Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot start Eset antivirus or Windows Defender


  • Please log in to reply
3 replies to this topic

#1 aabill

aabill

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeast Michigan
  • Local time:02:43 AM

Posted 13 June 2018 - 04:08 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06.06.2018 01
Ran by Bill (administrator) on USER-PC (13-06-2018 15:39:14)
Running from C:\Users\Bill\Downloads
Loaded Profiles: UpdatusUser & Bill (Available Profiles: UpdatusUser & Bill)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AOMEI Tech Co., Ltd.) C:\Program Files\AOMEI Backupper\ABService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ICM-Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Space Sciences Laboratory) D:\Program Files\BOINC\boinctray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Space Sciences Laboratory) D:\Program Files\BOINC\boincmgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Sysinternals - www.sysinternals.com) C:\Users\Bill\Desktop\procexp.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Space Sciences Laboratory) D:\Program Files\BOINC\boinc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Krzysztof Kowalczyk) D:\OLD HARD DRIVE\Program Files\SumatraPDF\SumatraPDF.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Mozilla Corporation) C:\Program Files\Nightly\firefox.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
(Mozilla Corporation) C:\Program Files\Nightly\firefox.exe
(Mozilla Corporation) C:\Program Files\Nightly\firefox.exe
(Mozilla Corporation) C:\Program Files\Nightly\firefox.exe
(Mozilla Corporation) C:\Program Files\Nightly\firefox.exe
(Dominik Reichl) C:\Program Files\KeePass Password Safe\KeePass.exe
(Mozilla Corporation) C:\Program Files\Nightly\firefox.exe
() D:\ProgramData\BOINC\projects\boinc.bakerlab.org_rosetta\rosetta_4.07_windows_intelx86.exe
() D:\ProgramData\BOINC\projects\boinc.bakerlab.org_rosetta\rosetta_4.07_windows_intelx86.exe
(Mozilla Corporation) C:\Program Files\Nightly\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TkBellExe] => "D:\OLD HARD DRIVE\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
HKLM\...\Run: [SDTray] => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1298456 2015-04-20] (CANON INC.)
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [144696 2017-02-14] (Check Point Software Technologies Ltd.)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207360 2010-03-18] (ArcSoft Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [262456 2018-04-08] (Apple Inc.)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [2772128 2017-10-01] (Paramount Software UK Ltd)
HKLM\...\Run: [boinctray] => D:\Program Files\BOINC\boinctray.exe [63776 2018-05-03] (Space Sciences Laboratory)
HKLM\...\Run: [boincmgr] => D:\Program Files\BOINC\boincmgr.exe [7212832 2018-05-03] (Space Sciences Laboratory)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [170128 2018-04-19] (ESET)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation)
HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7765936 2018-03-24] (SUPERAntiSpyware)
HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\Run: [Spybot-S&D Cleaning] => "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\MountPoints2: {3bb06430-8f99-11e5-9817-001d923b8f1d} - G:\LG_PC_Programs.exe
HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\boinc.scr [1090848 2018-05-03] (Space Sciences Laboratory)
HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
IFEO\taskmgr.exe: [Debugger] "C:\USERS\BILL\DESKTOP\PROCEXP.EXE"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Philips GoGear VIBE Device Manager.lnk [2017-03-13]
ShortcutTarget: Philips GoGear VIBE Device Manager.lnk -> C:\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe (Philips)
Startup: C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\procexp.exe - Shortcut.lnk [2016-05-22]
ShortcutTarget: procexp.exe - Shortcut.lnk -> C:\Users\Bill\Desktop\procexp.exe (Sysinternals - www.sysinternals.com)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{045109CF-63E5-4646-9997-E79FA33A08E4}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002 -> {D1A2BC1B-1742-45C1-B91A-102AA5933F89} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: IEPlugin Class -> {11222041-111B-46E3-BD29-EFB2449479B1} -> C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll [2008-12-24] (ArcSoft, Inc.)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-04-18] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-18] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
IE Session Restore: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002 -> is enabled.

FireFox:
========
FF DefaultProfile: vb007v2r.default
FF ProfilePath: C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\vb007v2r.default [2018-06-13]
FF Homepage: Mozilla\Firefox\Profiles\vb007v2r.default -> hxxps://att.yahoo.com/
FF Session Restore: Mozilla\Firefox\Profiles\vb007v2r.default -> is enabled.
FF Extension: (MinimaList — To-Do List) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\vb007v2r.default\Extensions\addon@minimalist.com.xpi [2017-11-17]
FF Extension: (DNS Over HTTPS) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\vb007v2r.default\Extensions\httpdns@shield.mozilla.org.xpi [2018-06-04]
FF Extension: (NoScript) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\vb007v2r.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-05-30]
FF Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\vb007v2r.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2018-06-05]
FF Extension: (ReminderFox) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\vb007v2r.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}.xpi [2017-06-27] [Legacy]
FF ProfilePath: C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\njl9f3o4.Nightly [2018-01-26]
FF HKLM\...\Firefox\Extensions: [{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}] - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox
FF Extension: (Internet Video Downloader) - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2017-03-16] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_30_0_0_113.dll [2018-06-09] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2013-12-18] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-18] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\ATT\8.4.1.12\ma\bin\npMotive.dll [2014-08-27] (Alcatel-Lucent)
FF Plugin: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2418160549-1670195301-1622969964-1002: jpl.nasa.gov/NASAEyes -> C:\Users\Bill\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2018-05-02] (Jet Propulsion Laboratory)
FF Plugin HKU\S-1-5-21-2418160549-1670195301-1622969964-1002: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2017-02-24] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-2418160549-1670195301-1622969964-1002: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2017-02-24] (TD Ameritrade)
StartMenuInternet: Firefox-A3710B8EBB50CD3 - C:\Program Files\Nightly\firefox.exe

