:\Program Files\Candleworks\FXTS2"
Task: {3C845A57-6CB0-4070-BA5B-58AC308643F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {3D7B50E8-B041-4D75-99A1-89C467D2336C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {581A306E-8CAF-4778-A5BB-BA743F7C8234} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {669958E6-9BD7-4BA3-930B-44064394C2D3} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {670B73DA-7476-43CA-8AC7-96AF7DBFD24F} - System32\Tasks\{8C91B3E4-ACDF-4D96-A31E-90640E226FAA} => "d:\my documents\firefox\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?page=tsMain
Task: {763D5137-BEA8-4A41-A32C-CC6F62270A04} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {76E90059-73A8-43C7-9F25-611FFD0336C1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {8E6482E0-C5AC-4827-852C-D0416771016E} - System32\Tasks\Process Explorer-User-PC-Bill => C:\USERS\BILL\DESKTOP\PROCEXP.EXE [2014-10-24] (Sysinternals - www.sysinternals.com)
Task: {A7EF5846-548E-4247-9D52-FAAE5D057CB3} - System32\Tasks\{B270F1A5-6A6E-4541-B6AA-B7CD8ACC1C16} => C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe [2018-06-05] (Malwarebytes)
Task: {B92833B5-DE72-4858-841F-E54D8921AF60} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {CC697D85-1CDF-4C41-BA11-04EDCEC52432} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-09] (Adobe Systems Incorporated)
Task: {D08F5256-1FAF-46D1-96EE-6C8133B07451} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_113_Plugin.exe [2018-06-09] (Adobe Systems Incorporated)
Task: {EE8D1B4E-1847-459B-90EA-F0C3CA141366} - System32\Tasks\{2AC29BEB-AD66-4753-A31F-4FFB1F4B78FE} => D:\OLD HARD DRIVE\Program Files\iTunes\iTunes.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Bill\Desktop\run_guiguts.bat - Shortcut.lnk -> D:\OLD HARD DRIVE\DP\guiguts-win-1.0.24\run_guiguts.bat ()

ShortcutWithArgument: C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js command prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files\nodejs\nodevars.bat"

==================== Loaded Modules (Whitelisted) ==============

2014-05-13 08:37 - 2015-01-30 20:48 - 000078480 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2018-03-16 15:20 - 2018-03-16 15:20 - 001042232 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-03-16 15:20 - 2018-03-16 15:20 - 000076088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-05-25 17:25 - 2018-05-25 17:27 - 000974696 _____ () C:\Program Files\AOMEI Backupper\UiLogic.dll
2018-05-25 17:25 - 2018-05-25 17:26 - 000266096 _____ () C:\Program Files\AOMEI Backupper\diskmgr.dll
2018-05-25 17:25 - 2018-05-25 17:25 - 000335720 _____ () C:\Program Files\AOMEI Backupper\Comn.dll
2018-05-25 17:25 - 2018-05-25 17:26 - 000089968 _____ () C:\Program Files\AOMEI Backupper\Ldm.dll
2018-05-25 17:25 - 2018-05-25 17:25 - 000073584 _____ () C:\Program Files\AOMEI Backupper\Device.dll
2018-05-25 17:25 - 2018-05-25 17:24 - 000298856 _____ () C:\Program Files\AOMEI Backupper\BrFat.dll
2018-05-25 17:25 - 2018-05-25 17:24 - 000978792 _____ () C:\Program Files\AOMEI Backupper\BrNtfs.dll
2018-05-25 17:25 - 2018-05-25 17:26 - 000139112 _____ () C:\Program Files\AOMEI Backupper\FuncLogic.dll
2018-05-25 17:25 - 2018-05-25 17:25 - 000339816 _____ () C:\Program Files\AOMEI Backupper\Clone.dll
2018-05-25 17:25 - 2018-05-25 17:26 - 000360304 _____ () C:\Program Files\AOMEI Backupper\ImgFile.dll
2018-05-25 17:25 - 2018-05-25 17:26 - 000040808 _____ () C:\Program Files\AOMEI Backupper\Encrypt.dll
2018-05-25 17:25 - 2018-05-25 17:25 - 000081776 _____ () C:\Program Files\AOMEI Backupper\Compress.dll
2018-05-25 17:25 - 2018-05-25 17:25 - 000114536 _____ () C:\Program Files\AOMEI Backupper\BrVol.dll
2018-05-25 17:25 - 2018-05-25 17:26 - 000266096 _____ () C:\Program Files\AOMEI Backupper\GptBcd.dll
2018-05-25 17:25 - 2018-05-25 17:26 - 000175984 _____ () C:\Program Files\AOMEI Backupper\FlBackup.dll
2018-05-25 17:25 - 2018-05-25 17:26 - 000499568 _____ () C:\Program Files\AOMEI Backupper\EnumFolder.dll
2018-05-25 17:25 - 2018-05-25 17:25 - 000188272 _____ () C:\Program Files\AOMEI Backupper\DeviceMgr.dll
2018-05-25 17:25 - 2018-05-25 17:24 - 000126832 _____ () C:\Program Files\AOMEI Backupper\Backup.dll
2018-05-25 17:25 - 2018-05-25 17:27 - 000724840 _____ () C:\Program Files\AOMEI Backupper\Sync.dll
2018-05-25 17:25 - 2018-05-25 17:24 - 000114536 _____ () C:\Program Files\AOMEI Backupper\BrLog.dll
2018-05-25 17:25 - 2015-05-21 14:32 - 002403504 _____ () C:\Program Files\AOMEI Backupper\QtCore4.dll
2016-06-10 15:25 - 2016-02-05 09:53 - 000387144 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2018-06-02 15:47 - 2018-06-05 02:33 - 001930960 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-08 08:07 - 2018-04-08 08:07 - 001042232 _____ () C:\Program Files\iTunes\libxml2.dll
2018-04-08 08:08 - 2018-04-08 08:08 - 000076088 _____ () C:\Program Files\iTunes\zlib1.dll
2013-10-17 16:48 - 2013-10-17 16:48 - 000190976 _____ () D:\Program Files\BOINC\zlib1.dll
2018-04-08 08:05 - 2018-04-08 08:05 - 000189752 _____ () C:\Program Files\iTunes\libxslt.dll
2018-03-01 15:06 - 2018-03-01 16:47 - 053285888 _____ () D:\ProgramData\BOINC\projects\boinc.bakerlab.org_rosetta\rosetta_4.07_windows_intelx86.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7879 more sites.

IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\123simsen.com -> www.123simsen.com

There are 7879 more sites.

IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\123simsen.com -> www.123simsen.com

There are 7879 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-04-16 12:06 - 2016-03-22 12:29 - 000450452 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15484 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: ekrn => 2
MSCONFIG\startupreg: egui => "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
MSCONFIG\startupreg: ZoneAlarm => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AEB43404-0826-4510-9A4E-D0CFE8B19568}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{8489109D-937C-40A7-B434-951338F7BC36}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{E49C742A-EACE-4D9A-BC41-1977E3FAF3FF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{F91F8C79-A7E6-40F4-BA03-6AD8D15B4A5B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CAD217DB-2040-44BA-A457-BDC36CCFFD54}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D5BEB976-7E5E-4EFA-AB05-899A2AD4DF3F}] => (Allow) D:\My Documents\Firefox\Mozilla Firefox\firefox.exe
FirewallRules: [{32028FDA-2124-44F4-872E-8046875A3526}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7B11CA1B-6D6B-495A-AD84-A3563B3AF471}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CB4EF68D-A6B8-4E23-9DEA-65DB62DB088B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{20375D5B-D894-4C81-B356-421B111FC0CB}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{BD04B4C4-44FA-4617-A9BA-6A68E3AB7FBA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8BAC6521-A14F-4C25-9EEB-941A2DD4142B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2E68D5ED-C3AB-477C-8ADB-02A3D30EF3DE}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{17EEDD81-2FD8-42A6-97FA-8F995C147926}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{F82ED1E5-99EC-48B4-B90A-1896F1C06F7C}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{F63B029F-216E-46A2-ADC8-1FA9E485DC1E}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe

==================== Restore Points =========================

09-06-2018 14:29:00 Restore Operation
09-06-2018 18:06:59 Windows Update
10-06-2018 19:03:36 Windows Backup
13-06-2018 11:50:40 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/13/2018 03:28:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: KeePass.exe, version: 1.35.0.0, time stamp: 0x5a4b59b4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0049c188
Faulting process id: 0x1a3c
Faulting application start time: 0x01d403381e4d2478
Faulting application path: C:\Program Files\KeePass Password Safe\KeePass.exe
Faulting module path: unknown
Report Id: e3d5edd8-6f3f-11e8-b039-001d923b8f1d

Error: (06/11/2018 10:18:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Kodi.exe version 17.6.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 258c

