Re: Win 7 SP1 x64 update fails on configuring after reboot
Here you go! If it makes any difference, computer is still in clean boot mode.
FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2017
Ran by networkadmin (administrator) on SAFETY12 (31-10-2017 06:59:05)
Running from C:\Users\networkadmin\Desktop
Loaded Profiles: networkadmin (Available Profiles: User1 & networkadmin)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "F:\PortableApps\FirefoxPortable\App\Firefox\firefox.exe" -requestPending -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [4159136 2016-03-04] (ESET)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421224 2017-10-09] (Garmin Ltd. or its subsidiaries)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => No File
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [177624 2015-02-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => No File
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [164752 2015-02-05] (NVIDIA Corporation)
Startup: C:\Users\andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PortableRoboForm - Shortcut.lnk [2016-04-21]
ShortcutTarget: PortableRoboForm - Shortcut.lnk -> F:\PortableRoboForm.exe (No File)
Startup: C:\Users\andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start - Shortcut.lnk [2016-04-21]
ShortcutTarget: Start - Shortcut.lnk -> F:\Start.exe (No File)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.2
Tcpip\..\Interfaces\{538756DD-C3B5-4184-99D7-61401E05D8F4}: [DhcpNameServer] 10.0.0.2
Tcpip\..\Interfaces\{E35E72A9-0F22-43F0-A3DD-F9ABBF804AD0}: [DhcpNameServer] 10.0.0.2
Internet Explorer:
==================
HKU\S-1-5-21-462157724-132793273-1689201830-1142\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-462157724-132793273-1689201830-1142\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.toshiba.com
HKU\S-1-5-21-462157724-132793273-1689201830-1142\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com
SearchScopes: HKLM -> DefaultScope {AFF5B857-0960-4089-A2EE-1CDBDEC676FC} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {AFF5B857-0960-4089-A2EE-1CDBDEC676FC} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 -> DefaultScope {AFF5B857-0960-4089-A2EE-1CDBDEC676FC} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {AFF5B857-0960-4089-A2EE-1CDBDEC676FC} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKU\S-1-5-21-462157724-132793273-1689201830-1142 -> DefaultScope {CFE7F79D-1373-49B5-A762-FF8269FF74F4} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS490
SearchScopes: HKU\S-1-5-21-462157724-132793273-1689201830-1142 -> {AFF5B857-0960-4089-A2EE-1CDBDEC676FC} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS490
SearchScopes: HKU\S-1-5-21-462157724-132793273-1689201830-1142 -> {CFE7F79D-1373-49B5-A762-FF8269FF74F4} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS490
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-03-17] (Siber Systems Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-10-22] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-22] (Oracle Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-03-17] (Siber Systems Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-22] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files (x86)\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll [2011-07-08] (Zeon Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-22] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-03-17] (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-03-17] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-462157724-132793273-1689201830-1142 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {7191F0AC-D686-46A8-BFCC-EA61778C74DD} hxxp://72.201.173.195:8090/aplugLite.cab
DPF: HKLM-x32 {D012C710-86E2-4797-ACA5-DE142834E295} hxxp://78321395.cam.trendnetcloud.com/devices/clients/ActiveX/1_0_1_4212/TRENDnetCloud.cab
FireFox:
========
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: (ESET Endpoint Security Extension) - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2016-05-24] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: (RoboForm Toolbar) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2017-02-15] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-14] ()
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2013-01-11] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2013-01-11] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: @TRENDnet.com/CameraPlugin -> C:\Program Files (x86)\TRENDnet\npcamstreamctrl.dll [2015-10-12] (TRENDnet)
FF Plugin-x32: @trendnet.com/trendnetcloud -> C:\Program Files (x86)\TRENDnet\npTRENDnetCloud.dll [2015-10-12] (TRENDnet)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
StartMenuInternet: FIREFOX.EXE - F:\PortableApps\FirefoxPortable\App\Firefox64\firefox.exe
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-12-06]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-12-06]
StartMenuInternet: Google Chrome.BAPNUZEHPKMRCE4IJXFXQ2DMZ4 - C:\Users\andy\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43072 2012-03-19] (ArcSoft, Inc.)
S4 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [11075816 2015-10-16] (DisplayLink Corp.)
S4 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [53408 2016-03-04] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1059880 2016-03-04] (ESET)
S4 ESHASRV; C:\Program Files\ESET\ESET NOD32 Antivirus\EShaSrv.exe [200864 2016-03-04] (ESET)
S4 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [96768 2012-06-27] (Freemake) [File not signed]
S4 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1085968 2017-10-09] (Garmin Ltd. or its subsidiaries)
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
S4 IDriveService; C:\Program Files (x86)\IDriveWindows\idwservice_600.exe [182872 2013-06-14] ()
S4 IDWAdmin; C:\Program Files (x86)\IDriveWindows\idwadminsrv.exe [125528 2013-06-14] ()
S4 Leawo_service; C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe [1232880 2014-05-04] ()
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2169696 2017-07-12] (Electronic Arts)
S4 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3149664 2017-07-12] (Electronic Arts)
S4 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [135016 2011-09-09] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
S4 RemoteMouseService; C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe [18432 2016-06-25] () [File not signed]
S4 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2015-09-02] (CyberLink)
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-12] (DEVGURU Co., LTD.)
S4 SwOffScheduler; C:\Users\andy\swoff.exe [173056 2011-05-28] (Airytec) [File not signed]
S4 SwOffWeb; C:\Users\andy\swoff.exe [173056 2011-05-28] (Airytec) [File not signed]
S4 Thpsrv; C:\windows\system32\ThpSrv.exe [558592 2011-04-20] (TOSHIBA Corporation) [File not signed]
S4 wgsslvpnsrc; C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe [102912 2015-10-15] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Apowersoft_AudioDevice; C:\windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-01] (Wondershare)
S3 Bulk1628; C:\windows\System32\Drivers\Bulk1628.sys [17792 2009-10-20] (SunPlus)
S3 ca1628UVCav; C:\windows\System32\Drivers\ca1628UVCav.sys [2453504 2011-01-11] (Digital Camera)
R3 CLMirrorDriver; C:\windows\System32\DRIVERS\CLMirrorDriver.sys [21264 2016-11-10] (CyberLink)
S3 DisplayLinkUsbIo_x64; C:\windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.9.630.0.sys [58640 2016-09-03] ()
S3 dlcdcncm; C:\windows\System32\DRIVERS\dlcdcncm62_x64.sys [91920 2015-10-16] (DisplayLink Corp.)
S3 dlusbaudio; C:\windows\System32\DRIVERS\dlusbaudio_x64.sys [229648 2015-10-16] (DisplayLink Corp.)
R1 eamonm; C:\windows\System32\DRIVERS\eamonm.sys [248024 2015-09-11] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [183016 2013-04-09] (ESET)
R1 ehdrv; C:\windows\System32\DRIVERS\ehdrv.sys [179544 2015-07-14] (ESET)
R2 epfwwfpr; C:\windows\System32\DRIVERS\epfwwfpr.sys [170768 2015-07-14] (ESET)
S3 FlashUSB; C:\windows\System32\DRIVERS\FlashUSB.sys [19968 2014-01-22] (Intel Mobile Communications)
S3 GeneStor; C:\windows\System32\DRIVERS\GeneStor.sys [111336 2016-09-26] (GenesysLogic)
R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-09-03] (REALiX(tm))
R3 ManyCam; C:\windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-10] (ManyCam LLC)
R3 mcaudrv_simple; C:\windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\windows\System32\drivers\nvvad64v.sys [56384 2016-09-26] (NVIDIA Corporation)
R3 S6000KNT; C:\windows\System32\Drivers\S6000KNT.sys [3564568 2016-09-26] (Windows (R) Win 7 DDK provider)
R3 toshidpt; C:\windows\System32\drivers\Toshidpt.sys [10232 2012-08-01] (TOSHIBA Corporation.)