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default [2018-06-13]
CHR Extension: (Docs) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-15]
CHR Extension: (IBM Security Rapport) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2018-03-17]
CHR Extension: (YouTube) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-15]
CHR Extension: (Google Search) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-26]
CHR Extension: (Yahoo Partner) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dofoafnmdocgkdphpkdooahjkhpmakjd [2018-05-05]
CHR Extension: (Share link via email) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdbkikfbnnhmachnnomjfgjbgkcnjkb [2018-05-05]
CHR Extension: (Google Docs Offline) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Chromebook Recovery Utility) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndclpdbaamdhonoechobihbbiimdgai [2017-09-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
CHR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2018-06-05]
CHR Extension: (Launch Readlang Web Reader) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\odpdkefpnfejbfnmdilmfhephfffmfoh [2017-05-17]
CHR Extension: (Gmail) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-26]
CHR Extension: (Chrome Media Router) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-09]
CHR Profile: C:\Users\Bill\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-04]
CHR HKLM\...\Chrome\Extension: [dofoafnmdocgkdphpkdooahjkhpmakjd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-02-08] (SUPERAntiSpyware.com)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Backupper Service; C:\Program Files\AOMEI Backupper\ABService.exe [122728 2018-05-25] (AOMEI Tech Co., Ltd.)
S2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [1748896 2018-04-19] (ESET)
S3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [1748896 2018-04-19] (ESET)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [387144 2016-02-05] ()
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3298792 2017-11-09] (Paramount Software UK Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation)
R2 pcCMService; C:\Program Files\Common Files\Motive\pcCMService.exe [369152 2013-10-22] (Alcatel-Lucent) [File not signed]
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [4076744 2017-02-14] (Check Point Software Technologies Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2016-11-01] (Check Point Software Technologies, Ltd.)
R2 ZoneAlarm ICM Service; C:\Program Files\CheckPoint\ZoneAlarm\ICM-Service.exe [1037624 2017-02-14] (Check Point Software Technologies Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [46896 2016-12-21] ()
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [150192 2016-12-21] ()
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [34864 2017-09-01] ()
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2014-05-27] (Google Inc)
S3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus.sys [15744 2014-05-27] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [24064 2014-07-07] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [28672 2014-07-07] (LG Electronics Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [120728 2018-04-12] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150784 2018-04-12] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [93688 2018-04-12] (ESET)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [220896 2018-06-13] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [98704 2015-11-10] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [163576 2015-11-10] (Oracle Corporation)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [365496 2017-03-15] (Check Point Software Technologies Ltd.)
S3 ESETCleanersDriver; \??\C:\Windows\system32\Drivers\ESETCleanersDriver.sys [X]
U3 iswSvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-13 15:39 - 2018-06-13 15:51 - 000021561 _____ C:\Users\Bill\Downloads\FRST.txt
2018-06-13 15:34 - 2018-06-13 15:34 - 001773568 _____ (Farbar) C:\Users\Bill\Downloads\FRST.exe
2018-06-13 15:19 - 2018-06-13 15:20 - 000939272 _____ C:\Users\Bill\Downloads\Statement_05_22_2018.pdf
2018-06-13 13:01 - 2018-06-13 15:47 - 000000022 ____H C:\Users\Bill\Documents\Database.kdb.lock
2018-06-09 18:06 - 2018-06-09 18:06 - 000001945 _____ C:\Windows\epplauncher.mif
2018-06-09 17:55 - 2018-06-09 17:55 - 000002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2018-06-09 17:54 - 2018-06-09 17:55 - 000000000 ____D C:\Program Files\Microsoft Security Client
2018-06-09 17:49 - 2018-06-09 17:49 - 012231000 _____ (Microsoft Corporation) C:\Users\Bill\Downloads\mseinstall.exe
2018-06-09 02:01 - 2018-06-09 02:02 - 006981240 _____ (ESET spol. s r.o.) C:\Users\Bill\Downloads\esetonlinescanner_enu (2).exe
2018-06-09 02:01 - 2018-06-09 02:02 - 006981240 _____ (ESET spol. s r.o.) C:\Users\Bill\Downloads\esetonlinescanner_enu (1).exe
2018-06-09 01:21 - 2018-06-09 01:21 - 006981240 _____ (ESET spol. s r.o.) C:\Users\Bill\Downloads\esetonlinescanner_enu(1).exe
2018-06-08 20:23 - 2018-06-08 20:24 - 006981240 _____ (ESET spol. s r.o.) C:\Users\Bill\Downloads\esetonlinescanner_enu.exe
2018-06-08 19:52 - 2018-06-08 19:52 - 004279416 _____ (ESET) C:\Users\Bill\Downloads\eset_nod32_antivirus_live_installer(4).exe
2018-06-08 16:12 - 2018-06-09 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2018-06-08 16:12 - 2018-06-08 16:12 - 000000000 ____D C:\ProgramData\ESET
2018-06-08 16:12 - 2018-06-08 16:12 - 000000000 ____D C:\Program Files\ESET
2018-06-08 16:05 - 2018-06-08 16:05 - 004279416 _____ (ESET) C:\Users\Bill\Downloads\eset_nod32_antivirus_live_installer(3).exe
2018-06-08 15:19 - 2018-06-08 15:19 - 001090168 _____ (ESET) C:\Users\Bill\Downloads\esetuninstaller(1).exe
2018-06-05 02:34 - 2018-06-13 11:27 - 000220896 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-06-02 15:59 - 2018-06-09 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BOINC
2018-06-02 15:54 - 2018-06-02 15:54 - 008636304 _____ (Space Sciences Laboratory, U.C. Berkeley) C:\Users\Bill\Downloads\boinc_7.10.2_windows_intelx86.exe