Start Time: 01d401f232908728

Termination Time: 0

Application Path: C:\Program Files\Kodi\Kodi.exe

Report Id: 7c54b929-6de6-11e8-b12e-001d923b8f1d

Error: (06/10/2018 11:55:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 62.0.0.6735, time stamp: 0x5b1d0ef0
Faulting module name: xul.dll, version: 62.0.0.6735, time stamp: 0x5b1d0ede
Exception code: 0x80000003
Fault offset: 0x010f7b52
Faulting process id: 0x10cc
Faulting application start time: 0x01d40137e217c668
Faulting application path: C:\Program Files\Nightly\plugin-container.exe
Faulting module path: C:\Program Files\Nightly\xul.dll
Report Id: 521f4f08-6d2b-11e8-865a-001d923b8f1d

Error: (06/10/2018 07:05:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 62.0.0.6735, time stamp: 0x5b1d09c6
Faulting module name: xul.dll, version: 62.0.0.6735, time stamp: 0x5b1d0ede
Exception code: 0x80000003
Fault offset: 0x011c7b57
Faulting process id: 0x214
Faulting application start time: 0x01d4010ee0f91c38
Faulting application path: C:\Program Files\Nightly\firefox.exe
Faulting module path: C:\Program Files\Nightly\xul.dll
Report Id: ce655248-6d02-11e8-865a-001d923b8f1d

Error: (06/10/2018 06:49:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 62.0.0.6735, time stamp: 0x5b1d0ef0
Faulting module name: xul.dll, version: 62.0.0.6735, time stamp: 0x5b1d0ede
Exception code: 0x80000003
Fault offset: 0x010f7b52
Faulting process id: 0x1414
Faulting application start time: 0x01d400e70f700928
Faulting application path: C:\Program Files\Nightly\plugin-container.exe
Faulting module path: C:\Program Files\Nightly\xul.dll
Report Id: 90158c58-6d00-11e8-865a-001d923b8f1d

Error: (06/09/2018 04:06:40 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Installed BOINC.). Additional information: 0x80070005.

Error: (06/09/2018 03:12:56 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070005.

Error: (06/09/2018 02:48:09 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070005.


System errors:
=============
Error: (06/13/2018 12:55:05 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.

Error: (06/13/2018 11:26:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ESET Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (06/13/2018 11:26:05 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the ESET Service service to connect.

Error: (06/13/2018 11:25:04 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT AUTHORITY)
Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.

Error: (06/13/2018 05:00:51 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.

Error: (06/12/2018 01:16:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (06/12/2018 01:15:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (06/12/2018 01:13:05 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E2B3C97F-6AE1-41AC-817A-F6F92166D7DD} did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2016-10-25 02:31:02.344
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{E02F107A-A9E7-4D0F-8405-8970E827D07C}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2016-10-24 02:40:32.550
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{46A85C4F-F4A3-473A-9A85-C783BC8D4674}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2016-10-23 23:49:45.936
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{6CB5E68C-1BC4-49B6-B0FC-459F1BD1408D}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2016-10-23 23:27:53.676
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{D47A48F7-5331-48FE-A70E-7632C0240543}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2016-08-07 22:30:39.876
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{6E9D46DA-F714-491D-957B-B94F671ED1F6}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2018-01-06 11:39:22.385
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

Date: 2018-01-06 11:39:22.151
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:1.251.468.0
Previous Signature Version:
Update Source:Signature Update Folder
Signature Type:AntiSpyware
Update Type:Full
Current Engine Version:1.1.13804.0
Previous Engine Version:
Error code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2018-01-06 11:39:22.151
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.13804.0
Previous Engine Version:
Update Source:Signature Update Folder
Error Code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2018-01-06 10:44:56.470
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

Date: 2018-01-06 10:44:56.299
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:1.251.468.0
Previous Signature Version:
Update Source:Signature Update Folder
Signature Type:AntiSpyware
Update Type:Full
Current Engine Version:1.1.13804.0
Previous Engine Version:
Error code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

==================== Memory info ===========================

Processor: AMD Athlon™ 64 X2 Dual Core Processor 3800+
Percentage of memory in use: 80%
Total physical RAM: 3007.43 MB
Available physical RAM: 579.56 MB
Total Virtual: 6013.21 MB
Available Virtual: 3356.74 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:250.86 GB) (Free:132.83 GB) NTFS
Drive d: (DATA) (Fixed) (Total:214.8 GB) (Free:45.74 GB) NTFS
Drive f: (DATA DRIVE  (Remember to BACKUP)) (Fixed) (Total:396.22 GB) (Free:56.28 GB) NTFS

\\?\Volume{fc352f24-fe8f-11d5-a60e-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 6B4876E1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=250.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=214.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 61D26694)
Partition 1: (Not Active) - (Size=396.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:31 AM

Posted 13 June 2018 - 09:32 PM

Hi

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:

  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)

Let's begin... :)

  • Highlight the entire content of the quote box below.

Start::

ZoneAlarm Firewall (HKLM\...\{F21C5C41-E759-472F-B5AE-501AC583B693}) (Version: 15.0.653.17211 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security (HKLM\...\{06F804D0-A69C-423A-8F77-A158EA7DF295}) (Version: 15.0.653.17211 - Check Point Software Technologies Ltd.) Hidden
End::


  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

 

Go to the Control panel and remove all programs related to Zone Alarm. Restart and give it a try.

 

Let me know the outcome.
 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:31 AM

Posted 16 June 2018 - 12:45 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:31 AM

Posted 16 June 2018 - 03:28 PM

Sent Today, 10:15 AM
https://www.bleepingcomputer.com/forums/t/679046/cannot-start-eset-antivirus-or-windows-defender/?hl=%2Beset#entry4511437

Please reopen. Feverish last night. Went to bed 8 pm. Made a point to get back up around midnight and try to get this done but had to go back to bed.

Ran it when I got up today.

Fix result of Farbar Recovery Scan Tool (x86) Version: 06.06.2018 01
Ran by Bill (16-06-2018 09:39:30) Run:1
Running from C:\Users\Bill\Downloads
Loaded Profiles: UpdatusUser & Bill (Available Profiles: UpdatusUser & Bill)
Boot Mode: Normal

==============================================

fixlist content:
*****************
ZoneAlarm Firewall (HKLM\...\{F21C5C41-E759-472F-B5AE-501AC583B693}) (Version: 15.0.653.17211 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security (HKLM\...\{06F804D0-A69C-423A-8F77-A158EA7DF295}) (Version: 15.0.653.17211 - Check Point Software Technologies Ltd.) Hidden

*****************

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F21C5C41-E759-472F-B5AE-501AC583B693}\\SystemComponent" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{06F804D0-A69C-423A-8F77-A158EA7DF295}\\SystemComponent" => removed successfully.

==== End of Fixlog 09:39:35 ====

Uninstalled ZoneAlarm.

Eset still not loading on startup.

Thank you.

Bill

 

 

Please also remove Spybot, Search and destroy as it will interfere with our fixes.

 

Rescan with FRST and post new reports.

  • Double-click to run it.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 aabill

aabill
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeast Michigan
  • Local time:03:31 AM

Posted 18 June 2018 - 03:20 PM

Before I was sure you could reopen this post, I uninstalled and reinstalled Eset Antivirus. It worked this time. It didn't before you helped me.

 

I deleted any Spybot files I could find. I think I uninstalled it a couple years ago.

 

Let me know if there is anything else I should do.

 

Eset is working fine now. I have not reinstalled Zone Alarm. Thank you very much.

 

Here are Frst results:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06.06.2018 01
Ran by Bill (administrator) on USER-PC (18-06-2018 15:50:44)
Running from C:\Users\Bill\Downloads
Loaded Profiles: UpdatusUser & Bill (Available Profiles: UpdatusUser & Bill)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AOMEI Tech Co., Ltd.) C:\Program Files\AOMEI Backupper\ABService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Space Sciences Laboratory) D:\Program Files\BOINC\boinctray.exe
(Space Sciences Laboratory) D:\Program Files\BOINC\boincmgr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Sysinternals - www.sysinternals.com) C:\Users\Bill\Desktop\procexp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Space Sciences Laboratory) D:\Program Files\BOINC\boinc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Mozilla Corporation) C:\Program Files\Nightly\firefox.exe
(Mozilla Corporation) C:\Program Files\Nightly\firefox.exe
(Mozilla Corporation) C:\Program Files\Nightly\firefox.exe
(Mozilla Corporation) C:\Program Files\Nightly\firefox.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
(Microsoft Corporation) C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Nightly\firefox.exe
(Mozilla Corporation) C:\Program Files\Nightly\firefox.exe
() D:\ProgramData\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_3.78_windows_intelx86.exe
() D:\ProgramData\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_3.78_windows_intelx86.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TkBellExe] => "D:\OLD HARD DRIVE\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
HKLM\...\Run: [SDTray] => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1298456 2015-04-20] (CANON INC.)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207360 2010-03-18] (ArcSoft Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [262456 2018-04-08] (Apple Inc.)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [2772128 2017-10-01] (Paramount Software UK Ltd)
HKLM\...\Run: [boinctray] => D:\Program Files\BOINC\boinctray.exe [63776 2018-05-03] (Space Sciences Laboratory)
HKLM\...\Run: [boincmgr] => D:\Program Files\BOINC\boincmgr.exe [7212832 2018-05-03] (Space Sciences Laboratory)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [170128 2018-04-19] (ESET)
HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7765936 2018-03-24] (SUPERAntiSpyware)
HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\Run: [SpybotPostWindows10UpgradeReInstall] => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\Run: [Spybot-S&D Cleaning] => "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\MountPoints2: {3bb06430-8f99-11e5-9817-001d923b8f1d} - G:\LG_PC_Programs.exe
HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\boinc.scr [1090848 2018-05-03] (Space Sciences Laboratory)
HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
IFEO\taskmgr.exe: [Debugger] "C:\USERS\BILL\DESKTOP\PROCEXP.EXE"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Philips GoGear VIBE Device Manager.lnk [2017-03-13]
ShortcutTarget: Philips GoGear VIBE Device Manager.lnk -> C:\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe (Philips)
Startup: C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\procexp.exe - Shortcut.lnk [2016-05-22]
ShortcutTarget: procexp.exe - Shortcut.lnk -> C:\Users\Bill\Desktop\procexp.exe (Sysinternals - www.sysinternals.com)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{045109CF-63E5-4646-9997-E79FA33A08E4}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002 -> {D1A2BC1B-1742-45C1-B91A-102AA5933F89} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: IEPlugin Class -> {11222041-111B-46E3-BD29-EFB2449479B1} -> C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll [2008-12-24] (ArcSoft, Inc.)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-04-18] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-18] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
IE Session Restore: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002 -> is enabled.