S3 DisplayLinkUsbPort; system32\DRIVERS\DisplayLinkUsbPort_6.1.32700.0.sys [X]
S3 dlcdcecm; system32\DRIVERS\dlcdcecm.sys [X]
S3 LGELTEBus; system32\DRIVERS\LGELTEBus.sys [X]
S3 LGELTEmdm; system32\DRIVERS\LGELTEmdm.sys [X]
S3 LGELTEMux; system32\DRIVERS\LGELTEMux.sys [X]
S3 LGELTENdis; system32\DRIVERS\LGELTENdis.sys [X]
S3 LGELTEprt; system32\DRIVERS\LGELTEprt.sys [X]
S3 MBAMSwissArmy; \SystemRoot\System32\Drivers\mbamswissarmy.sys [X]
S3 MBAMWebProtection; system32\DRIVERS\mwac.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-10-31 06:59 - 2017-10-31 06:59 - 000019976 _____ C:\Users\networkadmin\Desktop\FRST.txt
2017-10-31 06:58 - 2017-10-31 06:59 - 000000000 ____D C:\FRST
2017-10-31 06:41 - 2017-10-31 06:41 - 002403328 _____ (Farbar) C:\Users\networkadmin\Desktop\FRST64.exe
2017-10-30 14:31 - 2017-10-30 14:31 - 000000000 ____H C:\Users\networkadmin\Documents\Default.rdp
2017-10-27 10:08 - 2017-10-27 10:08 - 000054434 _____ C:\Users\andy\Desktop\Referrals Hart Doc.pdf
2017-10-27 10:07 - 2017-10-27 10:07 - 000051748 _____ C:\Users\andy\Desktop\94e94e89-e5c7-41f8-b1e1-9fdaa2143416-000001.pdf
2017-10-25 12:40 - 2017-10-25 12:47 - 000000000 ____D C:\Users\andy\Desktop\New folder
2017-10-25 09:09 - 2017-10-25 09:11 - 011707497 _____ C:\Users\networkadmin\Desktop\COMPONENTS.zip
2017-10-22 17:12 - 2017-10-22 17:11 - 000110144 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-64.dll
2017-10-19 09:39 - 2017-10-19 09:39 - 000084196 _____ C:\Users\andy\Desktop\Sorbogem Crystalline Sorbitol NF FCC All Grades - Ingredion - 2014-05-07.pdf
2017-10-18 14:28 - 2017-10-18 14:28 - 000047943 _____ C:\Users\andy\Desktop\416cbfac-1767-4cb7-ba68-fc2b9a790e8d-000001.pdf
2017-10-18 08:22 - 2017-10-18 08:22 - 774614994 _____ C:\windows\MEMORY.DMP
2017-10-18 08:22 - 2017-10-18 08:22 - 000262144 _____ C:\windows\Minidump\101817-36348-01.dmp
2017-10-13 14:10 - 2017-10-13 14:11 - 435513784 _____ (ON1) C:\Users\andy\Downloads\ON1_Effects_10.5.1_Free.exe
2017-10-13 08:44 - 2017-10-13 08:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2017-10-13 08:26 - 2017-10-13 08:26 - 000000000 ____D C:\ddc70a2d2b2cdec6cf79331287a5
2017-10-10 11:32 - 2017-10-10 11:33 - 200268366 _____ C:\Users\networkadmin\Desktop\CBS.zip
2017-10-10 11:32 - 2017-10-10 11:32 - 000000000 ___HD C:\Users\networkadmin\Desktop\CBS
2017-10-10 11:31 - 2017-10-10 11:31 - 000001316 _____ C:\Users\networkadmin\Desktop\SFCFix.txt
2017-10-10 10:26 - 2017-10-10 10:26 - 000000000 ____D C:\Users\networkadmin\AppData\Local\Garmin_Ltd._or_its_subsid
2017-10-10 10:26 - 2017-10-10 10:26 - 000000000 ____D C:\Users\networkadmin\AppData\Local\CEF
2017-10-10 08:05 - 2017-10-10 09:56 - 000065998 _____ C:\windows\woubak-winlogon.reg
2017-10-10 08:05 - 2017-10-10 09:56 - 000002700 _____ C:\windows\woubak-system-policies.reg
2017-10-10 07:27 - 2017-10-13 08:44 - 000003554 _____ C:\windows\System32\Tasks\GarminUpdaterTask
2017-10-10 07:26 - 2013-02-14 23:08 - 000237568 _____ (Microsoft Corporation) C:\windows\system32\wecsvc.dll
2017-10-10 07:26 - 2013-02-14 23:08 - 000088576 _____ (Microsoft Corporation) C:\windows\system32\wecapi.dll
2017-10-10 07:26 - 2013-02-14 20:53 - 000113152 _____ (Microsoft Corporation) C:\windows\system32\wecutil.exe
2017-10-10 07:26 - 2013-02-14 19:54 - 000080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\wecutil.exe
2017-10-10 07:26 - 2013-02-14 19:54 - 000058368 _____ (Microsoft Corporation) C:\windows\SysWOW64\wecapi.dll
2017-10-10 06:43 - 2017-10-10 06:43 - 000000041 _____ C:\windows\woubak-pwrscheme-temp.txt
2017-10-10 06:43 - 2017-10-10 06:43 - 000000041 _____ C:\windows\woubak-pwrscheme-act.txt
2017-10-09 15:28 - 2017-10-09 15:28 - 000000000 ____D C:\Users\networkadmin\Desktop\wsusoffline1102
2017-10-09 15:27 - 2017-10-09 15:28 - 002331902 _____ C:\Users\networkadmin\Desktop\wsusoffline1102.zip
2017-10-09 10:53 - 2017-10-10 11:31 - 000000000 ____D C:\SFCFix
2017-10-09 10:43 - 2017-10-10 11:31 - 000000000 ____D C:\Users\networkadmin\AppData\Local\niemiro
2017-10-09 10:42 - 2017-10-09 10:42 - 002884096 _____ (niemiro) C:\Users\networkadmin\Desktop\SFCFix.exe
2017-10-09 10:02 - 2017-10-09 10:04 - 564744309 _____ C:\Users\networkadmin\Desktop\Windows6.1-KB947821-v34-x64.msu
2017-10-09 08:39 - 2017-10-09 08:39 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-09 08:24 - 2017-10-09 08:24 - 000000000 ____D C:\Users\User1\AppData\Roaming\HandBrake
2017-10-06 10:25 - 2017-10-06 10:25 - 017092411 _____ C:\Users\User1\Desktop\Windows6.1-KB3110329-x64.msu
2017-10-06 10:25 - 2017-10-06 10:25 - 017092411 _____ C:\Users\networkadmin\Desktop\Windows6.1-KB3110329-x64.msu
2017-10-06 09:46 - 2017-10-06 09:46 - 000000000 ____D C:\Users\User1\AppData\Local\ArcSoft
2017-10-06 09:22 - 2017-10-06 09:22 - 000000000 ____D C:\Users\User1\AppData\Local\ElevatedDiagnostics
2017-10-06 09:20 - 2017-10-03 09:09 - 564744309 _____ C:\Users\User1\Desktop\SURT.msu
2017-10-06 09:19 - 2017-08-23 07:54 - 000313366 _____ C:\Users\User1\Desktop\WindowsUpdate.diagcab
2017-10-06 08:59 - 2017-10-06 08:59 - 000000000 ____D C:\Users\User1\AppData\Roaming\Zeon
2017-10-06 08:59 - 2017-10-03 10:47 - 000001122 _____ C:\Users\User1\Desktop\reset.cmd
2017-10-06 08:58 - 2017-10-06 08:58 - 000000000 ____D C:\Users\User1\AppData\Local\NVIDIA Corporation
2017-10-06 08:57 - 2017-10-06 08:57 - 000000000 ____D C:\Users\User1\Documents\Bluetooth
2017-10-06 08:57 - 2017-10-06 08:57 - 000000000 ____D C:\Users\User1\AppData\Local\NVIDIA
2017-10-06 08:57 - 2017-10-06 08:57 - 000000000 ____D C:\Users\User1\AppData\Local\Google
2017-10-03 10:47 - 2017-10-03 10:47 - 000001122 _____ C:\Users\networkadmin\Desktop\reset.cmd
2017-10-03 10:46 - 2017-10-03 10:46 - 000000000 ____D C:\Program Files (x86)\Windows Resource Kits
2017-10-03 10:45 - 2017-10-03 10:45 - 000379392 _____ C:\Users\networkadmin\Desktop\subinacl.msi
2017-10-03 09:12 - 2017-10-03 09:09 - 564744309 _____ C:\Users\networkadmin\Desktop\SURT.msu
2017-10-03 08:54 - 2017-10-03 08:54 - 000000000 ____D C:\Users\networkadmin\AppData\Local\ElevatedDiagnostics
2017-10-03 08:53 - 2017-08-23 07:54 - 000313366 _____ C:\Users\networkadmin\Desktop\WindowsUpdate.diagcab
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-10-31 06:56 - 2016-02-02 12:04 - 000000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1d15dec894f43d3.job
2017-10-31 06:56 - 2015-12-07 06:03 - 000000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1d130efbb5d0130.job
2017-10-31 06:56 - 2015-09-17 10:04 - 000000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0f16aee43fded.job
2017-10-31 06:56 - 2015-09-01 09:03 - 000000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0e4cfc87774cc.job
2017-10-31 06:56 - 2015-05-19 07:04 - 000000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0923caa881f55.job
2017-10-31 06:56 - 2015-02-05 05:58 - 000000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1d04143631e2c14.job
2017-10-31 06:56 - 2012-06-09 19:29 - 000000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2017-10-31 06:55 - 2009-07-13 22:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2017-10-31 06:49 - 2015-02-16 09:48 - 000000508 _____ C:\windows\Tasks\G2MUpdateTask-S-1-5-21-462157724-132793273-1689201830-1178.job
2017-10-31 06:36 - 2015-12-04 09:26 - 000000904 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178UA1d12eb089666e33.job
2017-10-31 06:36 - 2015-09-17 10:04 - 000000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA1d0f16aee6a13f2.job
2017-10-31 06:35 - 2012-06-09 19:29 - 000000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2017-10-31 06:34 - 2016-02-02 12:04 - 000000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA1d15dec898864da.job
2017-10-31 06:34 - 2016-02-02 11:31 - 000000904 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178UA1d15de7ff93b9ff.job
2017-10-31 06:34 - 2015-12-07 06:03 - 000000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA1d130efbb87d9f5.job
2017-10-31 06:34 - 2015-09-18 08:26 - 000000904 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178UA1d0f2266a6deade.job
2017-10-31 06:34 - 2015-09-01 09:03 - 000000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA1d0e4cfc89d8ad0.job
2017-10-31 06:34 - 2015-07-16 07:11 - 000000904 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178UA1d0bfd143053a8b.job
2017-10-31 06:34 - 2015-06-19 09:44 - 000000604 _____ C:\windows\Tasks\G2MUploadTask-S-1-5-21-462157724-132793273-1689201830-1178.job
2017-10-31 06:34 - 2015-05-19 07:04 - 000000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA1d0923caaabd3f9.job
2017-10-31 06:34 - 2015-05-15 06:10 - 000000904 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178UA1d08f108f575119.job
2017-10-31 06:34 - 2015-02-05 05:58 - 000000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA1d04143633d1df8.job