2018-06-02 15:48 - 2018-06-02 15:48 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-06-02 15:47 - 2018-06-05 02:33 - 000128736 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-06-02 15:47 - 2018-06-02 15:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-02 15:47 - 2018-06-02 15:47 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-05-29 10:41 - 2018-05-28 16:26 - 003885323 _____ C:\Users\Bill\Documents\weather_weekly-05-22-2018 - Copy.pdf
2018-05-28 15:35 - 2018-05-28 16:26 - 007050056 _____ C:\Users\Bill\Documents\weather_weekly-05-15-2018.pdf
2018-05-28 15:35 - 2018-05-28 16:26 - 003885323 _____ C:\Users\Bill\Documents\weather_weekly-05-22-2018.pdf
2018-05-28 11:54 - 2018-05-28 12:00 - 282486851 _____ C:\Users\Bill\Documents\Firefox 60.0.1 (x86 en-US) - 2018-05-28.pcv
2018-05-25 17:28 - 2018-05-25 17:28 - 000001024 ____H C:\SYSTAG.BIN
2018-05-25 17:28 - 2018-05-25 17:28 - 000000000 ____D C:\System Backup(1)
2018-05-25 17:26 - 2018-06-13 11:27 - 000000082 _____ C:\Windows\system32\winsevr.dat
2018-05-25 17:26 - 2018-05-25 21:51 - 000000000 ____D C:\ProgramData\AomeiBR
2018-05-25 17:26 - 2018-05-25 17:26 - 000001023 _____ C:\Users\Public\Desktop\AOMEI Backupper Standard.lnk
2018-05-25 17:25 - 2018-06-13 11:27 - 000000000 ____D C:\Program Files\AOMEI Backupper
2018-05-25 17:25 - 2018-05-25 17:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper
2018-05-25 17:25 - 2017-09-01 18:12 - 000034864 _____ C:\Windows\system32\amwrtdrv.sys
2018-05-25 17:25 - 2016-12-21 22:54 - 000046896 _____ C:\Windows\system32\ambakdrv.sys
2018-05-25 17:25 - 2016-12-21 22:53 - 000150192 _____ C:\Windows\system32\ammntdrv.sys
2018-05-25 17:19 - 2018-05-25 17:21 - 054336672 _____ (AOMEI Technology Co., Ltd. ) C:\Users\Bill\Downloads\Backupper.exe
2018-05-25 16:25 - 2018-05-25 16:25 - 000001950 _____ C:\Users\Public\Desktop\Macrium Reflect.lnk
2018-05-25 16:25 - 2018-05-25 16:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2018-05-25 16:25 - 2018-05-25 16:25 - 000000000 ____D C:\Program Files\Macrium
2018-05-25 16:13 - 2018-05-25 17:00 - 000000000 ____D C:\ProgramData\Macrium
2018-05-25 16:13 - 2018-05-25 16:19 - 000000000 ____D C:\Users\Bill\Downloads\Macrium
2018-05-25 16:12 - 2018-05-25 16:12 - 003758120 _____ (Paramount Software UK Ltd) C:\Users\Bill\Downloads\ReflectDLHF.exe
2018-05-25 11:08 - 2018-05-10 20:40 - 000741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-05-25 11:08 - 2018-05-10 20:40 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2018-05-25 11:08 - 2018-05-10 20:39 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2018-05-25 11:08 - 2018-04-06 12:38 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-05-21 12:19 - 2018-05-21 12:19 - 000001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-05-21 12:19 - 2018-05-21 12:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-05-21 12:13 - 2018-05-21 12:18 - 000000000 ____D C:\Program Files\iTunes
2018-05-15 16:16 - 2018-05-15 16:16 - 000000913 _____ C:\Users\Public\Desktop\Anki.lnk
2018-05-15 16:14 - 2018-05-15 16:15 - 029616771 _____ C:\Users\Bill\Downloads\anki-2.0.51.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-13 15:40 - 2016-11-16 14:57 - 000000000 ____D C:\Users\Bill\AppData\LocalLow\Mozilla
2018-06-13 15:39 - 2016-04-20 14:31 - 000000000 ____D C:\FRST
2018-06-13 15:28 - 2016-04-22 11:51 - 000000000 ____D C:\Users\Bill\AppData\Local\CrashDumps
2018-06-13 11:36 - 2009-07-14 00:34 - 000014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-13 11:36 - 2009-07-14 00:34 - 000014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-13 11:26 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-13 11:25 - 2017-11-22 14:59 - 000000000 ____D C:\Program Files\Nightly
2018-06-13 11:25 - 2014-05-13 20:02 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-06-12 21:55 - 2014-05-14 16:25 - 000000000 ____D C:\Users\Bill\AppData\Roaming\Kodi
2018-06-12 15:46 - 2016-05-03 12:17 - 000002170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-12 15:46 - 2016-05-03 12:17 - 000002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-12 11:10 - 2016-12-04 12:20 - 000000000 ____D C:\Users\Bill\Documents\Beigebook
2018-06-10 22:22 - 2014-12-21 09:35 - 000000000 ____D C:\Users\Bill\AppData\Roaming\Anki2
2018-06-09 16:03 - 2017-03-16 18:52 - 000000000 ____D C:\Users\Bill\AppData\Roaming\ArcSoft
2018-06-09 16:03 - 2015-08-09 15:10 - 000000000 ____D C:\Users\Bill\AppData\Roaming\KeePass
2018-06-09 16:03 - 2015-07-04 11:01 - 000000000 ____D C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NASA's Eyes
2018-06-09 16:03 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\registration
2018-06-09 16:03 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
2018-06-09 13:42 - 2014-09-24 17:12 - 000000000 ____D C:\Users\Bill\AppData\Local\Adobe
2018-06-09 13:39 - 2014-05-14 10:52 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-06-09 13:39 - 2014-05-14 10:52 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-06-09 13:39 - 2014-05-14 10:52 - 000000000 ____D C:\Windows\system32\Macromed
2018-06-08 21:43 - 2014-05-14 16:54 - 000000000 ____D C:\Users\Bill\AppData\Local\ESET
2018-06-08 15:57 - 2016-04-27 11:38 - 001030346 _____ C:\Windows\ntbtlog.txt
2018-06-07 22:38 - 2014-11-10 07:01 - 000000000 ____D C:\Users\Bill\Documents\BankofAmerica
2018-06-02 15:54 - 2014-05-16 08:55 - 000000000 ____D C:\Windows\Downloaded Installations
2018-06-02 15:39 - 2015-10-22 09:58 - 000015196 _____ C:\Users\Bill\Documents\Database.kdb
2018-05-25 19:01 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\rescache
2018-05-23 19:09 - 2014-05-14 15:24 - 000000000 ____D C:\Users\Bill\AppData\Local\ElevatedDiagnostics
2018-05-23 08:37 - 2017-02-08 22:11 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2018-05-22 11:35 - 2017-05-20 09:52 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-05-21 12:18 - 2017-09-14 22:04 - 000000000 ____D C:\Program Files\iPod
2018-05-16 23:45 - 2015-04-16 11:50 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-15 16:16 - 2014-12-21 01:18 - 000000925 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
2018-05-15 16:16 - 2014-12-21 01:18 - 000000000 ____D C:\Program Files\Anki