FireFox:
========
FF DefaultProfile: vb007v2r.default
FF ProfilePath: C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\vb007v2r.default [2018-06-18]
FF Homepage: Mozilla\Firefox\Profiles\vb007v2r.default -> hxxps://att.yahoo.com/
FF Session Restore: Mozilla\Firefox\Profiles\vb007v2r.default -> is enabled.
FF Extension: (MinimaList — To-Do List) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\vb007v2r.default\Extensions\addon@minimalist.com.xpi [2017-11-17]
FF Extension: (DNS Over HTTPS) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\vb007v2r.default\Extensions\httpdns@shield.mozilla.org.xpi [2018-06-04]
FF Extension: (NoScript) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\vb007v2r.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-05-30]
FF Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\vb007v2r.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2018-06-05]
FF Extension: (ReminderFox) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\vb007v2r.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}.xpi [2017-06-27] [Legacy]
FF ProfilePath: C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\njl9f3o4.Nightly [2018-01-26]
FF HKLM\...\Firefox\Extensions: [{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}] - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox
FF Extension: (Internet Video Downloader) - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2017-03-16] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_30_0_0_113.dll [2018-06-09] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2013-12-18] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-18] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\ATT\8.4.1.12\ma\bin\npMotive.dll [2014-08-27] (Alcatel-Lucent)
FF Plugin: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2418160549-1670195301-1622969964-1002: jpl.nasa.gov/NASAEyes -> C:\Users\Bill\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2018-05-02] (Jet Propulsion Laboratory)
FF Plugin HKU\S-1-5-21-2418160549-1670195301-1622969964-1002: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2017-02-24] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-2418160549-1670195301-1622969964-1002: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2017-02-24] (TD Ameritrade)
StartMenuInternet: Firefox-A3710B8EBB50CD3 - C:\Program Files\Nightly\firefox.exe