2017-10-31 06:34 - 2015-02-04 06:05 - 000000904 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178UA1d0407b301f1e75.job
2017-10-31 06:34 - 2014-11-12 13:20 - 000000904 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178UA1cffeb62299cabb.job
2017-10-31 06:34 - 2013-12-24 10:42 - 000000904 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178UA.job
2017-10-30 14:52 - 2009-07-13 21:45 - 000039552 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-10-30 14:52 - 2009-07-13 21:45 - 000039552 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-10-30 14:40 - 2009-07-13 20:20 - 000000000 ___HD C:\windows\inf
2017-10-30 14:29 - 2013-01-14 08:54 - 000000000 ___HD C:\windows\pss
2017-10-30 14:26 - 2014-04-10 10:02 - 000000000 ___HD C:\Program Files (x86)\IDriveWindows
2017-10-30 11:44 - 2016-03-31 08:50 - 000799866 _____ C:\windows\SysWOW64\PerfStringBackup.TMP
2017-10-30 11:44 - 2012-07-06 09:46 - 000000000 ____D C:\ProgramData\TEMP
2017-10-30 11:36 - 2015-12-04 09:26 - 000000852 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178Core1d12eb0893b956e.job
2017-10-30 11:29 - 2012-07-05 15:54 - 000000000 ____D C:\Users\andy\AppData\Roaming\vlc
2017-10-30 09:31 - 2015-09-18 08:26 - 000000852 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178Core1d0f22666731de9.job
2017-10-30 09:17 - 2012-07-05 10:19 - 000000000 ___RD C:\Users\andy\working on
2017-10-30 08:31 - 2015-07-16 07:11 - 000000852 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178Core1d0bfd142b62f03.job
2017-10-30 08:20 - 2011-11-24 20:04 - 000000000 ___HD C:\windows\SysWOW64\Macromed
2017-10-30 08:15 - 2016-02-02 11:31 - 000000852 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178Core1d15de7ff667fda.job
2017-10-27 08:23 - 2017-09-19 13:46 - 000000000 ____D C:\Users\andy\Desktop\Destiny Springs
2017-10-25 09:14 - 2014-08-25 13:04 - 000000000 ____D C:\Users\networkadmin\AppData\Local\Eraser 6
2017-10-25 07:16 - 2015-05-15 06:10 - 000000852 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178Core1d08f108f35fdd5.job
2017-10-25 06:15 - 2015-02-04 06:05 - 000000852 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178Core1d0407b30052dd2.job
2017-10-25 06:10 - 2013-12-24 10:42 - 000000852 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178Core.job
2017-10-22 23:23 - 2014-08-12 12:55 - 000000000 ____D C:\ProgramData\Origin
2017-10-22 17:16 - 2014-08-12 12:56 - 000000000 ____D C:\Users\andy\AppData\Roaming\Origin
2017-10-22 17:13 - 2014-08-06 06:06 - 000000000 ___HD C:\Program Files (x86)\Java
2017-10-22 17:13 - 2014-01-15 11:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-10-22 17:13 - 2013-10-21 07:43 - 000000000 ____D C:\ProgramData\Oracle
2017-10-22 17:12 - 2016-01-25 06:30 - 000000000 ____D C:\Program Files\Java
2017-10-22 17:11 - 2016-01-25 06:31 - 000110144 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2017-10-22 17:11 - 2014-08-06 06:06 - 000097856 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2017-10-22 00:32 - 2013-05-28 13:53 - 000000000 ____D C:\Users\andy\AppData\Roaming\TS3Client
2017-10-21 21:34 - 2013-05-28 13:24 - 000000000 ____D C:\Users\andy\AppData\Local\TeamSpeak 3 Client
2017-10-19 14:23 - 2017-09-14 08:32 - 000000000 ____D C:\Users\andy\Desktop\Silica Program
2017-10-19 10:15 - 2017-07-20 08:39 - 000000000 ____D C:\Users\andy\Desktop\Raytheon MPB
2017-10-18 08:22 - 2013-10-23 13:27 - 000000000 ___HD C:\windows\Minidump
2017-10-17 14:25 - 2016-12-30 12:01 - 000000000 ____D C:\Users\andy\AppData\Local\IE Tab
2017-10-17 09:20 - 2016-06-27 11:08 - 000000000 ___RD C:\Users\andy\Desktop\Active Jobs
2017-10-16 14:44 - 2017-08-02 14:28 - 000000000 ____D C:\Users\andy\Desktop\INS
2017-10-16 10:08 - 2017-04-06 14:07 - 000004464 _____ C:\windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-10-16 10:08 - 2014-12-16 13:10 - 000803328 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2017-10-16 10:08 - 2014-12-16 13:10 - 000144896 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-16 10:08 - 2014-08-21 21:40 - 000000000 ____D C:\Users\andy\AppData\Local\Adobe
2017-10-16 10:08 - 2012-07-13 06:13 - 000000000 ___HD C:\windows\system32\Macromed
2017-10-15 22:36 - 2013-06-21 09:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-10-15 12:29 - 2014-08-12 12:55 - 000000000 ____D C:\Program Files (x86)\Origin
2017-10-13 14:12 - 2016-04-05 13:20 - 000000000 ____D C:\Users\andy\AppData\Roaming\EQATEC Analytics
2017-10-13 14:02 - 2012-07-06 10:12 - 000001199 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2017-10-13 14:02 - 2012-07-06 10:12 - 000000000 ___HD C:\Program Files\Paint.NET
2017-10-13 13:23 - 2012-07-05 09:07 - 000000000 ____D C:\Users\andy
2017-10-13 12:51 - 2009-07-13 20:20 - 000000000 ___HD C:\windows\system32\spool
2017-10-13 09:37 - 2014-08-25 05:40 - 000799866 _____ C:\windows\system32\PerfStringBackup.TMP
2017-10-13 09:34 - 2017-07-13 16:09 - 000000000 ____D C:\Program Files (x86)\GoToMeeting
2017-10-13 09:34 - 2015-06-19 09:44 - 000003624 _____ C:\windows\System32\Tasks\G2MUploadTask-S-1-5-21-462157724-132793273-1689201830-1178
2017-10-13 09:34 - 2015-02-16 09:48 - 000003528 _____ C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-462157724-132793273-1689201830-1178
2017-10-13 08:45 - 2013-07-18 10:00 - 000000000 ____D C:\ProgramData\Package Cache
2017-10-13 08:44 - 2012-10-27 14:42 - 000000000 ___HD C:\Program Files (x86)\Garmin
2017-10-13 08:43 - 2012-07-05 09:09 - 000071416 _____ C:\Users\andy\AppData\Local\GDIPFONTCACHEV1.DAT
2017-10-09 15:01 - 2012-06-29 08:57 - 000071416 _____ C:\Users\networkadmin\AppData\Local\GDIPFONTCACHEV1.DAT
2017-10-09 08:24 - 2012-06-29 08:44 - 000071416 _____ C:\Users\User1\AppData\Local\GDIPFONTCACHEV1.DAT
2017-10-06 08:57 - 2014-08-14 09:04 - 000000000 ____D C:\Users\User1\AppData\Roaming\Adobe
2017-10-06 08:57 - 2012-06-29 08:43 - 000001424 _____ C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-10-06 08:57 - 2012-06-29 08:43 - 000000000 ____D C:\Users\User1\AppData\Local\TOSHIBA
2017-10-03 12:12 - 2009-07-13 22:08 - 000032552 ____H C:\windows\Tasks\SCHEDLGU.TXT
2017-10-03 12:07 - 2009-07-13 20:20 - 000000000 ___HD C:\windows\system32\catroot2x
2017-10-03 11:02 - 2009-07-13 21:45 - 000326352 ____H C:\windows\system32\FNTCACHE.DAT
==================== Files in the root of some directories =======
2014-05-05 08:38 - 2014-05-03 20:38 - 000000044 ____H () C:\Program Files (x86)\7337007b.tmp
2014-01-13 09:07 - 2016-01-07 10:21 - 000018851 _____ () C:\ProgramData\DVRClient.log
2016-01-07 10:20 - 2016-01-07 10:20 - 000000717 _____ () C:\ProgramData\DVRServer.log
2014-01-13 09:08 - 2014-01-28 13:37 - 001049025 _____ () C:\ProgramData\DVRServerMediaDevices_.log
2013-03-13 10:09 - 2017-01-01 16:15 - 000001534 _____ () C:\ProgramData\ss.ini
Files to move or delete:
====================
C:\Users\andy\swoff.exe
C:\Users\andy\Uninstall.exe
Some files in TEMP:
====================
2017-10-17 15:27 - 2017-10-22 17:16 - 000212992 _____ (Sony DADC Austria AG) C:\Users\andy\AppData\Local\Temp\drm_dyndata_7330017.dll
2017-10-22 17:10 - 2017-10-22 17:10 - 001856576 _____ (Oracle Corporation) C:\Users\andy\AppData\Local\Temp\jre-8u151-windows-au.exe
2017-10-09 08:31 - 2017-10-09 08:31 - 071535032 _____ (Malwarebytes ) C:\Users\User1\AppData\Local\Temp\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-10-30 15:23
==================== End of FRST.txt ============================
Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2017
Ran by networkadmin (31-10-2017 07:00:23)
Running from C:\Users\networkadmin\Desktop
Windows 7 Professional Service Pack 1 (X64) (2012-06-29 15:41:45)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2200001339-424787301-343160645-500 - Administrator - Disabled)
Guest (S-1-5-21-2200001339-424787301-343160645-501 - Limited - Disabled)
User1 (S-1-5-21-2200001339-424787301-343160645-1001 - Administrator - Enabled) => C:\Users\User1
WOUTempAdmin (S-1-5-21-2200001339-424787301-343160645-1004 - Administrator - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET Endpoint Antivirus 5.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: ESET Endpoint Antivirus 5.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (HKLM\...\{FD868C71-6CCF-42E2-B90D-0504AB0036FE}) (Version: 13.2.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Airytec Switch Off (HKLM\...\Airytec Switch Off) (Version: 3.4.1 - Airytec)
AlphaSmart AlphaBeam 3.2 (HKLM-x32\...\AlphaSmart AlphaBeam 3.2) (Version: - )
ANT Drivers Installer x64 (HKLM\...\{B9218A36-7AD3-4046-8D77-31F51DC0D795}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Any Video Converter 5.0.9 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apowersoft Free Screen Recorder V1.1.5 (HKLM-x32\...\{4EFA42DB-E4EC-4537-9DF3-5158D08A9785}_is1) (Version: 1.1.5 - Apowersoft)
ArcSoft Perfect365 (HKLM-x32\...\{5B5E949E-3924-45E3-9229-84E8270BED68}) (Version: 1.8.0.3 - ArcSoft, Inc.)