==================== Files in the root of some directories =======

2016-02-27 20:16 - 2016-02-27 20:16 - 000000000 ____H () C:\Users\Bill\AppData\Local\BITB7D9.tmp
2014-05-14 15:23 - 2014-05-14 15:23 - 000000017 _____ () C:\Users\Bill\AppData\Local\resmon.resmoncfg
2016-04-29 09:45 - 2016-04-29 09:51 - 000000000 _____ () C:\Users\Bill\AppData\Local\{9A81729D-FD6F-4398-B9EF-A67153513C44}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-07 02:50

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06.06.2018 01
Ran by Bill (13-06-2018 15:53:01)
Running from C:\Users\Bill\Downloads
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2002-01-01 08:29:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2418160549-1670195301-1622969964-500 - Administrator - Disabled)
Bill (S-1-5-21-2418160549-1670195301-1622969964-1002 - Administrator - Enabled) => C:\Users\Bill
Guest (S-1-5-21-2418160549-1670195301-1622969964-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-2418160549-1670195301-1622969964-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AV: ESET NOD32 Antivirus (Disabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus (Disabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.12 (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Anki (HKLM\...\Anki) (Version:  - )
AOMEI Backupper Standard (HKLM\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Apple Application Support (32-bit) (HKLM\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0C2DA7BB-67D2-4F9E-A80F-EC59037F9F9A}) (Version: 11.3.1.6 - Apple Inc.)
Apple Software Update (HKLM\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
AT&T Troubleshoot & Resolve (HKLM\...\ATT-AT&T Troubleshoot & Resolve) (Version: 8.4.1.12 - AT&T)
Audacity 2.1.1 (HKLM\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
AudibleManager (HKLM\...\AudibleManager) (Version: 2008178128.48.56.3875682 - Audible, Inc.)
BabasChess (HKLM\...\{93CF9FA6-2A5E-4F8E-923E-F7D8741CB312}) (Version: 3.9.12275 - RRaf)
BOINC (HKLM\...\{8BE0340D-F2C8-45AE-B136-117169FEF98B}) (Version: 7.10.2 - Space Sciences Laboratory, U.C. Berkeley)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: 4.1.6 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: 1.1.20.13 - Canon Inc.)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: 5.1.0 - Canon Inc.)
Canon MG5700 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5700_series) (Version: 1.00 - Canon Inc.)
Canon MG5700 series On-screen Manual (HKLM\...\Canon MG5700 series On-screen Manual) (Version: 7.8.0 - Canon Inc.)
Canon MG5700 series User Registration (HKLM\...\Canon MG5700 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 3.3.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 3.2.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.6.1 - Canon Inc.)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Emulator Starter (HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\32bce9526e87661e) (Version: 1.0.0.141 - Free Game Empire)
ESET Security (HKLM\...\{E567E054-DD31-4608-ACB3-A89658672639}) (Version: 11.1.54.0 - ESET, spol. s r.o.)
FBReader for Windows (HKLM\...\FBReader for Windows) (Version:  - )
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
FOREXTraderPro (HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\1df0cdb088182ccc) (Version: 3.2.0.27 - FOREXTraderPro)
Free MP3 Cutter 2.1 (HKLM\...\{847E0734-4457-4B48-BF49-998D1CF2CFA1}_is1) (Version: 2.1 - PolySoft Solutions)
FXCM Trading Station (HKLM\...\{494367EC-82A9-4C0D-A788-74A967998E8C}) (Version: 111313 - FXCM) Hidden
FXCM Trading Station (HKLM\...\FXCM Trading Station) (Version: 111313 - )
GoGear VIBE Device Manager (HKLM\...\{CC8E0363-B20C-4792-8A1C-8DF5E01B68A6}) (Version: 01.06 - Philips)
Google Chrome (HKLM\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{D1D4D7EA-62B8-4665-9FF7-02A91B925CC9}) (Version: 1.0.18.74 - Google)
HostsMan 4.5.102 (HKLM\...\{1A3DD1A9-7B7B-4ECA-AD2F-98466F49F62C}_is1) (Version: 4.5.102.0 - abelhadigital.com)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{4BEA72D4-63AB-4720-8E6B-95986802CD41}) (Version: 12.7.4.80 - Apple Inc.)
Java 8 Update 171 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
JOSM 13053 (HKLM\...\JOSM) (Version: 13053 - OpenStreetMap JOSM team)
KeePass Password Safe 1.35 (HKLM\...\KeePass Password Safe_is1) (Version: 1.35 - Dominik Reichl)
Kodi (HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\Kodi) (Version:  - XBMC-Foundation)
Learn To Speak Spanish 8.1 (HKLM\...\Learn To Speak Spanish 8.1) (Version:  - )
LG United Mobile Drivers (HKLM\...\{F193D8D7-3D5E-4DB5-A74C-F8CD5378EE7B}) (Version: 3.12.3.0 - LG Electronics)
Macrium Reflect Free Edition (HKLM\...\{5E2785E5-B964-4771-B037-642F9B5F4304}) (Version: 7.1.3196 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.1 - Paramount Software (UK) Ltd.)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Media Converter for Philips (HKLM\...\{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}) (Version: 2.5.2.231 - ArcSoft)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla A Team - mozregression-gui - regression range finder for Mozilla nightly and inbound builds (HKLM\...\Mozilla A Team mozregression-gui) (Version:  - "Mozilla A Team")
Mozilla Firefox 60.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 60.0.1 (x86 en-US)) (Version: 60.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0.0.6737 - Mozilla)