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default [2018-06-18]
CHR Extension: (Docs) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-15]
CHR Extension: (IBM Security Rapport) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2018-03-17]
CHR Extension: (YouTube) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-15]
CHR Extension: (Google Search) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-26]
CHR Extension: (Yahoo Partner) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dofoafnmdocgkdphpkdooahjkhpmakjd [2018-05-05]
CHR Extension: (Share link via email) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdbkikfbnnhmachnnomjfgjbgkcnjkb [2018-05-05]
CHR Extension: (Google Docs Offline) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Chromebook Recovery Utility) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndclpdbaamdhonoechobihbbiimdgai [2017-09-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
CHR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2018-06-05]
CHR Extension: (Launch Readlang Web Reader) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\odpdkefpnfejbfnmdilmfhephfffmfoh [2017-05-17]
CHR Extension: (Gmail) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-26]
CHR Extension: (Chrome Media Router) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-09]
CHR Profile: C:\Users\Bill\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-04]
CHR HKLM\...\Chrome\Extension: [dofoafnmdocgkdphpkdooahjkhpmakjd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-02-08] (SUPERAntiSpyware.com)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Backupper Service; C:\Program Files\AOMEI Backupper\ABService.exe [122728 2018-05-25] (AOMEI Tech Co., Ltd.)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [1748896 2018-04-19] (ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [1748896 2018-04-19] (ESET)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [387144 2016-02-05] ()
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3298792 2017-11-09] (Paramount Software UK Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
R2 pcCMService; C:\Program Files\Common Files\Motive\pcCMService.exe [369152 2013-10-22] (Alcatel-Lucent) [File not signed]
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S4 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [46896 2016-12-21] ()
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [150192 2016-12-21] ()
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [34864 2017-09-01] ()
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2014-05-27] (Google Inc)
S3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus.sys [15744 2014-05-27] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [24064 2014-07-07] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [28672 2014-07-07] (LG Electronics Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [120728 2018-04-12] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150784 2018-04-12] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [93688 2018-04-12] (ESET)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [220896 2018-06-16] (Malwarebytes)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [98704 2015-11-10] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [163576 2015-11-10] (Oracle Corporation)
S3 ESETCleanersDriver; \??\C:\Windows\system32\Drivers\ESETCleanersDriver.sys [X]
U3 iswSvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-18 14:17 - 2018-06-18 14:19 - 000022701 _____ C:\Users\Bill\Downloads\unins000.msg
2018-06-18 14:16 - 2018-06-18 14:16 - 000193255 _____ C:\Users\Bill\Downloads\unins000.dat
2018-06-18 14:10 - 2018-06-18 14:11 - 001273648 _____ C:\Users\Bill\Downloads\unins000.exe
2018-06-17 23:04 - 2018-06-17 23:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2018-06-17 23:04 - 2018-06-17 23:04 - 000000000 ____D C:\ProgramData\ESET
2018-06-17 23:04 - 2018-06-17 23:04 - 000000000 ____D C:\Program Files\ESET
2018-06-17 19:11 - 2018-06-17 19:11 - 004279416 _____ (ESET) C:\Users\Bill\Downloads\eset_nod32_antivirus_live_installer.exe
2018-06-16 17:54 - 2018-06-16 17:54 - 000000922 _____ C:\Users\Bill\Desktop\esetuninstaller(2).exe - Shortcut.lnk
2018-06-16 17:51 - 2018-06-16 17:51 - 001090168 _____ (ESET) C:\Users\Bill\Desktop\esetuninstaller(2).exe
2018-06-16 09:39 - 2018-06-16 09:39 - 000000962 _____ C:\Users\Bill\Downloads\Fixlog.txt
2018-06-15 21:44 - 2018-06-15 21:44 - 000001049 _____ C:\Users\Bill\Desktop\FRST.exe - Shortcut.lnk
2018-06-15 11:12 - 2018-05-29 15:40 - 000348824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-06-15 11:12 - 2018-05-28 22:32 - 004050624 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-06-15 11:12 - 2018-05-28 22:32 - 003962048 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-06-15 11:12 - 2018-05-28 22:32 - 000189632 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-06-15 11:12 - 2018-05-28 22:32 - 000189632 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-06-15 11:12 - 2018-05-28 22:32 - 000137920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-06-15 11:12 - 2018-05-28 22:32 - 000136384 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-06-15 11:12 - 2018-05-28 22:32 - 000067264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-06-15 11:12 - 2018-05-28 22:25 - 001310480 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-06-15 11:12 - 2018-05-28 22:22 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-06-15 11:12 - 2018-05-28 22:22 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-06-15 11:12 - 2018-05-28 22:01 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-06-15 11:12 - 2018-05-28 20:04 - 000535616 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-06-15 11:12 - 2018-05-25 00:34 - 020286976 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-06-15 11:12 - 2018-05-25 00:16 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-06-15 11:12 - 2018-05-25 00:15 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-06-15 11:12 - 2018-05-25 00:12 - 002295296 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-06-15 11:12 - 2018-05-25 00:06 - 000662016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-06-15 11:12 - 2018-05-24 23:59 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-06-15 11:12 - 2018-05-24 23:42 - 004496896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-06-15 11:12 - 2018-05-24 23:40 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-06-15 11:12 - 2018-05-24 23:39 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-06-15 11:12 - 2018-05-24 23:38 - 013679616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-06-15 11:12 - 2018-05-24 23:38 - 002060288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-06-15 11:12 - 2018-05-24 23:38 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-06-15 11:12 - 2018-05-24 23:37 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-06-15 11:12 - 2018-05-24 23:19 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-06-15 11:12 - 2018-05-24 23:15 - 001314304 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-06-15 11:12 - 2018-05-24 23:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-06-15 11:12 - 2018-05-14 23:44 - 001214656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-06-15 11:12 - 2018-05-14 23:13 - 003207168 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2018-06-15 11:12 - 2018-05-14 23:13 - 000782848 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2018-06-15 11:12 - 2018-05-14 23:13 - 000103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2018-06-15 11:12 - 2018-05-14 23:01 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2018-06-15 11:12 - 2018-05-14 21:09 - 000410080 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2018-06-15 11:12 - 2018-05-14 21:09 - 000374872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2018-06-15 11:12 - 2018-05-11 21:56 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2018-06-15 11:12 - 2018-05-11 21:56 - 000025984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2018-06-15 11:12 - 2018-05-11 21:56 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2018-06-15 11:11 - 2018-05-28 22:22 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-06-15 11:11 - 2018-05-28 22:22 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-06-15 11:11 - 2018-05-28 22:22 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-06-15 11:11 - 2018-05-28 22:22 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-06-15 11:11 - 2018-05-28 22:22 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-06-15 11:11 - 2018-05-28 22:22 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-06-15 11:11 - 2018-05-28 22:22 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-06-15 11:11 - 2018-05-28 22:22 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-06-15 11:11 - 2018-05-28 22:22 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-06-15 11:11 - 2018-05-28 22:22 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-06-15 11:11 - 2018-05-28 22:22 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-06-15 11:11 - 2018-05-28 22:22 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-06-15 11:11 - 2018-05-28 22:22 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-06-15 11:11 - 2018-05-28 22:22 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-06-15 11:11 - 2018-05-28 22:22 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-06-15 11:11 - 2018-05-28 22:22 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-06-15 11:11 - 2018-05-28 22:22 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-06-15 11:11 - 2018-05-28 22:22 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-06-15 11:11 - 2018-05-28 22:22 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-06-15 11:11 - 2018-05-28 22:22 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-06-15 11:11 - 2018-05-28 22:22 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-06-15 11:11 - 2018-05-28 22:03 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-06-15 11:11 - 2018-05-28 22:03 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-06-15 11:11 - 2018-05-28 22:03 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-06-15 11:11 - 2018-05-28 22:03 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-06-15 11:11 - 2018-05-28 22:03 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-06-15 11:11 - 2018-05-28 22:01 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-06-15 11:11 - 2018-05-28 21:59 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-06-15 11:11 - 2018-05-28 21:59 - 000124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-06-15 11:11 - 2018-05-28 21:59 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-06-15 11:11 - 2018-05-28 21:58 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-06-15 11:11 - 2018-05-28 21:58 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-06-15 11:11 - 2018-05-28 21:58 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-06-15 11:11 - 2018-05-28 21:58 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-06-15 11:11 - 2018-05-25 00:28 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-06-15 11:11 - 2018-05-25 00:28 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-06-15 11:11 - 2018-05-25 00:16 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-06-15 11:11 - 2018-05-25 00:15 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-06-15 11:11 - 2018-05-25 00:14 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-06-15 11:11 - 2018-05-25 00:09 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-06-15 11:11 - 2018-05-25 00:08 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-06-15 11:11 - 2018-05-25 00:07 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-06-15 11:11 - 2018-05-25 00:06 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-06-15 11:11 - 2018-05-25 00:05 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-06-15 11:11 - 2018-05-25 00:05 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-06-15 11:11 - 2018-05-24 23:57 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-06-15 11:11 - 2018-05-24 23:52 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-06-15 11:11 - 2018-05-24 23:52 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-06-15 11:11 - 2018-05-24 23:51 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-06-15 11:11 - 2018-05-24 23:49 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-06-15 11:11 - 2018-05-24 23:48 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-06-15 11:11 - 2018-05-24 23:47 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-06-15 11:11 - 2018-05-24 23:45 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-06-15 11:11 - 2018-05-14 23:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2018-06-15 11:11 - 2018-05-14 23:01 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2018-06-13 15:53 - 2018-06-13 17:34 - 000043836 _____ C:\Users\Bill\Downloads\Addition.txt
2018-06-13 15:39 - 2018-06-18 15:58 - 000019895 _____ C:\Users\Bill\Downloads\FRST.txt
2018-06-13 15:34 - 2018-06-13 15:34 - 001773568 _____ (Farbar) C:\Users\Bill\Downloads\FRST.exe
2018-06-13 15:19 - 2018-06-13 15:20 - 000939272 _____ C:\Users\Bill\Downloads\Statement_05_22_2018.pdf
2018-06-09 18:06 - 2018-06-17 22:51 - 000001945 _____ C:\Windows\epplauncher.mif
2018-06-09 17:49 - 2018-06-09 17:49 - 012231000 _____ (Microsoft Corporation) C:\Users\Bill\Downloads\mseinstall.exe
2018-06-05 02:34 - 2018-06-16 19:07 - 000220896 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-06-02 15:59 - 2018-06-09 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BOINC
2018-06-02 15:54 - 2018-06-02 15:54 - 008636304 _____ (Space Sciences Laboratory, U.C. Berkeley) C:\Users\Bill\Downloads\boinc_7.10.2_windows_intelx86.exe
2018-06-02 15:48 - 2018-06-02 15:48 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-06-02 15:47 - 2018-06-05 02:33 - 000128736 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-06-02 15:47 - 2018-06-02 15:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-02 15:47 - 2018-06-02 15:47 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-05-29 10:41 - 2018-05-28 16:26 - 003885323 _____ C:\Users\Bill\Documents\weather_weekly-05-22-2018 - Copy.pdf
2018-05-28 15:35 - 2018-05-28 16:26 - 007050056 _____ C:\Users\Bill\Documents\weather_weekly-05-15-2018.pdf
2018-05-28 15:35 - 2018-05-28 16:26 - 003885323 _____ C:\Users\Bill\Documents\weather_weekly-05-22-2018.pdf
2018-05-28 11:54 - 2018-05-28 12:00 - 282486851 _____ C:\Users\Bill\Documents\Firefox 60.0.1 (x86 en-US) - 2018-05-28.pcv
2018-05-25 17:28 - 2018-05-25 17:28 - 000001024 ____H C:\SYSTAG.BIN
2018-05-25 17:28 - 2018-05-25 17:28 - 000000000 ____D C:\System Backup(1)
2018-05-25 17:26 - 2018-06-16 19:07 - 000000082 _____ C:\Windows\system32\winsevr.dat
2018-05-25 17:26 - 2018-05-25 21:51 - 000000000 ____D C:\ProgramData\AomeiBR
2018-05-25 17:26 - 2018-05-25 17:26 - 000001023 _____ C:\Users\Public\Desktop\AOMEI Backupper Standard.lnk
2018-05-25 17:25 - 2018-06-16 19:07 - 000000000 ____D C:\Program Files\AOMEI Backupper
2018-05-25 17:25 - 2018-05-25 17:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper
2018-05-25 17:25 - 2017-09-01 18:12 - 000034864 _____ C:\Windows\system32\amwrtdrv.sys
2018-05-25 17:25 - 2016-12-21 22:54 - 000046896 _____ C:\Windows\system32\ambakdrv.sys
2018-05-25 17:25 - 2016-12-21 22:53 - 000150192 _____ C:\Windows\system32\ammntdrv.sys
2018-05-25 17:19 - 2018-05-25 17:21 - 054336672 _____ (AOMEI Technology Co., Ltd. ) C:\Users\Bill\Downloads\Backupper.exe
2018-05-25 16:25 - 2018-05-25 16:25 - 000001950 _____ C:\Users\Public\Desktop\Macrium Reflect.lnk
2018-05-25 16:25 - 2018-05-25 16:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2018-05-25 16:25 - 2018-05-25 16:25 - 000000000 ____D C:\Program Files\Macrium
2018-05-25 16:13 - 2018-05-25 17:00 - 000000000 ____D C:\ProgramData\Macrium
2018-05-25 16:13 - 2018-05-25 16:19 - 000000000 ____D C:\Users\Bill\Downloads\Macrium
2018-05-25 16:12 - 2018-05-25 16:12 - 003758120 _____ (Paramount Software UK Ltd) C:\Users\Bill\Downloads\ReflectDLHF.exe
2018-05-25 11:08 - 2018-05-10 20:40 - 000741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-05-25 11:08 - 2018-05-10 20:40 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2018-05-25 11:08 - 2018-05-10 20:39 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2018-05-25 11:08 - 2018-04-06 12:38 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-05-21 12:19 - 2018-05-21 12:19 - 000001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-05-21 12:19 - 2018-05-21 12:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-05-21 12:13 - 2018-05-21 12:18 - 000000000 ____D C:\Program Files\iTunes