Aslain's WoT Modpack version 9.20.0.03 (HKLM-x32\...\Aslains_WoT_Modpack_Installer_is1) (Version: 9.20.0.03 - Aslain)
Aslain's XVM WoT Modpack version 9.15.28 (HKLM-x32\...\ZRwTINhSZfduKONYrSCTiCiGPggQZdcLRvoAVxyCOXXpkHeC~1DC3968F_is1) (Version: 9.15.28 - Aslain)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.007 - Atheros Communications)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 2.9.1347 - DsNET Corp)
Baidu WiFi Hotspot (HKLM-x32\...\Baidu WiFi Hotspot) (Version: 5.1.4.124910 - Baidu, Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.32(T) - TOSHIBA CORPORATION)
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Command & Conquer 3 Tiberium Warsâ„¢ (HKLM-x32\...\{CAC9DCAF-0EA8-442C-97EA-CA6F5755390A}) (Version: 1.0.0.0 - Electronic Arts)
CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CrazyTalk v7.32 Standard (HKLM-x32\...\{27C4EA98-84A3-4CDF-A436-F984A0283357}) (Version: 7.32.3114.1 - Reallusion Inc.)
CyberLink PhotoDirector 2011 (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2430 - CyberLink Corp.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3618 - CyberLink Corp.)
CyberLink PowerDirector 14 (HKLM-x32\...\{6BADCD73-E925-46F7-A295-FF2448632728}) (Version: 14.0.2820.0 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DisplayLink Core Software (HKLM\...\{DF3F0788-16F0-4894-9748-677409D69100}) (Version: 7.9.630.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{9784DFBE-6A06-42B9-B973-87CF60174D76}) (Version: 7.6.55102.0 - DisplayLink Corp.)
Dragon NaturallySpeaking 11 (HKLM-x32\...\{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}) (Version: 11.50.100 - Nuance Communications Inc.)
DxO FilmPack 3 (HKLM\...\{6E98BFB0-55E3-4D3C-8C10-B44F6063535E}) (Version: 3.4.94.0 - DxO Labs)
DxO Optics Pro 8 (HKLM\...\{ECC28C7D-ABF5-4ED1-9B29-6D48BC218393}) (Version: 8.5.0 - DxO Labs)
Elevated Installer (HKLM-x32\...\{B85F70BE-A5A3-48A2-A790-AF6001F026E0}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries) Hidden
Eraser 6.2.0.2979 (HKLM\...\{C5900DE9-D199-4C27-B692-354C9A6A6C8B}) (Version: 6.2.2979 - The Eraser Project)
ESET Endpoint Antivirus (HKLM\...\{5ECEEEEF-B81B-4385-B056-A3B6914B2C70}) (Version: 5.0.2260.1 - ESET, spol. s r.o.)
ezcap Video Grabber (HKLM-x32\...\{B03B98E3-2795-48F6-BA33-793BBF5DF685}) (Version: 1.0.1.1 - Somagic)
FastStone Image Viewer 5.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.5 - FastStone Soft)
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Free CUDA Movie Converter 4.3.1 (HKLM-x32\...\Free CUDA Movie Converter_is1) (Version: - TopCUDA Soft, Inc.)
Freemake Video Converter version 3.0.2 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 3.0.2 - Ellora Assets Corporation)
FreeRIP 4.0 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 4.0 - GreenTree Applications SRL)
Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{5b328687-2baf-4fb6-b6c7-c49fb4840cba}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{5F4164CE-621E-4AFD-BBFE-1BBE2299710E}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (HKLM-x32\...\{4E9533AB-7743-4B73-A5D2-42207E159E11}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries) Hidden
Google Drive (HKLM-x32\...\{AC117AF9-316B-4E1D-959E-F0EB85B0DC5F}) (Version: 2.34.7100.0000 - Google, Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GX-2009 (HKLM-x32\...\{C92D9C5E-BDA7-4AE3-9EE4-8C1D4A7C3293}) (Version: 1.1.0.97 - )
HandBrake 0.9.6 (HKLM-x32\...\HandBrake) (Version: 0.9.6 - )
HitFilm 2 Express (HKLM\...\{A6E81EFB-2A19-4B5B-8C48-D4E5DB3AD547}) (Version: 2.0.2522.46168 - FXhome)
IDrive Version - 6.0 (HKLM-x32\...\IDrive_is1) (Version: 6.0 - Pro Softnet Corp)
iLinc 11 Client (HKLM-x32\...\iLincClient.11) (Version: - )
Image Composite Editor (HKLM\...\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}) (Version: 2.0.3 - Microsoft Corporation)
Inpaint 4.7 (HKLM-x32\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version: - Teorex)
Intel(R) Identity Protection Technology 1.2.28.0 (HKLM-x32\...\{A87263E8-26CB-1016-8F2F-C04708B17CE2}) (Version: 1.2.28.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2430 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.59.2 - JMicron Technology Corp.)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.0.2 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.0.2 - )
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Lagarith lossless video codec (Remove Only) (HKLM\...\LAGARITH) (Version: - )
ManyCam 3.1.59 (HKLM-x32\...\ManyCam) (Version: 3.1.59 - ManyCam LLC)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Hyperlapse Pro (HKLM\...\{33503317-BA83-44C8-873E-581B3D8EB837}) (Version: 1.3.5764 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Research Cliplets (HKLM\...\{A4DA1935-2F04-4AFF-BE48-085CCC7BD0CB}) (Version: 1.1.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.11.25325 (HKLM-x32\...\{404c9c27-8377-4fd1-b607-7ca635db4e49}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Morgan Multimedia Motion JPEG Codec 3.0.0.9 (HKLM-x32\...\Morgan Multimedia Motion JPEG Codec_is1) (Version: 3.0.0.9 - Morgan Multimedia)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
Nuance PDF Converter Professional 7 (HKLM\...\{FFAE98FC-4E1A-45BB-ADED-081160A2CBD7}) (Version: 7.20.6187 - Nuance Communications, Inc.)