Mozilla Thunderbird 52.8.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 52.8.0 (x86 en-US)) (Version: 52.8.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nightly 62.0a1 (x86 en-US) (HKLM\...\Nightly 62.0a1 (x86 en-US)) (Version: 62.0a1 - Mozilla)
Node.js (HKLM\...\{C6249A36-0049-4492-9E4E-1DDD819ED0EA}) (Version: 0.10.32 - Joyent, Inc. and other Node contributors)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 309.08 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
OpenOffice 4.1.5 (HKLM\...\{ABCAD346-4F4B-49E9-9AA1-28EF8C26059D}) (Version: 4.15.9789 - Apache Software Foundation)
Oracle VM VirtualBox 5.0.10 (HKLM\...\{5EF918B8-5E04-4DB2-98CE-A0EAD834CD99}) (Version: 5.0.10 - Oracle Corporation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
SSA Benefit Calculator (HKLM\...\{340D61BB-350A-40F4-8CFD-4F860E12066E}) (Version: 1.17.0001 - Social Security Administration)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1146 - SUPERAntiSpyware.com)
thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
Visual MP3 Splitter & Joiner 9.1 (HKLM\...\Visual MP3 Splitter & Joiner_is1) (Version:  - ManiacTools.com)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Yahoo Search Set (HKLM\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)
ZoneAlarm Firewall (HKLM\...\{F21C5C41-E759-472F-B5AE-501AC583B693}) (Version: 15.0.653.17211 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM\...\ZoneAlarm Free Firewall) (Version: 15.0.653.17211 - Check Point)
ZoneAlarm Security (HKLM\...\{06F804D0-A69C-423A-8F77-A158EA7DF295}) (Version: 15.0.653.17211 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar  (HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001_Classes\CLSID\{79b4acff-94d2-58c5-baf6-23df99c7fcba}\InprocServer32 -> C:\Program Files\thinkorswim\npthinkorswim.dll (TD Ameritrade)
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001_Classes\CLSID\{cacd3178-4c86-52cb-87bf-eb0ef10e6e26}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll => No File
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001_Classes\CLSID\{dcc9a6f3-492c-5f51-a65d-3dd92b26c165}\InprocServer32 -> C:\Program Files\thinkorswim\nptossc.dll (TD Ameritrade)
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{79b4acff-94d2-58c5-baf6-23df99c7fcba}\InprocServer32 -> C:\Program Files\thinkorswim\npthinkorswim.dll (TD Ameritrade)
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{cacd3178-4c86-52cb-87bf-eb0ef10e6e26}\InprocServer32 -> C:\Users\Bill\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll (Jet Propulsion Laboratory)
CustomCLSID: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002_Classes\CLSID\{dcc9a6f3-492c-5f51-a65d-3dd92b26c165}\InprocServer32 -> C:\Program Files\thinkorswim\nptossc.dll (TD Ameritrade)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-04-19] (ESET)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-04-19] (ESET)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-01-30] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-04-19] (ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01D6D764-20BD-451A-A9CC-6F998ABBB013} - System32\Tasks\{7885DD0E-5774-4C45-830E-4C1C0A82095D} => C:\Windows\system32\pcalua.exe -a "D:\Program Files\Candleworks\FXTS2\uninstall.exe" -d "D:\Program Files\Candleworks\FXTS2"
Task: {1A170C42-1087-4C4C-A830-5C98D1FC34CA} - System32\Tasks\{195763AC-E88D-438C-AC41-D8E4019922F5} => C:\Windows\system32\pcalua.exe -a "D:\Program Files\Candleworks\FXTS2\PackageInstaller.exe" -d "D:\Program Files\Candleworks\FXTS2"
Task: {3C845A57-6CB0-4070-BA5B-58AC308643F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {3D7B50E8-B041-4D75-99A1-89C467D2336C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {581A306E-8CAF-4778-A5BB-BA743F7C8234} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {669958E6-9BD7-4BA3-930B-44064394C2D3} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {670B73DA-7476-43CA-8AC7-96AF7DBFD24F} - System32\Tasks\{8C91B3E4-ACDF-4D96-A31E-90640E226FAA} => "d:\my documents\firefox\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?page=tsMain
Task: {763D5137-BEA8-4A41-A32C-CC6F62270A04} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {76E90059-73A8-43C7-9F25-611FFD0336C1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {8E6482E0-C5AC-4827-852C-D0416771016E} - System32\Tasks\Process Explorer-User-PC-Bill => C:\USERS\BILL\DESKTOP\PROCEXP.EXE [2014-10-24] (Sysinternals - www.sysinternals.com)
Task: {A7EF5846-548E-4247-9D52-FAAE5D057CB3} - System32\Tasks\{B270F1A5-6A6E-4541-B6AA-B7CD8ACC1C16} => C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe [2018-06-05] (Malwarebytes)
Task: {B92833B5-DE72-4858-841F-E54D8921AF60} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {CC697D85-1CDF-4C41-BA11-04EDCEC52432} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-09] (Adobe Systems Incorporated)
Task: {D08F5256-1FAF-46D1-96EE-6C8133B07451} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_113_Plugin.exe [2018-06-09] (Adobe Systems Incorporated)
Task: {EE8D1B4E-1847-459B-90EA-F0C3CA141366} - System32\Tasks\{2AC29BEB-AD66-4753-A31F-4FFB1F4B78FE} => D:\OLD HARD DRIVE\Program Files\iTunes\iTunes.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Bill\Desktop\run_guiguts.bat - Shortcut.lnk -> D:\OLD HARD DRIVE\DP\guiguts-win-1.0.24\run_guiguts.bat ()