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-18 15:50 - 2016-04-20 14:31 - 000000000 ____D C:\FRST
2018-06-18 13:56 - 2015-08-11 20:20 - 000000000 ____D C:\Program Files\Common Files\AV
2018-06-18 13:26 - 2016-11-16 14:57 - 000000000 ____D C:\Users\Bill\AppData\LocalLow\Mozilla
2018-06-18 10:40 - 2017-11-22 14:59 - 000000000 ____D C:\Program Files\Nightly
2018-06-18 04:23 - 2009-07-14 00:34 - 000014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-18 04:23 - 2009-07-14 00:34 - 000014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-17 19:09 - 2014-05-13 20:02 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-06-17 19:08 - 2017-05-20 09:52 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-06-17 18:16 - 2014-05-14 16:25 - 000000000 ____D C:\Users\Bill\AppData\Roaming\Kodi
2018-06-16 19:07 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-16 18:06 - 2016-04-27 11:38 - 001079668 _____ C:\Windows\ntbtlog.txt
2018-06-16 17:56 - 2015-10-22 09:58 - 000015868 _____ C:\Users\Bill\Documents\Database.kdb
2018-06-16 09:43 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
2018-06-15 13:57 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\rescache
2018-06-15 12:01 - 2014-05-13 08:19 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-15 11:44 - 2014-05-13 08:35 - 000000000 ____D C:\Windows\system32\MRT
2018-06-15 11:41 - 2016-12-04 12:20 - 000000000 ____D C:\Users\Bill\Documents\Beigebook
2018-06-15 11:27 - 2017-10-10 23:14 - 130354992 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-06-15 11:26 - 2014-05-13 08:35 - 130354992 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-06-14 23:50 - 2014-12-21 09:35 - 000000000 ____D C:\Users\Bill\AppData\Roaming\Anki2
2018-06-13 23:04 - 2016-04-22 11:51 - 000000000 ____D C:\Users\Bill\AppData\Local\CrashDumps
2018-06-12 15:46 - 2016-05-03 12:17 - 000002170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-12 15:46 - 2016-05-03 12:17 - 000002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-09 16:03 - 2017-03-16 18:52 - 000000000 ____D C:\Users\Bill\AppData\Roaming\ArcSoft
2018-06-09 16:03 - 2015-08-09 15:10 - 000000000 ____D C:\Users\Bill\AppData\Roaming\KeePass
2018-06-09 16:03 - 2015-07-04 11:01 - 000000000 ____D C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NASA's Eyes
2018-06-09 16:03 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\registration
2018-06-09 13:42 - 2014-09-24 17:12 - 000000000 ____D C:\Users\Bill\AppData\Local\Adobe
2018-06-09 13:39 - 2014-05-14 10:52 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-06-09 13:39 - 2014-05-14 10:52 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-06-09 13:39 - 2014-05-14 10:52 - 000000000 ____D C:\Windows\system32\Macromed
2018-06-08 21:43 - 2014-05-14 16:54 - 000000000 ____D C:\Users\Bill\AppData\Local\ESET
2018-06-07 22:38 - 2014-11-10 07:01 - 000000000 ____D C:\Users\Bill\Documents\BankofAmerica
2018-06-02 15:54 - 2014-05-16 08:55 - 000000000 ____D C:\Windows\Downloaded Installations
2018-05-23 19:09 - 2014-05-14 15:24 - 000000000 ____D C:\Users\Bill\AppData\Local\ElevatedDiagnostics
2018-05-23 08:37 - 2017-02-08 22:11 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2018-05-21 12:18 - 2017-09-14 22:04 - 000000000 ____D C:\Program Files\iPod

==================== Files in the root of some directories =======

2016-02-27 20:16 - 2016-02-27 20:16 - 000000000 ____H () C:\Users\Bill\AppData\Local\BITB7D9.tmp
2014-05-14 15:23 - 2014-05-14 15:23 - 000000017 _____ () C:\Users\Bill\AppData\Local\resmon.resmoncfg
2016-04-29 09:45 - 2016-04-29 09:51 - 000000000 _____ () C:\Users\Bill\AppData\Local\{9A81729D-FD6F-4398-B9EF-A67153513C44}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-17 01:13

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06.06.2018 01
Ran by Bill (18-06-2018 15:58:57)
Running from C:\Users\Bill\Downloads
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2002-01-01 08:29:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2418160549-1670195301-1622969964-500 - Administrator - Disabled)
Bill (S-1-5-21-2418160549-1670195301-1622969964-1002 - Administrator - Enabled) => C:\Users\Bill
Guest (S-1-5-21-2418160549-1670195301-1622969964-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-2418160549-1670195301-1622969964-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.12 (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Anki (HKLM\...\Anki) (Version:  - )
AOMEI Backupper Standard (HKLM\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Apple Application Support (32-bit) (HKLM\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0C2DA7BB-67D2-4F9E-A80F-EC59037F9F9A}) (Version: 11.3.1.6 - Apple Inc.)
Apple Software Update (HKLM\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
AT&T Troubleshoot & Resolve (HKLM\...\ATT-AT&T Troubleshoot & Resolve) (Version: 8.4.1.12 - AT&T)
Audacity 2.1.1 (HKLM\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
AudibleManager (HKLM\...\AudibleManager) (Version: 2008178128.48.56.3875682 - Audible, Inc.)
BabasChess (HKLM\...\{93CF9FA6-2A5E-4F8E-923E-F7D8741CB312}) (Version: 3.9.12275 - RRaf)
BOINC (HKLM\...\{8BE0340D-F2C8-45AE-B136-117169FEF98B}) (Version: 7.10.2 - Space Sciences Laboratory, U.C. Berkeley)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: 4.1.6 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: 1.1.20.13 - Canon Inc.)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: 5.1.0 - Canon Inc.)
Canon MG5700 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5700_series) (Version: 1.00 - Canon Inc.)
Canon MG5700 series On-screen Manual (HKLM\...\Canon MG5700 series On-screen Manual) (Version: 7.8.0 - Canon Inc.)
Canon MG5700 series User Registration (HKLM\...\Canon MG5700 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 3.3.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 3.2.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.6.1 - Canon Inc.)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Emulator Starter (HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\32bce9526e87661e) (Version: 1.0.0.141 - Free Game Empire)
ESET Security (HKLM\...\{E567E054-DD31-4608-ACB3-A89658672639}) (Version: 11.1.54.0 - ESET, spol. s r.o.)
FBReader for Windows (HKLM\...\FBReader for Windows) (Version:  - )
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
FOREXTraderPro (HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\1df0cdb088182ccc) (Version: 3.2.0.27 - FOREXTraderPro)
Free MP3 Cutter 2.1 (HKLM\...\{847E0734-4457-4B48-BF49-998D1CF2CFA1}_is1) (Version: 2.1 - PolySoft Solutions)
FXCM Trading Station (HKLM\...\{494367EC-82A9-4C0D-A788-74A967998E8C}) (Version: 111313 - FXCM) Hidden
FXCM Trading Station (HKLM\...\FXCM Trading Station) (Version: 111313 - )
GoGear VIBE Device Manager (HKLM\...\{CC8E0363-B20C-4792-8A1C-8DF5E01B68A6}) (Version: 01.06 - Philips)
Google Chrome (HKLM\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{D1D4D7EA-62B8-4665-9FF7-02A91B925CC9}) (Version: 1.0.18.74 - Google)
HostsMan 4.5.102 (HKLM\...\{1A3DD1A9-7B7B-4ECA-AD2F-98466F49F62C}_is1) (Version: 4.5.102.0 - abelhadigital.com)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{4BEA72D4-63AB-4720-8E6B-95986802CD41}) (Version: 12.7.4.80 - Apple Inc.)
Java 8 Update 171 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
JOSM 13053 (HKLM\...\JOSM) (Version: 13053 - OpenStreetMap JOSM team)
KeePass Password Safe 1.35 (HKLM\...\KeePass Password Safe_is1) (Version: 1.35 - Dominik Reichl)
Kodi (HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\Kodi) (Version:  - XBMC-Foundation)
Learn To Speak Spanish 8.1 (HKLM\...\Learn To Speak Spanish 8.1) (Version:  - )
LG United Mobile Drivers (HKLM\...\{F193D8D7-3D5E-4DB5-A74C-F8CD5378EE7B}) (Version: 3.12.3.0 - LG Electronics)
Macrium Reflect Free Edition (HKLM\...\{5E2785E5-B964-4771-B037-642F9B5F4304}) (Version: 7.1.3196 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.1 - Paramount Software (UK) Ltd.)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Media Converter for Philips (HKLM\...\{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}) (Version: 2.5.2.231 - ArcSoft)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla A Team - mozregression-gui - regression range finder for Mozilla nightly and inbound builds (HKLM\...\Mozilla A Team mozregression-gui) (Version:  - "Mozilla A Team")
Mozilla Firefox 60.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 60.0.2 (x86 en-US)) (Version: 60.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0.0.6742 - Mozilla)
Mozilla Thunderbird 52.8.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 52.8.0 (x86 en-US)) (Version: 52.8.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nightly 62.0a1 (x86 en-US) (HKLM\...\Nightly 62.0a1 (x86 en-US)) (Version: 62.0a1 - Mozilla)
Node.js (HKLM\...\{C6249A36-0049-4492-9E4E-1DDD819ED0EA}) (Version: 0.10.32 - Joyent, Inc. and other Node contributors)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 309.08 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
OpenOffice 4.1.5 (HKLM\...\{ABCAD346-4F4B-49E9-9AA1-28EF8C26059D}) (Version: 4.15.9789 - Apache Software Foundation)
Oracle VM VirtualBox 5.0.10 (HKLM\...\{5EF918B8-5E04-4DB2-98CE-A0EAD834CD99}) (Version: 5.0.10 - Oracle Corporation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
SSA Benefit Calculator (HKLM\...\{340D61BB-350A-40F4-8CFD-4F860E12066E}) (Version: 1.17.0001 - Social Security Administration)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1146 - SUPERAntiSpyware.com)
thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
Visual MP3 Splitter & Joiner 9.1 (HKLM\...\Visual MP3 Splitter & Joiner_is1) (Version:  - ManiacTools.com)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Yahoo Search Set (HKLM\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001_Classes\CLSID\{79b4acff-94d2-58c5-baf6-23df99c7fcba}\InprocServer32 -> C:\Program Files\thinkorswim\npthinkorswim.dll (TD Ameritrade)
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001_Classes\CLSID\{cacd3178-4c86-52cb-87bf-eb0ef10e6e26}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll => No File
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001_Classes\CLSID\{dcc9a6f3-492c-5f51-a65d-3dd92b26c165}\InprocServer32 -> C:\Program Files\thinkorswim\nptossc.dll (TD Ameritrade)
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{79b4acff-94d2-58c5-baf6-23df99c7fcba}\InprocServer32 -> C:\Program Files\thinkorswim\npthinkorswim.dll (TD Ameritrade)
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{cacd3178-4c86-52cb-87bf-eb0ef10e6e26}\InprocServer32 -> C:\Users\Bill\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll (Jet Propulsion Laboratory)
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{dcc9a6f3-492c-5f51-a65d-3dd92b26c165}\InprocServer32 -> C:\Program Files\thinkorswim\nptossc.dll (TD Ameritrade)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-04-19] (ESET)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-04-19] (ESET)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-01-30] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-04-19] (ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01D6D764-20BD-451A-A9CC-6F998ABBB013} - System32\Tasks\{7885DD0E-5774-4C45-830E-4C1C0A82095D} => C:\Windows\system32\pcalua.exe -a "D:\Program Files\Candleworks\FXTS2\uninstall.exe" -d "D:\Program Files\Candleworks\FXTS2"
Task: {1A170C42-1087-4C4C-A830-5C98D1FC34CA} - System32\Tasks\{195763AC-E88D-438C-AC41-D8E4019922F5} => C:\Windows\system32\pcalua.exe -a "D:\Program Files\Candleworks\FXTS2\PackageInstaller.exe" -d "D:\Program Files\Candleworks\FXTS2"
Task: {3C845A57-6CB0-4070-BA5B-58AC308643F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {3D7B50E8-B041-4D75-99A1-89C467D2336C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {581A306E-8CAF-4778-A5BB-BA743F7C8234} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {669958E6-9BD7-4BA3-930B-44064394C2D3} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {670B73DA-7476-43CA-8AC7-96AF7DBFD24F} - System32\Tasks\{8C91B3E4-ACDF-4D96-A31E-90640E226FAA} => "d:\my documents\firefox\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?page=tsMain
Task: {76E90059-73A8-43C7-9F25-611FFD0336C1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {8E6482E0-C5AC-4827-852C-D0416771016E} - System32\Tasks\Process Explorer-User-PC-Bill => C:\USERS\BILL\DESKTOP\PROCEXP.EXE [2014-10-24] (Sysinternals - www.sysinternals.com)
Task: {A7EF5846-548E-4247-9D52-FAAE5D057CB3} - System32\Tasks\{B270F1A5-6A6E-4541-B6AA-B7CD8ACC1C16} => C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe [2018-06-05] (Malwarebytes)
Task: {B92833B5-DE72-4858-841F-E54D8921AF60} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {CC697D85-1CDF-4C41-BA11-04EDCEC52432} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-09] (Adobe Systems Incorporated)
Task: {D08F5256-1FAF-46D1-96EE-6C8133B07451} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_113_Plugin.exe [2018-06-09] (Adobe Systems Incorporated)
Task: {EE8D1B4E-1847-459B-90EA-F0C3CA141366} - System32\Tasks\{2AC29BEB-AD66-4753-A31F-4FFB1F4B78FE} => D:\OLD HARD DRIVE\Program Files\iTunes\iTunes.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Bill\Desktop\run_guiguts.bat - Shortcut.lnk -> D:\OLD HARD DRIVE\DP\guiguts-win-1.0.24\run_guiguts.bat ()