Nuance PDF Converter Professional 7 (HKLM-x32\...\{FFAE98FC-4E1A-45BB-ADED-081160A2CBD7}) (Version: 7.20.6187 - Nuance Communications, Inc.)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OMC ModPack Client version 1.5.1.210 (HKLM-x32\...\{E2F3187C-2B94-486F-8914-E69211487FB6}_is1) (Version: 1.5.1.210 - Odem Mortis)
ON1 Effects Free 10 (HKLM\...\ON1 Effects Free 10) (Version: 10.1.0 - ON1)
Origin (HKLM-x32\...\Origin) (Version: 10.4.14.21968 - Electronic Arts, Inc.)
paint.net (HKLM\...\{F10AAD91-58DF-44EC-A647-810197141667}) (Version: 4.0.19 - dotPDN LLC)
PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version: - )
Photo Story 3 for Windows (HKLM-x32\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.11 - Microsoft Corporation)
PingPlotter Standard 3.42.3s (HKLM-x32\...\{1C1D0A2C-C8B4-4C2C-9877-884F8FC082B5}) (Version: 3.42.3.6 - Nessoft, LLC)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.00.000 - Prolific Technology INC)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
proDAD Adorage 3.0 (64bit) (HKLM\...\proDAD-Adorage-3.0) (Version: 3.0.114.1 - proDAD GmbH)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6360 - Realtek Semiconductor Corp.)
Remote Mouse version 3.002 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 3.002 - Remote Mouse)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
RoboForm 7-9-28-8 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-28-8 - Siber Systems)
Samsung i-Launcher 1.0.1.57 (HKLM-x32\...\Samsung i-Launcher) (Version: 1.0.1.57 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15022.8 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15022.8 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (HKLM-x32\...\{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Scansoft PDF Professional (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version: - ) Hidden
Securence Outlook 2010 Add-In (HKLM-x32\...\{8A258FA6-B80F-4AD3-A3E1-BD91F88F891D}) (Version: 2.13.0201 - Securence)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 16.18.9 - NVIDIA Corporation) Hidden
Should I Remove It (HKLM-x32\...\{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}) (Version: 1.0.4 - Reason Software Company Inc.) Hidden
SiFEU 0.9 (HKLM-x32\...\SiFEU 0.9) (Version: - )
SketchUp 8 (HKLM-x32\...\{779D8CA1-03DD-4AD4-B21F-3E20BFE7BEDE}) (Version: 3.0.15158 - Trimble Navigation Limited)
SPCA1628 PC Driver (HKLM-x32\...\{5F1C7F21-AB33-4362-BCEE-6E0FD1EDC6D8}) (Version: 1.2.0.0 - Icatch)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.1.1 - Krzysztof Kowalczyk)
SUPER © v2012.build.52 (July 7, 2012) version v2012.build.52 (HKLM-x32\...\{8F311E2E-C275-4CF0-8154-B63991832668}_is1) (Version: v2012.build.52 - eRightSoft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
Tiberium Wars 9 In 1 Map Pack (HKLM-x32\...\{5324CA8A-2EA3-4491-ACA3-982AD231B8C8}) (Version: 2.0.0.9 - Tim)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.12C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.1.37C - TOSHIBA CORPORATION)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.2.15 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.15.0 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.2C - TOSHIBA CORPORATION)
TOSHIBA USB Display Drivers (HKLM\...\{BC0EEA2E-6557-4CBD-ACD9-4F59952761F9}) (Version: 6.1.35912.0 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.30 - TOSHIBA Corporation)
TRENDnetCloud Plugin (HKLM-x32\...\{63FE1F13-E737-467C-ADF3-CCBFE5EED10F}) (Version: 1.1.4212 - TRENDnet)
TRENDnetVIEW Pro 2.3.4 (HKLM-x32\...\DVRServer.Application_is1) (Version: 2.3.4 - TRENDnet)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Utility Common Driver (HKLM-x32\...\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.52.3C - TOSHIBA) Hidden
Utility Common Driver (HKLM-x32\...\InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.52.3C - TOSHIBA) Hidden
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}) (Version: 11.0.0 - Nuance Communications Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VS 2008 CRT Package (HKLM-x32\...\{ED79C920-2FF2-4742-AF32-B58BE68B0FA6}) (Version: 1.1.0 - Microsoft)
WatchGuard Mobile VPN with SSL client 11.10.4 (HKLM-x32\...\Mobile VPN with SSL client_is1) (Version: - WatchGuard)
WebCam (HKLM-x32\...\{FC9B811E-39BC-4813-9E29-B83CCF700010}) (Version: 2.22.23.106 - Alcor)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Essentials Media Codec Pack 4.0 [64-Bit] (HKLM-x32\...\Windows Essentials Media Codec Pack) (Version: 4.0 - Media Codec)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
Windows Small Business Server 2008 ClientAgent (HKLM\...\{E4FF4DF1-F99C-49AC-B398-BE0887432846}) (Version: 6.0.5601.0 - Microsoft Corporation)
Windows Small Business Server 2008 Desktop Links Gadget (HKLM\...\{F5E5D7CA-0F94-41A3-8106-66473C2F3728}) (Version: 6.0.5601.0 - Microsoft Corporation)
WinUtilities Free Edition 11.33 (HKLM-x32\...\{FC274982-5AAD-4C20-848D-4424A5043010}_is1) (Version: 11.33 - YL Computing, Inc)
WinX DVD Ripper Platinum 7.5.11 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
WinX HD Video Converter Deluxe 4.0.0 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version: - Digiarty Software, Inc.)
Wisdom-soft Set up ASR 3.1 Free (HKLM-x32\...\Wisdom-soft Set up ASR 3.1 Free) (Version: - Wisdom Software Inc.)
Wondershare Video Editor(Build 3.5.0) (HKLM-x32\...\Wondershare Video Editor_is1) (Version: - Wondershare Software)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-462157724-132793273-1689201830-1142_Classes\CLSID\{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}\InprocServer32 -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtExt.dll (TOSHIBA)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-10-09] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-10-09] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-10-09] (Google)
ShellIconOverlayIdentifiers: [ SncrOverlays (Blocked)] -> {C418E880-6280-4010-A888-FD76028E5511} => -> No File
ContextMenuHandlers1: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2016-03-04] (ESET)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-10-09] (Google)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
ContextMenuHandlers1: [IBContextMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\idcontext64.dll [2013-01-24] ()
ContextMenuHandlers1: [PDFC7.ShellExtension] -> {877327F4-8A93-4320-932C-338069C27BEA} => C:\Program Files (x86)\Nuance\PDF Professional 7\ShellExt70.dll [2011-09-09] (Nuance Communications, Inc.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [tosBtShllExt] -> {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} => C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtShell.dll [2014-01-20] (TOSHIBA)
ContextMenuHandlers1: [Zeon.MFCDirectShellExt] -> {353C642C-F13D-4699-9FF2-EFAF490B6C69} => C:\Program Files (x86)\Nuance\PDF Professional 7\bin\DirectShellExt.dll [2010-07-16] (Zeon International Investment Corp. )
ContextMenuHandlers2: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2016-03-04] (ESET)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
ContextMenuHandlers2: [IBContextMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\idcontext64.dll [2013-01-24] ()
ContextMenuHandlers4: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-10-09] (Google)
ContextMenuHandlers4: [IBContextMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\idcontext64.dll [2013-01-24] ()
ContextMenuHandlers4: [tosBtShllExt] -> {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} => C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtShell.dll [2014-01-20] (TOSHIBA)
ContextMenuHandlers5: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2011-06-27] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\windows\system32\nvshext.dll [2015-02-05] (NVIDIA Corporation)
ContextMenuHandlers6: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2016-03-04] (ESET)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0B5FF150-F1E4-47A5-A7E7-A5C867A64AD5} - System32\Tasks\GoogleUpdateTaskMachineUA1d04143633d1df8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {1164EAEC-5E97-4E08-A038-9A77A8B02F1E} - System32\Tasks\GoogleUpdateTaskMachineUA1d1ab9674fc3837 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {12D997B6-9530-4F34-B77C-8891267DDF85} - System32\Tasks\{30CC794C-7865-4D23-B1CE-87B60AB9D8A5} => C:\windows\system32\pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {14353E53-1AE5-46A0-9B28-38707175C2F2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178UA1d0e4caa1bed86a => C:\Users\andy\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {16188D9D-67DB-4B72-A1D2-8A528CC36824} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178UA1d0407b301f1e75 => C:\Users\andy\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {195E26F2-2DF8-4E14-ADF2-A4E393085DAD} - System32\Tasks\GoogleUpdateTaskMachineUA1d130efbb87d9f5 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {1B35F0DC-7034-4E94-BB98-F27B2A5373C0} - System32\Tasks\GoogleUpdateTaskMachineCore1d04143631e2c14 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {1C79E337-7B14-4BA0-83D9-6C8D0A666B5D} - System32\Tasks\{6673B227-EF04-4CFD-9526-CD9F7782B6DA} => C:\windows\system32\pcalua.exe -a D:\1520驱动\SPCA1520_V1200_WHQL.exe -d D:\1520驱动
Task: {2351C306-697E-4E99-9BFB-45EE1319D71B} - System32\Tasks\GoogleUpdateTaskMachineCore1d1ab9674cefe12 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {24CCF0DB-E842-4ECB-A5EC-134EB24C1F49} - System32\Tasks\GoogleUpdateTaskMachineCore1d130efbb5d0130 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {2ACE64DC-AC17-4EFF-B95E-115669833D9B} - System32\Tasks\G2MUploadTask-S-1-5-21-462157724-132793273-1689201830-1178 => C:\Program Files (x86)\GoToMeeting\7759\g2mupload.exe [2017-10-13] (LogMeIn, Inc.)