ShortcutWithArgument: C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js command prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files\nodejs\nodevars.bat"

==================== Loaded Modules (Whitelisted) ==============

2014-05-13 08:37 - 2015-01-30 20:48 - 000078480 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2018-03-16 15:20 - 2018-03-16 15:20 - 001042232 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-03-16 15:20 - 2018-03-16 15:20 - 000076088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-05-25 17:25 - 2018-05-25 17:27 - 000974696 _____ () C:\Program Files\AOMEI Backupper\UiLogic.dll
2018-05-25 17:25 - 2018-05-25 17:26 - 000266096 _____ () C:\Program Files\AOMEI Backupper\diskmgr.dll
2018-05-25 17:25 - 2018-05-25 17:25 - 000335720 _____ () C:\Program Files\AOMEI Backupper\Comn.dll
2018-05-25 17:25 - 2018-05-25 17:26 - 000089968 _____ () C:\Program Files\AOMEI Backupper\Ldm.dll
2018-05-25 17:25 - 2018-05-25 17:25 - 000073584 _____ () C:\Program Files\AOMEI Backupper\Device.dll
2018-05-25 17:25 - 2018-05-25 17:24 - 000298856 _____ () C:\Program Files\AOMEI Backupper\BrFat.dll
2018-05-25 17:25 - 2018-05-25 17:24 - 000978792 _____ () C:\Program Files\AOMEI Backupper\BrNtfs.dll
2018-05-25 17:25 - 2018-05-25 17:26 - 000139112 _____ () C:\Program Files\AOMEI Backupper\FuncLogic.dll
2018-05-25 17:25 - 2018-05-25 17:25 - 000339816 _____ () C:\Program Files\AOMEI Backupper\Clone.dll
2018-05-25 17:25 - 2018-05-25 17:26 - 000360304 _____ () C:\Program Files\AOMEI Backupper\ImgFile.dll
2018-05-25 17:25 - 2018-05-25 17:26 - 000040808 _____ () C:\Program Files\AOMEI Backupper\Encrypt.dll
2018-05-25 17:25 - 2018-05-25 17:25 - 000081776 _____ () C:\Program Files\AOMEI Backupper\Compress.dll
2018-05-25 17:25 - 2018-05-25 17:25 - 000114536 _____ () C:\Program Files\AOMEI Backupper\BrVol.dll
2018-05-25 17:25 - 2018-05-25 17:26 - 000266096 _____ () C:\Program Files\AOMEI Backupper\GptBcd.dll
2018-05-25 17:25 - 2018-05-25 17:26 - 000175984 _____ () C:\Program Files\AOMEI Backupper\FlBackup.dll
2018-05-25 17:25 - 2018-05-25 17:26 - 000499568 _____ () C:\Program Files\AOMEI Backupper\EnumFolder.dll
2018-05-25 17:25 - 2018-05-25 17:25 - 000188272 _____ () C:\Program Files\AOMEI Backupper\DeviceMgr.dll
2018-05-25 17:25 - 2018-05-25 17:24 - 000126832 _____ () C:\Program Files\AOMEI Backupper\Backup.dll
2018-05-25 17:25 - 2018-05-25 17:27 - 000724840 _____ () C:\Program Files\AOMEI Backupper\Sync.dll
2018-05-25 17:25 - 2018-05-25 17:24 - 000114536 _____ () C:\Program Files\AOMEI Backupper\BrLog.dll
2018-05-25 17:25 - 2015-05-21 14:32 - 002403504 _____ () C:\Program Files\AOMEI Backupper\QtCore4.dll
2016-06-10 15:25 - 2016-02-05 09:53 - 000387144 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2018-06-02 15:47 - 2018-06-05 02:33 - 001930960 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-08 08:07 - 2018-04-08 08:07 - 001042232 _____ () C:\Program Files\iTunes\libxml2.dll
2018-04-08 08:08 - 2018-04-08 08:08 - 000076088 _____ () C:\Program Files\iTunes\zlib1.dll
2013-10-17 16:48 - 2013-10-17 16:48 - 000190976 _____ () D:\Program Files\BOINC\zlib1.dll
2018-04-08 08:05 - 2018-04-08 08:05 - 000189752 _____ () C:\Program Files\iTunes\libxslt.dll
2018-03-01 15:06 - 2018-03-01 16:47 - 053285888 _____ () D:\ProgramData\BOINC\projects\boinc.bakerlab.org_rosetta\rosetta_4.07_windows_intelx86.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7879 more sites.

IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1001\...\123simsen.com -> www.123simsen.com

There are 7879 more sites.

IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\...\123simsen.com -> www.123simsen.com

There are 7879 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-04-16 12:06 - 2016-03-22 12:29 - 000450452 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15484 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2418160549-1670195301-1622969964-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: ekrn => 2
MSCONFIG\startupreg: egui => "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
MSCONFIG\startupreg: ZoneAlarm => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AEB43404-0826-4510-9A4E-D0CFE8B19568}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{8489109D-937C-40A7-B434-951338F7BC36}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{E49C742A-EACE-4D9A-BC41-1977E3FAF3FF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{F91F8C79-A7E6-40F4-BA03-6AD8D15B4A5B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CAD217DB-2040-44BA-A457-BDC36CCFFD54}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D5BEB976-7E5E-4EFA-AB05-899A2AD4DF3F}] => (Allow) D:\My Documents\Firefox\Mozilla Firefox\firefox.exe
FirewallRules: [{32028FDA-2124-44F4-872E-8046875A3526}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7B11CA1B-6D6B-495A-AD84-A3563B3AF471}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CB4EF68D-A6B8-4E23-9DEA-65DB62DB088B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{20375D5B-D894-4C81-B356-421B111FC0CB}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{BD04B4C4-44FA-4617-A9BA-6A68E3AB7FBA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8BAC6521-A14F-4C25-9EEB-941A2DD4142B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2E68D5ED-C3AB-477C-8ADB-02A3D30EF3DE}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{17EEDD81-2FD8-42A6-97FA-8F995C147926}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{F82ED1E5-99EC-48B4-B90A-1896F1C06F7C}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{F63B029F-216E-46A2-ADC8-1FA9E485DC1E}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe

==================== Restore Points =========================

09-06-2018 14:29:00 Restore Operation
09-06-2018 18:06:59 Windows Update
10-06-2018 19:03:36 Windows Backup
13-06-2018 11:50:40 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/13/2018 03:28:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: KeePass.exe, version: 1.35.0.0, time stamp: 0x5a4b59b4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0049c188
Faulting process id: 0x1a3c
Faulting application start time: 0x01d403381e4d2478
Faulting application path: C:\Program Files\KeePass Password Safe\KeePass.exe
Faulting module path: unknown
Report Id: e3d5edd8-6f3f-11e8-b039-001d923b8f1d

Error: (06/11/2018 10:18:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Kodi.exe version 17.6.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 258c

Start Time: 01d401f232908728

Termination Time: 0

Application Path: C:\Program Files\Kodi\Kodi.exe

Report Id: 7c54b929-6de6-11e8-b12e-001d923b8f1d

Error: (06/10/2018 11:55:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 62.0.0.6735, time stamp: 0x5b1d0ef0
Faulting module name: xul.dll, version: 62.0.0.6735, time stamp: 0x5b1d0ede
Exception code: 0x80000003
Fault offset: 0x010f7b52
Faulting process id: 0x10cc
Faulting application start time: 0x01d40137e217c668
Faulting application path: C:\Program Files\Nightly\plugin-container.exe
Faulting module path: C:\Program Files\Nightly\xul.dll
Report Id: 521f4f08-6d2b-11e8-865a-001d923b8f1d

Error: (06/10/2018 07:05:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 62.0.0.6735, time stamp: 0x5b1d09c6
Faulting module name: xul.dll, version: 62.0.0.6735, time stamp: 0x5b1d0ede
Exception code: 0x80000003
Fault offset: 0x011c7b57
Faulting process id: 0x214
Faulting application start time: 0x01d4010ee0f91c38
Faulting application path: C:\Program Files\Nightly\firefox.exe
Faulting module path: C:\Program Files\Nightly\xul.dll
Report Id: ce655248-6d02-11e8-865a-001d923b8f1d

Error: (06/10/2018 06:49:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 62.0.0.6735, time stamp: 0x5b1d0ef0
Faulting module name: xul.dll, version: 62.0.0.6735, time stamp: 0x5b1d0ede
Exception code: 0x80000003
Fault offset: 0x010f7b52
Faulting process id: 0x1414
Faulting application start time: 0x01d400e70f700928
Faulting application path: C:\Program Files\Nightly\plugin-container.exe
Faulting module path: C:\Program Files\Nightly\xul.dll
Report Id: 90158c58-6d00-11e8-865a-001d923b8f1d

Error: (06/09/2018 04:06:40 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Installed BOINC.). Additional information: 0x80070005.