ShortcutWithArgument: C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js command prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files\nodejs\nodevars.bat"

==================== Loaded Modules (Whitelisted) ==============

2014-05-13 08:37 - 2015-01-30 20:48 - 000078480 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2018-03-16 15:20 - 2018-03-16 15:20 - 001042232 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-03-16 15:20 - 2018-03-16 15:20 - 000076088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-05-25 17:25 - 2018-05-25 17:27 - 000974696 _____ () C:\Program Files\AOMEI Backupper\UiLogic.dll
2018-05-25 17:25 - 2018-05-25 17:26 - 000266096 _____ () C:\Program Files\AOMEI Backupper\diskmgr.dll
2018-05-25 17:25 - 2018-05-25 17:25 - 000335720 _____ () C:\Program Files\AOMEI Backupper\Comn.dll
2018-05-25 17:25 - 2018-05-25 17:26 - 000089968 _____ () C:\Program Files\AOMEI Backupper\Ldm.dll
2018-05-25 17:25 - 2018-05-25 17:25 - 000073584 _____ () C:\Program Files\AOMEI Backupper\Device.dll
2018-05-25 17:25 - 2018-05-25 17:24 - 000298856 _____ () C:\Program Files\AOMEI Backupper\BrFat.dll
2018-05-25 17:25 - 2018-05-25 17:24 - 000978792 _____ () C:\Program Files\AOMEI Backupper\BrNtfs.dll
2018-05-25 17:25 - 2018-05-25 17:26 - 000139112 _____ () C:\Program Files\AOMEI Backupper\FuncLogic.dll
2018-05-25 17:25 - 2018-05-25 17:25 - 000339816 _____ () C:\Program Files\AOMEI Backupper\Clone.dll
2018-05-25 17:25 - 2018-05-25 17:26 - 000360304 _____ () C:\Program Files\AOMEI Backupper\ImgFile.dll
2018-05-25 17:25 - 2018-05-25 17:26 - 000040808 _____ () C:\Program Files\AOMEI Backupper\Encrypt.dll
2018-05-25 17:25 - 2018-05-25 17:25 - 000081776 _____ () C:\Program Files\AOMEI Backupper\Compress.dll
2018-05-25 17:25 - 2018-05-25 17:25 - 000114536 _____ () C:\Program Files\AOMEI Backupper\BrVol.dll
2018-05-25 17:25 - 2018-05-25 17:26 - 000266096 _____ () C:\Program Files\AOMEI Backupper\GptBcd.dll
2018-05-25 17:25 - 2018-05-25 17:26 - 000175984 _____ () C:\Program Files\AOMEI Backupper\FlBackup.dll
2018-05-25 17:25 - 2018-05-25 17:26 - 000499568 _____ () C:\Program Files\AOMEI Backupper\EnumFolder.dll
2018-05-25 17:25 - 2018-05-25 17:25 - 000188272 _____ () C:\Program Files\AOMEI Backupper\DeviceMgr.dll
2018-05-25 17:25 - 2018-05-25 17:24 - 000126832 _____ () C:\Program Files\AOMEI Backupper\Backup.dll
2018-05-25 17:25 - 2018-05-25 17:27 - 000724840 _____ () C:\Program Files\AOMEI Backupper\Sync.dll
2018-05-25 17:25 - 2018-05-25 17:24 - 000114536 _____ () C:\Program Files\AOMEI Backupper\BrLog.dll
2018-05-25 17:25 - 2015-05-21 14:32 - 002403504 _____ () C:\Program Files\AOMEI Backupper\QtCore4.dll
2016-06-10 15:25 - 2016-02-05 09:53 - 000387144 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2018-06-02 15:47 - 2018-06-05 02:33 - 001930960 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-08 08:07 - 2018-04-08 08:07 - 001042232 _____ () C:\Program Files\iTunes\libxml2.dll
2018-04-08 08:08 - 2018-04-08 08:08 - 000076088 _____ () C:\Program Files\iTunes\zlib1.dll
2013-10-17 16:48 - 2013-10-17 16:48 - 000190976 _____ () D:\Program Files\BOINC\zlib1.dll
2018-04-08 08:05 - 2018-04-08 08:05 - 000189752 _____ () C:\Program Files\iTunes\libxslt.dll
2018-02-13 00:26 - 2018-02-13 00:29 - 048355328 _____ () D:\ProgramData\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_3.78_windows_intelx86.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7879 more sites.

IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\123simsen.com -> www.123simsen.com

There are 7879 more sites.

IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\123simsen.com -> www.123simsen.com

There are 7879 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-04-16 12:06 - 2016-03-22 12:29 - 000450452 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15484 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: ekrn => 2
MSCONFIG\startupreg: egui => "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
MSCONFIG\startupreg: ZoneAlarm => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AEB43404-0826-4510-9A4E-D0CFE8B19568}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{8489109D-937C-40A7-B434-951338F7BC36}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{E49C742A-EACE-4D9A-BC41-1977E3FAF3FF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{F91F8C79-A7E6-40F4-BA03-6AD8D15B4A5B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CAD217DB-2040-44BA-A457-BDC36CCFFD54}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D5BEB976-7E5E-4EFA-AB05-899A2AD4DF3F}] => (Allow) D:\My Documents\Firefox\Mozilla Firefox\firefox.exe
FirewallRules: [{32028FDA-2124-44F4-872E-8046875A3526}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7B11CA1B-6D6B-495A-AD84-A3563B3AF471}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CB4EF68D-A6B8-4E23-9DEA-65DB62DB088B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{20375D5B-D894-4C81-B356-421B111FC0CB}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{BD04B4C4-44FA-4617-A9BA-6A68E3AB7FBA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8BAC6521-A14F-4C25-9EEB-941A2DD4142B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2E68D5ED-C3AB-477C-8ADB-02A3D30EF3DE}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{17EEDD81-2FD8-42A6-97FA-8F995C147926}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{F82ED1E5-99EC-48B4-B90A-1896F1C06F7C}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{F63B029F-216E-46A2-ADC8-1FA9E485DC1E}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{EDF35391-C43A-45FA-9E0A-87C03A06EFF6}] => (Allow) C:\Program Files\Nightly\firefox.exe
FirewallRules: [{5E99B1EA-CE2C-43CA-ADD1-259F5D010300}] => (Allow) C:\Program Files\Nightly\firefox.exe
FirewallRules: [TCP Query User{70D3FA97-9415-4B8D-BA34-0AC46E7F15C0}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe
FirewallRules: [UDP Query User{FCFB0689-7F8D-4933-97E8-F7DE551DC2E2}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe

==================== Restore Points =========================

13-06-2018 11:50:40 Windows Update
15-06-2018 11:13:38 Windows Update
17-06-2018 19:01:20 Windows Backup
18-06-2018 13:52:37 Removed Microsoft Visual C++ 2005 Redistributable
18-06-2018 14:35:19 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/18/2018 02:35:40 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Microsoft Antimalware Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (06/18/2018 01:53:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Microsoft Antimalware Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (06/17/2018 09:50:43 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: "D:\Pictures\Picasa3\PicasaPhotoViewer.exe" Data error (cyclic redundancy check). (0x80070017).

Error: (06/17/2018 09:42:27 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: "D:\Pictures\Picasa3\Picasa3i18n.dll" Data error (cyclic redundancy check). (0x80070017).

Error: (06/16/2018 07:17:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 60.0.1.6710 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 15d4

Start Time: 01d405c7e6956828

Termination Time: 16

Application Path: C:\Program Files\Mozilla Firefox\firefox.exe

Report Id: 65302449-71bb-11e8-a078-001d923b8f1d

Error: (06/16/2018 06:01:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 62.0.0.6741 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1248

Start Time: 01d4057dca0c8118

Termination Time: 530

Application Path: C:\Program Files\Nightly\firefox.exe

Report Id: c60106f9-71b0-11e8-a20b-001d923b8f1d

Error: (06/16/2018 09:44:38 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: User-PC)
Description: Application or service 'ZoneAlarm' could not be shut down.

Error: (06/13/2018 11:04:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Kodi.exe, version: 17.6.0.0, time stamp: 0x5a2d50f5
Faulting module name: ucrtbase.DLL, version: 10.0.10586.1412, time stamp: 0x5a64613e
Exception code: 0x40000015
Fault offset: 0x0008480a
Faulting process id: 0x1c30
Faulting application start time: 0x01d403800883f958
Faulting application path: C:\Program Files\Kodi\Kodi.exe
Faulting module path: C:\Windows\system32\ucrtbase.DLL
Report Id: a75d79f8-6f7f-11e8-b039-001d923b8f1d


System errors:
=============
Error: (06/18/2018 10:50:31 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.

Error: (06/18/2018 04:04:59 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (06/18/2018 04:04:56 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (06/18/2018 04:04:53 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (06/18/2018 04:04:50 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (06/18/2018 04:04:47 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (06/18/2018 04:04:43 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (06/18/2018 04:04:40 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


Windows Defender:
===================================
Date: 2016-10-25 02:31:02.344
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{E02F107A-A9E7-4D0F-8405-8970E827D07C}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2016-10-24 02:40:32.550
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{46A85C4F-F4A3-473A-9A85-C783BC8D4674}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2016-10-23 23:49:45.936
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{6CB5E68C-1BC4-49B6-B0FC-459F1BD1408D}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2016-10-23 23:27:53.676
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{D47A48F7-5331-48FE-A70E-7632C0240543}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2016-08-07 22:30:39.876
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{6E9D46DA-F714-491D-957B-B94F671ED1F6}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2018-01-06 11:39:22.385
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

Date: 2018-01-06 11:39:22.151
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:1.251.468.0
Previous Signature Version:
Update Source:Signature Update Folder
Signature Type:AntiSpyware
Update Type:Full
Current Engine Version:1.1.13804.0
Previous Engine Version:
Error code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2018-01-06 11:39:22.151
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.13804.0
Previous Engine Version:
Update Source:Signature Update Folder
Error Code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2018-01-06 10:44:56.470
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

Date: 2018-01-06 10:44:56.299
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:1.251.468.0
Previous Signature Version:
Update Source:Signature Update Folder
Signature Type:AntiSpyware
Update Type:Full
Current Engine Version:1.1.13804.0
Previous Engine Version:
Error code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

==================== Memory info ===========================

Processor: AMD Athlon™ 64 X2 Dual Core Processor 3800+
Percentage of memory in use: 94%
Total physical RAM: 3007.43 MB
Available physical RAM: 164.44 MB
Total Virtual: 6013.21 MB
Available Virtual: 1624.35 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:250.86 GB) (Free:131.32 GB) NTFS
Drive d: (DATA) (Fixed) (Total:214.8 GB) (Free:45.85 GB) NTFS
Drive f: (DATA DRIVE  (Remember to BACKUP)) (Fixed) (Total:396.22 GB) (Free:44.91 GB) NTFS

\\?\Volume{fc352f24-fe8f-11d5-a60e-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 6B4876E1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=250.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=214.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 61D26694)
Partition 1: (Not Active) - (Size=396.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#6 aabill

aabill
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeast Michigan
  • Local time:03:31 AM

Posted 18 June 2018 - 08:23 PM

As soon as I reset my pc this afternoon, Eset stopped working again.

 

I turned on Windows Defender.

 

I will go back and reinstall Microsoft SE.



#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:31 AM

Posted 18 June 2018 - 09:34 PM

  • Highlight the entire content of the quote box below.

Start::  
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001_Classes\CLSID\{cacd3178-4c86-52cb-87bf-eb0ef10e6e26}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll => No File
2016-02-27 20:16 - 2016-02-27 20:16 - 000000000 ____H () C:\Users\Bill\AppData\Local\BITB7D9.tmp
2016-04-29 09:45 - 2016-04-29 09:51 - 000000000 _____ () C:\Users\Bill\AppData\Local\{9A81729D-FD6F-4398-B9EF-A67153513C44}
2016-02-27 20:16 - 2016-02-27 20:16 - 000000000 ____H () C:\Users\Bill\AppData\Local\BITB7D9.tmp
Eset is working fine now. I have not reinstalled Zone Alarm. Thank you very much.
HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
MSCONFIG\startupreg: ZoneAlarm => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
FirewallRules: [{2E68D5ED-C3AB-477C-8ADB-02A3D30EF3DE}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{17EEDD81-2FD8-42A6-97FA-8F995C147926}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{F82ED1E5-99EC-48B4-B90A-1896F1C06F7C}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{F63B029F-216E-46A2-ADC8-1FA9E485DC1E}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
HKLM\...\Run: [SDTray] => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\Run: [SpybotPostWindows10UpgradeReInstall] => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\Run: [Spybot-S&D Cleaning] => "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
IFEO\taskmgr.exe: [Debugger] "C:\USERS\BILL\DESKTOP\PROCEXP.EXE"
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
 
 
 
RQKuhw1.pngRogueKiller

  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply

zcMPezJ.pngAdwCleaner - Fix Mode

  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
  • Your next reply(ies) should therefore contain:
    • Copy/pasted RogueKiller clean log
    • Copy/pasted AdwCleaner clean log
    • Fixlog.txt

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 aabill

aabill
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeast Michigan
  • Local time:03:31 AM

Posted 20 June 2018 - 10:25 AM

I think these are the right files. RogueKiller took four hours or more when I ran it last night. Here are the files I could find this morning.