Task: {34F5EEE3-2C5B-40F6-BA1B-0049FECA6D74} - System32\Tasks\GoogleUpdateTaskMachineCore1d0f16aee43fded => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {35BCC796-A87C-4AA0-9507-D82D36991E47} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2017-03-17] (Siber Systems)
Task: {35D80110-2208-42BA-A103-B3B1ABC58555} - System32\Tasks\GoogleUpdateTaskMachineUA1d15dec898864da => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {3851BBC7-7BD7-4D93-9C7F-569BBEDB0FD2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178Core1d0f22666731de9 => C:\Users\andy\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {3ADCE40C-6681-49E3-A869-E85B308DF851} - System32\Tasks\G2MUpdateTask-S-1-5-21-462157724-132793273-1689201830-1178 => C:\Program Files (x86)\GoToMeeting\7759\g2mupdate.exe [2017-10-13] (LogMeIn, Inc.)
Task: {3C9A7A7D-E39D-4AC6-BEBF-C925D8277717} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {3D8D8CFE-8D61-4A53-8075-708AD95673AC} - System32\Tasks\GoogleUpdateTaskMachineUA1d0e4cfc89d8ad0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {42B0F76E-2FE9-43A4-BD52-A9C75922A70C} - System32\Tasks\GoogleUpdateTaskMachineCore1d0bfd0381d0a6f => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {4910CB23-59B2-46FA-BB05-D3671F5D730E} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-10-09] ()
Task: {4A0C3168-2E3E-46A6-9350-C8E649991041} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178UA1d15de7ff93b9ff => C:\Users\andy\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {4E9E9DB7-0405-4574-A4F8-71D4393BCED0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178Core1d0bfd142b62f03 => C:\Users\andy\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {6230CFB5-F534-432F-A0A9-0D1122E4B4E6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178UA1d12eb089666e33 => C:\Users\andy\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {6558FA0A-69EC-449C-8388-726ABC5F96E3} - System32\Tasks\Windows Codec Update Service => C:\Program Files (x86)\Essentials Codec Pack\WECPUpdate.exe [2012-02-03] (MediaCodec.Org)
Task: {65F981A9-CC84-4BD8-95A4-3CE69B1BC41D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178UA => C:\Users\andy\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {67DA7E47-60F2-465C-8B04-FD1C8D1F51FF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178UA1d0bfd143053a8b => C:\Users\andy\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {6B4E189C-C4AD-4B2E-84D4-8F934EAB0839} - System32\Tasks\ShouldIRemoveIt => C:\Program Files (x86)\Reason\Should I Remove It\ShouldIRemoveIt.exe [2013-02-13] (Reason Software Company Inc.)
Task: {76C70952-3BEB-4894-8B73-5EAE92C70136} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178UA1d0f2266a6deade => C:\Users\andy\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {8DA65BBC-BEE2-41D8-BD87-B3430A58AF8E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178Core1d08f108f35fdd5 => C:\Users\andy\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {9881C415-DF44-43AF-83ED-B322778CE99C} - System32\Tasks\GoogleUpdateTaskMachineUA1d0923caaabd3f9 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {9AD5A5C9-AE02-486D-B3D9-F00BA944D799} - \Test TimeTrigger -> No File <==== ATTENTION
Task: {A32D2B88-B2C3-44DA-851E-67F5BAEAF139} - System32\Tasks\Run RoboForm Process => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2017-03-17] (Siber Systems)
Task: {A62870A5-B32E-4382-86D7-BF29A0120FA0} - System32\Tasks\GoogleUpdateTaskMachineCore1d0e4cfc87774cc => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {A7EF1DB2-E264-44E4-A0DB-72C3453A6B99} - System32\Tasks\Open URL by RoboForm => C:\windows\system32\rundll32.exe url.dll,FileProtocolHandler "hxxps://www.roboform.com/test-pass.html?aaa=KICMPMMJNJKJJJNJIMJJCNOJJMIMNMCNLMLMPMOMCNNJNJMMOMCNGMOMLMJMJJOMIMOJJMMMPMMJJNJICMIMCNGMCNNMHMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMNMOMJMJMJNHICMEKMICNJJCKJNBJCMOJBJLJGIJNKJCMJNNICMJNDJCMKJBJJNMJCMOMJ (the data entry has 50 more characters).
Task: {ABF1E247-D419-4703-BF95-773FA7372806} - System32\Tasks\Baidu LiveUpdate => C:\Program [Argument = Files (x86)\Baidu WiFiHotspot\liveupdate.exe]
Task: {AD43B04B-473D-4E24-8F73-74D18D07D7DC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178Core1d12eb0893b956e => C:\Users\andy\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {B32F4898-CADA-4F3F-8427-FE075828A2A0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178UA1d1ab973c818917 => C:\Users\andy\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {B5E3B227-6F3C-4B40-9893-6D3578746D1F} - System32\Tasks\GoogleUpdateTaskMachineCore1d0923caa881f55 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {B910956A-48FC-4F48-A53D-1964A4432891} - System32\Tasks\{176C4663-B32D-45BC-B745-3D98B8A39FCD} => C:\windows\system32\pcalua.exe -a C:\Users\andy\AppData\Local\Temp\jre-8u111-windows-au.exe -d C:\windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {BF3B48BD-3183-4D34-BEAA-EB49FF9B1912} - System32\Tasks\GoogleUpdateTaskMachineCore1d15dec894f43d3 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {BFADC804-2DBB-47BD-9B2B-AE81299ADD9A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178Core1d15de7ff667fda => C:\Users\andy\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {C57B52FA-0110-4631-AA7D-9AAD5A4BE7A8} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_170_pepper.exe [2017-10-16] (Adobe Systems Incorporated)
Task: {CBEE004E-0A2F-428B-B5ED-4675430E9CAB} - System32\Tasks\GoogleUpdateTaskMachineUA1d0f16aee6a13f2 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {CDD78BA7-83A6-49AF-B5BC-2E95057EAED6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {D132AE19-5027-49D7-9EB5-8F49CCE36C1D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {D2BEBC8E-F634-4D1F-B97C-48F4E9EDD101} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178UA1d08f108f575119 => C:\Users\andy\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {DF1541BE-C478-42D9-BD0A-1F916F79E594} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178Core1d0407b30052dd2 => C:\Users\andy\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {E2E8660C-505D-4B5D-8244-F49F8CCE61E2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178Core1d1ab973c5d109e => C:\Users\andy\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {E4D37C12-68EB-4412-B747-D079C282ACC1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178UA1cffeb62299cabb => C:\Users\andy\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {E5F8733F-7B4F-4DAD-B888-19FFAAABC26F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178Core => C:\Users\andy\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {F220A7DE-5A2F-4349-9B20-296059EA8DA1} - System32\Tasks\CCleanerSkipUAC => F:\PortableApps\CCleanerPortable\CCleaner.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-462157724-132793273-1689201830-1178.job => C:\Program Files (x86)\GoToMeeting\7759\g2mupdate.exe
Task: C:\windows\Tasks\G2MUploadTask-S-1-5-21-462157724-132793273-1689201830-1178.job => C:\Program Files (x86)\GoToMeeting\7759\g2mupload.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1d04143631e2c14.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0923caa881f55.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0bfd0381d0a6f.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0e4cfc87774cc.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0f16aee43fded.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1d130efbb5d0130.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1d15dec894f43d3.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1d04143633d1df8.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1d0923caaabd3f9.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1d0e4cfc89d8ad0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1d0f16aee6a13f2.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1d130efbb87d9f5.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1d15dec898864da.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178Core.job => C:\Users\andy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178Core1d0407b30052dd2.job => C:\Users\andy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178Core1d08f108f35fdd5.job => C:\Users\andy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178Core1d0bfd142b62f03.job => C:\Users\andy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178Core1d0f22666731de9.job => C:\Users\andy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178Core1d12eb0893b956e.job => C:\Users\andy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178Core1d15de7ff667fda.job => C:\Users\andy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178UA.job => C:\Users\andy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178UA1cffeb62299cabb.job => C:\Users\andy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178UA1d0407b301f1e75.job => C:\Users\andy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178UA1d08f108f575119.job => C:\Users\andy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178UA1d0bfd143053a8b.job => C:\Users\andy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178UA1d0e4caa1bed86a.job => C:\Users\andy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178UA1d0f2266a6deade.job => C:\Users\andy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178UA1d12eb089666e33.job => C:\Users\andy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-462157724-132793273-1689201830-1178UA1d15de7ff93b9ff.job => C:\Users\andy\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2014-04-10 10:02 - 2013-01-24 21:43 - 000560640 ____H () C:\Program Files (x86)\IDriveWindows\idcontext64.dll
2012-06-09 19:12 - 2015-02-05 14:01 - 000012104 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2012-06-09 19:12 - 2015-02-05 14:01 - 000011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns1 [5]
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns2 [5]
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns3 [5]
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns4 [5]
AlternateDataStreams: C:\ProgramData\TEMP:0574215C [239]
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 [242]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com ->
www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com ->
www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com ->
www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com ->
www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com ->
www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com ->
www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com ->
www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com ->
www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com ->
www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info ->
www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com ->
www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com ->
www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com ->
www.123simsen.com
There are 7866 more sites.