Error: (06/09/2018 03:12:56 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070005.

Error: (06/09/2018 02:48:09 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070005.


System errors:
=============
Error: (06/13/2018 12:55:05 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.

Error: (06/13/2018 11:26:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ESET Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (06/13/2018 11:26:05 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the ESET Service service to connect.

Error: (06/13/2018 11:25:04 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT AUTHORITY)
Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.

Error: (06/13/2018 05:00:51 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.

Error: (06/12/2018 01:16:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (06/12/2018 01:15:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (06/12/2018 01:13:05 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E2B3C97F-6AE1-41AC-817A-F6F92166D7DD} did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2016-10-25 02:31:02.344
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{E02F107A-A9E7-4D0F-8405-8970E827D07C}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2016-10-24 02:40:32.550
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{46A85C4F-F4A3-473A-9A85-C783BC8D4674}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2016-10-23 23:49:45.936
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{6CB5E68C-1BC4-49B6-B0FC-459F1BD1408D}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2016-10-23 23:27:53.676
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{D47A48F7-5331-48FE-A70E-7632C0240543}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2016-08-07 22:30:39.876
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{6E9D46DA-F714-491D-957B-B94F671ED1F6}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2018-01-06 11:39:22.385
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

Date: 2018-01-06 11:39:22.151
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:1.251.468.0
Previous Signature Version:
Update Source:Signature Update Folder
Signature Type:AntiSpyware
Update Type:Full
Current Engine Version:1.1.13804.0
Previous Engine Version:
Error code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2018-01-06 11:39:22.151
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.13804.0
Previous Engine Version:
Update Source:Signature Update Folder
Error Code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2018-01-06 10:44:56.470
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

Date: 2018-01-06 10:44:56.299
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:1.251.468.0
Previous Signature Version:
Update Source:Signature Update Folder
Signature Type:AntiSpyware
Update Type:Full
Current Engine Version:1.1.13804.0
Previous Engine Version:
Error code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

==================== Memory info ===========================

Processor: AMD Athlon™ 64 X2 Dual Core Processor 3800+
Percentage of memory in use: 80%
Total physical RAM: 3007.43 MB
Available physical RAM: 579.56 MB
Total Virtual: 6013.21 MB
Available Virtual: 3356.74 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:250.86 GB) (Free:132.83 GB) NTFS
Drive d: (DATA) (Fixed) (Total:214.8 GB) (Free:45.74 GB) NTFS
Drive f: (DATA DRIVE  (Remember to BACKUP)) (Fixed) (Total:396.22 GB) (Free:56.28 GB) NTFS

\\?\Volume{fc352f24-fe8f-11d5-a60e-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 6B4876E1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=250.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=214.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 61D26694)
Partition 1: (Not Active) - (Size=396.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:43 AM

Posted 13 June 2018 - 09:32 PM

Hi

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:

  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)

Let's begin... :)

  • Highlight the entire content of the quote box below.

Start::

ZoneAlarm Firewall (HKLM\...\{F21C5C41-E759-472F-B5AE-501AC583B693}) (Version: 15.0.653.17211 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security (HKLM\...\{06F804D0-A69C-423A-8F77-A158EA7DF295}) (Version: 15.0.653.17211 - Check Point Software Technologies Ltd.) Hidden
End::


  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

 

Go to the Control panel and remove all programs related to Zone Alarm. Restart and give it a try.

 

Let me know the outcome.
 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:43 AM

Posted 16 June 2018 - 12:45 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:43 AM

Posted 16 June 2018 - 03:28 PM

Sent Today, 10:15 AM
https://www.bleepingcomputer.com/forums/t/679046/cannot-start-eset-antivirus-or-windows-defender/?hl=%2Beset#entry4511437

Please reopen. Feverish last night. Went to bed 8 pm. Made a point to get back up around midnight and try to get this done but had to go back to bed.

Ran it when I got up today.

Fix result of Farbar Recovery Scan Tool (x86) Version: 06.06.2018 01
Ran by Bill (16-06-2018 09:39:30) Run:1
Running from C:\Users\Bill\Downloads
Loaded Profiles: UpdatusUser & Bill (Available Profiles: UpdatusUser & Bill)
Boot Mode: Normal

==============================================

fixlist content:
*****************
ZoneAlarm Firewall (HKLM\...\{F21C5C41-E759-472F-B5AE-501AC583B693}) (Version: 15.0.653.17211 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security (HKLM\...\{06F804D0-A69C-423A-8F77-A158EA7DF295}) (Version: 15.0.653.17211 - Check Point Software Technologies Ltd.) Hidden

*****************

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F21C5C41-E759-472F-B5AE-501AC583B693}\\SystemComponent" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{06F804D0-A69C-423A-8F77-A158EA7DF295}\\SystemComponent" => removed successfully.

==== End of Fixlog 09:39:35 ====

Uninstalled ZoneAlarm.

Eset still not loading on startup.

Thank you.

Bill

 

 

Please also remove Spybot, Search and destroy as it will interfere with our fixes.

 

Rescan with FRST and post new reports.

  • Double-click to run it.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users