 

 

RogueKiller V12.12.23.0 [Jun 18 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Bill [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Delete -- Date : 06/19/2018 19:51:39 (Duration : 04:18:23)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet -> Deleted
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2418160549-1670195301-1622969964-1002\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Replaced (http://search.msn.com/spbasic.htm)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 2 ¤¤¤
[PUP.Gen1][Folder] C:\Users\Bill\AppData\Local\YSearchUtil -> Deleted
[PUP.Gen1][Folder] C:\Users\Bill\AppData\Local\YSearchUtil\CrashLogs -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Yahoo!\yset -> Deleted
[PUP.Gen1][File] C:\Program Files\Yahoo!\yset\{A315A5A9-CB42-9F45-A870-F5E5BA3F90C7}\unset.exe -> Deleted
[PUP.Gen1][File] C:\Program Files\Yahoo!\yset\{A315A5A9-CB42-9F45-A870-F5E5BA3F90C7}\YSearchSetTool.exe -> Deleted
[PUP.Gen1][File] C:\Program Files\Yahoo!\yset\{A315A5A9-CB42-9F45-A870-F5E5BA3F90C7}\YSearchUtil.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Yahoo!\yset\{A315A5A9-CB42-9F45-A870-F5E5BA3F90C7}\YSearchUtilSVC.exe -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Yahoo!\yset\{A315A5A9-CB42-9F45-A870-F5E5BA3F90C7} -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS 725050A7E630 SCSI Disk Device +++++
--- User ---
[MBR] 1e20e43fef3ab03e3658e2280ba6e93a
[BSP] fb550efd7b027bbba7c1e352e54e3cba : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 256884 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 526305280 | Size: 219953 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1: WDC WD50 00BEVT-00A0RT0 USB Device +++++
--- User ---
[MBR] 0ac8219ba28cff3bd9b45b929637f7e2
[BSP] 0a3069e770d45c4b0c9e5ad7a57182c4 : Lenovo MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 145833984 | Size: 405730 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

 

# -------------------------------
# Malwarebytes AdwCleaner 7.2.0.0
# -------------------------------
# Build:    06-05-2018
# Database: 2018-06-19.4
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    06-20-2018
# Duration: 00:00:44
# OS:       Windows 7 Ultimate
# Cleaned:  6
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\_acestream_cache_
Deleted       C:\Users\Bill\AppData\Roaming\.acestream
Deleted       C:\Windows\System32\config\systemprofile\AppData\Local\YSearchUtil

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION|AndroidServer.exe

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted       Ask
Deleted       AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1584 octets] - [20/06/2018 02:09:45]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

 

# -------------------------------
# Malwarebytes AdwCleaner 7.2.0.0
# -------------------------------
# Build:    06-05-2018
# Database: 2018-06-19.4
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    06-20-2018
# Duration: 00:02:32
# OS:       Windows 7 Ultimate
# Scanned:  41244
# Detected: 6


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy             C:\_acestream_cache_
PUP.Optional.Legacy             C:\Users\Bill\AppData\Roaming\.acestream
PUP.Optional.Legacy             C:\Windows\System32\config\systemprofile\AppData\Local\YSearchUtil

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy             HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION|AndroidServer.exe

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.Legacy             Ask
PUP.Optional.Legacy             AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 19.06.2018
Ran by Bill (19-06-2018 17:51:40) Run:2
Running from C:\Users\Bill\Downloads
Loaded Profiles: UpdatusUser & Bill (Available Profiles: UpdatusUser & Bill)
Boot Mode: Normal

==============================================

fixlist content:
*****************
 
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001_Classes\CLSID\{cacd3178-4c86-52cb-87bf-eb0ef10e6e26}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll => No File
2016-02-27 20:16 - 2016-02-27 20:16 - 000000000 ____H () C:\Users\Bill\AppData\Local\BITB7D9.tmp
2016-04-29 09:45 - 2016-04-29 09:51 - 000000000 _____ () C:\Users\Bill\AppData\Local\{9A81729D-FD6F-4398-B9EF-A67153513C44}
2016-02-27 20:16 - 2016-02-27 20:16 - 000000000 ____H () C:\Users\Bill\AppData\Local\BITB7D9.tmp
Eset is working fine now. I have not reinstalled Zone Alarm. Thank you very much.
HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
MSCONFIG\startupreg: ZoneAlarm => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
FirewallRules: [{2E68D5ED-C3AB-477C-8ADB-02A3D30EF3DE}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{17EEDD81-2FD8-42A6-97FA-8F995C147926}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{F82ED1E5-99EC-48B4-B90A-1896F1C06F7C}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{F63B029F-216E-46A2-ADC8-1FA9E485DC1E}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
HKLM\...\Run: [SDTray] => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\Run: [SpybotPostWindows10UpgradeReInstall] => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\Run: [Spybot-S&D Cleaning] => "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
IFEO\taskmgr.exe: [Debugger] "C:\USERS\BILL\DESKTOP\PROCEXP.EXE"
EMPTYTEMP:
Reboot:

*****************

"HKU\S-1-5-21-2418160549-1670195301-1622969964-1001_Classes\CLSID\{cacd3178-4c86-52cb-87bf-eb0ef10e6e26}" => removed successfully.
C:\Users\Bill\AppData\Local\BITB7D9.tmp => moved successfully
C:\Users\Bill\AppData\Local\{9A81729D-FD6F-4398-B9EF-A67153513C44} => moved successfully
"C:\Users\Bill\AppData\Local\BITB7D9.tmp" => not found
Eset is working fine now. I have not reinstalled Zone Alarm. Thank you very much. => Error: No automatic fix found for this entry.
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ZoneAlarm Windows 10 Upgrader" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZoneAlarm" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2E68D5ED-C3AB-477C-8ADB-02A3D30EF3DE}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{17EEDD81-2FD8-42A6-97FA-8F995C147926}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F82ED1E5-99EC-48B4-B90A-1896F1C06F7C}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F63B029F-216E-46A2-ADC8-1FA9E485DC1E}" => removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SDTray" => removed successfully.
"HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotPostWindows10UpgradeReInstall" => removed successfully.
"HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Spybot-S&D Cleaning" => removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\taskmgr.exe" => removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5638562 B
Java, Flash, Steam htmlcache => 1737 B
Windows/system/drivers => 59910 B
Edge => 0 B
Chrome => 794919611 B
Firefox => 496000647 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33186 B
LocalService => 33058 B
NetworkService => 452164 B
UpdatusUser => 0 B
Bill => 2239085398 B

RecycleBin => 105241216 B
EmptyTemp: => 3.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:06:28 ====



#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:31 AM

Posted 20 June 2018 - 11:43 AM

One more scan.

favicon-32x32.png Please download Malwarebytes to your desktop.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • Once the program has fully updated, Proceed with the Scan options and select "Threat Scan".
  • The Scan Pane is the introduction to scan-related options in the program. When you click Scan in the Menu Pane, you will see the screen shown below.

02-malwarebytes-premium-scan-methods.jpg

  • After a scan has been executed, scan results are displayed.
  • Put a checkmark on all detected and click on "Quarantine Selected"
  • Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.

You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:31 AM

Posted 20 June 2018 - 11:52 AM

The event viewer shows a bad block in the hard drive. You should address that.

 

Enter the System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt

    Once in the Command Prompt:
     
  • Type in the following and press Enter.
    .

    bcdedit | find "osdevice"

  • Note the osdevice partition letter, then type.

    CHKDSK X: /R

  • Where X is the osdevice letter, and press Enter
  • The tool will start to run.

Upon finished, type exit and press Enter. Restart the computer

Let us know if that make a difference.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 aabill

aabill
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeast Michigan
  • Local time:03:31 AM

Posted 20 June 2018 - 02:43 PM

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/20/18
Scan Time: 1:14 PM
Log File: 6ea18b08-74ad-11e8-9b83-001d923b8f1d.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.374
Update Package Version: 1.0.5556
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: User-PC\Bill

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 297645
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 2 hr, 7 min, 0 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:31 AM

Posted 20 June 2018 - 03:51 PM

Were you able to run CHKDSK in the Recovery Environment?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 aabill

aabill
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeast Michigan
  • Local time:03:31 AM

Posted 21 June 2018 - 09:48 AM

Were you able to run CHKDSK in the Recovery Environment?

Yes, I ran it. It came up with F8 on startup and I ran Repair as in your instructions:
 

 

Enter the System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

Then I uninstalled Eset and reinstalled it. It ran a long initial scan and shut down.

 

Then when I started the pc this morning, Eset did not start up and I could not start it manually either.

 

It seems that whenever I uninstall and reinstall Eset antivirus, it works for that session only. Then if I reset or shutdown, it does not work when the pc boots up again.



#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:31 AM

Posted 21 June 2018 - 05:12 PM

I need you to run CHKDSK in the Recovery Environment.

 

Enter the System Recovery Environment by tapping on F8 at startup and selecting "Repair my computer":

  • On the System Recovery Options menu you will get the following options:
    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt
  • Select Command Prompt

    Once in the Command Prompt:
     
  • Type in the following and press Enter.
    .

    bcdedit | find "osdevice"

  • Note the osdevice partition letter, then type.

CHKDSK X: /R

  • Where X is the osdevice letter, and press Enter
  • The tool will start to run.

Upon finished, type exit and press Enter. Restart the computer

Let us know if that make a difference. Are there error in the hard drive?

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 aabill

aabill
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeast Michigan
  • Local time:03:31 AM

Posted 22 June 2018 - 11:11 PM

Done. Several hours.

 

256 bad clusters to bad clusters file.

Correcting errors in master file table bitmap attribute.

Correcting errors in volume bitmap.

Window has made corrections to file system.

 

1024 KB in bad sectors.

Failed to transfer logged messages to event log with status 50.

 

Then, after startup and Windows on, there was a popup that said   failed to connect to a Windows service.

This has happened twice recently, the last week or so. I don't remember seeing that, before this month.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users