IE restricted site: HKU\S-1-5-21-462157724-132793273-1689201830-1142\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-462157724-132793273-1689201830-1142\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-462157724-132793273-1689201830-1142\...\008k.com ->
www.008k.com
IE restricted site: HKU\S-1-5-21-462157724-132793273-1689201830-1142\...\00hq.com ->
www.00hq.com
IE restricted site: HKU\S-1-5-21-462157724-132793273-1689201830-1142\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-462157724-132793273-1689201830-1142\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-462157724-132793273-1689201830-1142\...\0scan.com ->
www.0scan.com
IE restricted site: HKU\S-1-5-21-462157724-132793273-1689201830-1142\...\1-2005-search.com ->
www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-462157724-132793273-1689201830-1142\...\1-domains-registrations.com ->
www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-462157724-132793273-1689201830-1142\...\1000gratisproben.com ->
www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-462157724-132793273-1689201830-1142\...\1001namen.com ->
www.1001namen.com
IE restricted site: HKU\S-1-5-21-462157724-132793273-1689201830-1142\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-462157724-132793273-1689201830-1142\...\100sexlinks.com ->
www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-462157724-132793273-1689201830-1142\...\10sek.com ->
www.10sek.com
IE restricted site: HKU\S-1-5-21-462157724-132793273-1689201830-1142\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-462157724-132793273-1689201830-1142\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-462157724-132793273-1689201830-1142\...\123fporn.info ->
www.123fporn.info
IE restricted site: HKU\S-1-5-21-462157724-132793273-1689201830-1142\...\123haustiereundmehr.com ->
www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-462157724-132793273-1689201830-1142\...\123moviedownload.com ->
www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-462157724-132793273-1689201830-1142\...\123simsen.com ->
www.123simsen.com
There are 7866 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 19:34 - 2015-05-21 07:31 - 000450771 ____R C:\windows\system32\Drivers\etc\hosts
127.0.0.1
www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1
www.008k.com
127.0.0.1 008k.com
127.0.0.1
www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1
www.032439.com
127.0.0.1 032439.com
127.0.0.1
www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1
www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1
www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1
www.100888290cs.com
127.0.0.1
www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1
www.10sek.com
127.0.0.1
www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1
www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1
www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1
www.123moviedownload.com
There are 15465 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-462157724-132793273-1689201830-1142\Control Panel\Desktop\\Wallpaper -> C:\Users\networkadmin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: ADExchange => 2
MSCONFIG\Services: DisplayLinkService => 2
MSCONFIG\Services: DragonSvc => 2
MSCONFIG\Services: EhttpSrv => 3
MSCONFIG\Services: ESHASRV => 3
MSCONFIG\Services: Freemake Improver => 2
MSCONFIG\Services: Garmin Device Interaction Service => 3
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IDriveService => 2
MSCONFIG\Services: IDWAdmin => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: Leawo_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: nlsX86cc => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: NVSvc => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 2
MSCONFIG\Services: PDFProFiltSrv => 2
MSCONFIG\Services: RemoteMouseService => 2
MSCONFIG\Services: RichVideo64 => 2
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: SwOffScheduler => 2
MSCONFIG\Services: SwOffWeb => 2
MSCONFIG\Services: Thpsrv => 2
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TOSHIBA Bluetooth Service => 3
MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3
MSCONFIG\Services: TPCHSrv => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: wgsslvpnsrc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk => C:\windows\pss\Bluetooth Manager.lnk.CommonStartup
MSCONFIG\startupreg: Eraser => "C:\Program Files\Eraser\Eraser.exe" -atRestart
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: ITSecMng => %ProgramFiles(x86)%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
MSCONFIG\startupreg: Malwarebytes Anti-Malware => "F:\PortableApps\Malwarebytes Anti-Malware\BusinessMessaging.exe"
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 /MAXX3
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: S6000Mnt => \C:\windows\SysWOW64\Rundll32.exe S6000Rmv.dll
MSCONFIG\startupreg: ShadowPlay => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TSleepSrv => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{65A2E6AC-D18B-4114-87AF-6C31FB2C5BCF}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B3C1348D-1FCF-4A2D-8FC4-054DE17C3013}] => (Allow) LPort=2869
FirewallRules: [{502874DE-29C0-4D15-904D-40E1C85A4D93}] => (Allow) LPort=1900
FirewallRules: [{73071957-29E6-4D31-9818-2FABF7ED31D8}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{DC60DC09-9AE0-445B-87BA-C3452DD3D368}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{BAB90C1F-1C3F-46E0-A16D-35290D89A681}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{5E8AA309-D8E1-4BD3-9AF1-7104453D5748}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [TCP Query User{E10155D2-EAE8-4C97-98D2-511B282A7BA8}C:\program files (x86)\trendnet\trendnetview pro\dvrserver.exe] => (Allow) C:\program files (x86)\trendnet\trendnetview pro\dvrserver.exe
FirewallRules: [UDP Query User{B22F5612-DA99-42DB-A79F-74109E192C9C}C:\program files (x86)\trendnet\trendnetview pro\dvrserver.exe] => (Allow) C:\program files (x86)\trendnet\trendnetview pro\dvrserver.exe
FirewallRules: [TCP Query User{01AA458E-7768-40E4-A201-9CE6E5A5EB9D}F:\portableapps\firefoxportable\app\firefox\plugin-container.exe] => (Allow) F:\portableapps\firefoxportable\app\firefox\plugin-container.exe
FirewallRules: [UDP Query User{F4852A8C-BA5E-47E1-A5D7-7F3DBE70F098}F:\portableapps\firefoxportable\app\firefox\plugin-container.exe] => (Allow) F:\portableapps\firefoxportable\app\firefox\plugin-container.exe
FirewallRules: [TCP Query User{F1D308FC-98BD-4FB0-8FE4-BD9E8909875F}E:\portableapps\paxgalaxia\paxgal.exe] => (Allow) E:\portableapps\paxgalaxia\paxgal.exe
FirewallRules: [UDP Query User{BDA157A3-DE4A-4316-A82B-BA8D6ABF4CDB}E:\portableapps\paxgalaxia\paxgal.exe] => (Allow) E:\portableapps\paxgalaxia\paxgal.exe
FirewallRules: [TCP Query User{6C5B82CA-275B-4071-B10E-7EA99C2C99A4}C:\program files\onone software\perfect effects 8\perfect effects 8.exe] => (Allow) C:\program files\onone software\perfect effects 8\perfect effects 8.exe
FirewallRules: [UDP Query User{72343B96-1FFD-46A4-8918-368BA63428F1}C:\program files\onone software\perfect effects 8\perfect effects 8.exe] => (Allow) C:\program files\onone software\perfect effects 8\perfect effects 8.exe
FirewallRules: [TCP Query User{A8564B8A-707A-4C2B-9D29-6093625C45D5}C:\program files\onone software\perfect effects 8\perfect effects 8.exe] => (Allow) C:\program files\onone software\perfect effects 8\perfect effects 8.exe
FirewallRules: [UDP Query User{F24C18C0-EDD2-4B6D-8604-D6F3CFE11909}C:\program files\onone software\perfect effects 8\perfect effects 8.exe] => (Allow) C:\program files\onone software\perfect effects 8\perfect effects 8.exe
FirewallRules: [{DC65E122-A6B3-4026-AF4B-95E2B8499839}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{858C5A5E-1B4E-457F-AB1E-FD4992933D3B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{F997751E-DCA6-42B1-B762-76FCCE7456AB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{94FA4A58-7440-4DA2-A186-00DBAA8138AB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{604BB9B1-BC0F-494F-B1E8-CCFD9F383794}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{592C2546-CB9F-4844-A994-10CFCF89D77A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{5123E674-A4BB-45EC-9BE0-ACF9A7243439}C:\program files\onone software\perfect effects 8\perfect effects 8.exe] => (Allow) C:\program files\onone software\perfect effects 8\perfect effects 8.exe
FirewallRules: [UDP Query User{C165F9C6-F43A-454E-9FB9-8B07255A9130}C:\program files\onone software\perfect effects 8\perfect effects 8.exe] => (Allow) C:\program files\onone software\perfect effects 8\perfect effects 8.exe
FirewallRules: [{FB5A57FD-A016-44D9-AFF9-2CE6D19CC9F8}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{B395A048-E6C7-4DD9-9B3A-CCDFFC7E1276}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [TCP Query User{9B4EDBDD-1AB2-42C9-8FCD-7232515B9FEE}C:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe] => (Allow) C:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe
FirewallRules: [UDP Query User{D4BD701F-9CC6-42B5-9134-C39FBE40F953}C:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe] => (Allow) C:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe
FirewallRules: [{295F9834-E096-4443-9FDA-860EE5E7D9E7}] => (Block) C:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe
FirewallRules: [{6875B5A7-1F15-45A6-BB89-8339CD934CAA}] => (Block) C:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe
FirewallRules: [TCP Query User{7495C93A-2096-4715-9D23-57C0DB7FEA65}C:\users\andy\appdata\local\apps\2.0\w6nv51xz.re0\qyk05hp4.m3a\mobi..tion_980a95f0dc23f55a_0001.0002_73246d135863784d\mobile buddy.exe] => (Allow) C:\users\andy\appdata\local\apps\2.0\w6nv51xz.re0\qyk05hp4.m3a\mobi..tion_980a95f0dc23f55a_0001.0002_73246d135863784d\mobile buddy.exe
FirewallRules: [UDP Query User{8988CD7F-B597-41AC-9737-0C66EF5F42F9}C:\users\andy\appdata\local\apps\2.0\w6nv51xz.re0\qyk05hp4.m3a\mobi..tion_980a95f0dc23f55a_0001.0002_73246d135863784d\mobile buddy.exe] => (Allow) C:\users\andy\appdata\local\apps\2.0\w6nv51xz.re0\qyk05hp4.m3a\mobi..tion_980a95f0dc23f55a_0001.0002_73246d135863784d\mobile buddy.exe
FirewallRules: [TCP Query User{99650AE8-1DE9-4F9A-BDEC-C65A8BC0D2F3}F:\portableapps\firefoxportable\app\firefox\firefox.exe] => (Allow) F:\portableapps\firefoxportable\app\firefox\firefox.exe
FirewallRules: [UDP Query User{5598881D-2835-49DE-8975-B5216C26BAC3}F:\portableapps\firefoxportable\app\firefox\firefox.exe] => (Allow) F:\portableapps\firefoxportable\app\firefox\firefox.exe
FirewallRules: [{981D8239-2495-4ACF-9E7C-751F16C31E5A}] => (Block) F:\portableapps\firefoxportable\app\firefox\firefox.exe
FirewallRules: [{7D403D48-7929-4763-80AB-A08100AB58D6}] => (Block) F:\portableapps\firefoxportable\app\firefox\firefox.exe
FirewallRules: [TCP Query User{80B50BAA-5FC4-45BE-A13B-B469B3228B8A}C:\program files\onone software\perfect effects 9\perfect effects 9.exe] => (Allow) C:\program files\onone software\perfect effects 9\perfect effects 9.exe
FirewallRules: [UDP Query User{80CF532B-2BB8-45D7-9912-CBA38CEF94ED}C:\program files\onone software\perfect effects 9\perfect effects 9.exe] => (Allow) C:\program files\onone software\perfect effects 9\perfect effects 9.exe
FirewallRules: [TCP Query User{528AF29A-BC45-434F-9E22-8B03B3C3DEF3}C:\users\andy\appdata\local\apps\2.0\w6nv51xz.re0\qyk05hp4.m3a\mobi..tion_980a95f0dc23f55a_0001.0002_73246d135863784d\mobile buddy.exe] => (Block) C:\users\andy\appdata\local\apps\2.0\w6nv51xz.re0\qyk05hp4.m3a\mobi..tion_980a95f0dc23f55a_0001.0002_73246d135863784d\mobile buddy.exe
FirewallRules: [UDP Query User{2886DB97-DBC8-4A31-8710-8125BA509B91}C:\users\andy\appdata\local\apps\2.0\w6nv51xz.re0\qyk05hp4.m3a\mobi..tion_980a95f0dc23f55a_0001.0002_73246d135863784d\mobile buddy.exe] => (Block) C:\users\andy\appdata\local\apps\2.0\w6nv51xz.re0\qyk05hp4.m3a\mobi..tion_980a95f0dc23f55a_0001.0002_73246d135863784d\mobile buddy.exe
FirewallRules: [TCP Query User{A0A1C570-5A7F-4441-9F1B-01EB8C50AF96}C:\program files (x86)\remote mouse\remotemouse.exe] => (Allow) C:\program files (x86)\remote mouse\remotemouse.exe
FirewallRules: [UDP Query User{ADF47EE6-B28A-4696-8226-6B7B712A4E0A}C:\program files (x86)\remote mouse\remotemouse.exe] => (Allow) C:\program files (x86)\remote mouse\remotemouse.exe
FirewallRules: [TCP Query User{23612BF6-9FDF-4AF0-8A8B-0CA1B6B11992}C:\program files\on1\on1 effects free 10\on1 effects free 10.exe] => (Allow) C:\program files\on1\on1 effects free 10\on1 effects free 10.exe
FirewallRules: [UDP Query User{27E34EBF-D6F3-49A7-9A80-82EBC64A2CBE}C:\program files\on1\on1 effects free 10\on1 effects free 10.exe] => (Allow) C:\program files\on1\on1 effects free 10\on1 effects free 10.exe
FirewallRules: [{62610D3C-09C4-4D9E-BBED-CE43ECCDCB4F}] => (Block) C:\program files\on1\on1 effects free 10\on1 effects free 10.exe
FirewallRules: [{69232E69-8727-4B49-9A87-5A126B8841EB}] => (Block) C:\program files\on1\on1 effects free 10\on1 effects free 10.exe
FirewallRules: [{98A63191-04AD-463B-A0BB-077A5DCA152C}] => (Allow) C:\Program Files (x86)\Baidu WiFiHotspot\WifiHotspot.exe
FirewallRules: [{CCDE7EFF-3BED-43AC-9B2E-C611AAD58F2D}] => (Allow) C:\Program Files (x86)\Baidu WiFiHotspot\WifiHotspot.exe
FirewallRules: [TCP Query User{9F9A7810-E16E-4A00-B5B9-8413A044F543}C:\program files\onone software\perfect effects 9\perfect effects 9.exe] => (Allow) C:\program files\onone software\perfect effects 9\perfect effects 9.exe
FirewallRules: [UDP Query User{C07F8DD3-A7E0-4838-A087-A9D4D2D64ED3}C:\program files\onone software\perfect effects 9\perfect effects 9.exe] => (Allow) C:\program files\onone software\perfect effects 9\perfect effects 9.exe
FirewallRules: [{2DCC74C7-69BE-48A0-81DD-FE0B72B4EC3B}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{164E3F7C-F572-441C-B2A2-A7B2B598187F}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{F08C93CE-F5E9-4A2A-82A7-2DA1D7168415}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{CF8AE202-9F87-407F-8403-A02B50E5476B}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [TCP Query User{BA61870A-9784-415D-8B17-7C9B747B50C4}C:\program files\onone software\perfect effects 9\perfect effects 9.exe] => (Allow) C:\program files\onone software\perfect effects 9\perfect effects 9.exe
FirewallRules: [UDP Query User{0AE848DB-9FCB-4F02-B496-982BC6BD096C}C:\program files\onone software\perfect effects 9\perfect effects 9.exe] => (Allow) C:\program files\onone software\perfect effects 9\perfect effects 9.exe
FirewallRules: [{A72FDD7B-1CE8-4FA5-A356-B3DE9BE76D4B}] => (Allow) C:\Program Files (x86)\OMC ModPack Client\OMC ModPack Client.exe
FirewallRules: [{37A386F2-D493-4A2B-8D22-EE63B774D257}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{24F74FA3-63B0-4FAB-836A-62043632D525}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{AC1CFDFF-3857-4EEE-B81E-E2AFE7E207D5}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{8044FEEA-83D0-4F44-BEDB-347DC9077E33}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{B5CC5AC4-BC31-412A-8035-E7920B9E1E42}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe
FirewallRules: [{7FD42D43-B329-44E9-A03D-438CC6428434}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe
FirewallRules: [{E51EBD29-8095-4D99-A022-02DD49632C53}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe
FirewallRules: [{31CC8E96-8035-4C33-AAB7-675F93A99442}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe
FirewallRules: [{3AB969D0-9C66-4783-891A-0A90C44B3BDD}] => (Allow) C:\Users\andy\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{E77DA4D1-884E-46ED-9D2C-ED733685540B}] => (Allow) C:\Program Files (x86)\Internet Explorer\iexplore.exe
FirewallRules: [{4FF524E1-248E-4C21-910F-31A49A7BF485}] => (Allow) C:\Games\World_of_Tanks_SB\WoTLauncher.exe
FirewallRules: [{F91AC017-006B-45BD-8E29-A68AEA76E55C}] => (Allow) C:\Games\World_of_Tanks_SB\WoTLauncher.exe
FirewallRules: [{69A724CD-40B0-4BD1-8D58-30E055236167}] => (Allow) C:\Games\World_of_Tanks_SB\worldoftanks.exe
FirewallRules: [{44284FE3-9DB1-4AD7-BACC-2C2AF92FBBBB}] => (Allow) C:\Games\World_of_Tanks_SB\worldoftanks.exe
FirewallRules: [TCP Query User{CFED644D-4DDF-4CE7-9F6A-724602730246}F:\portableapps\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) F:\portableapps\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{7E984B79-9BA1-4F34-BA69-9D00FEC95516}F:\portableapps\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) F:\portableapps\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [TCP Query User{8AD1A8B1-2001-4A50-AE5E-62A4C1031662}F:\portableapps\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) F:\portableapps\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{AC33E547-D9AC-4528-8B37-1A78148941B6}F:\portableapps\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) F:\portableapps\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [TCP Query User{547E1D93-2264-4AA7-A54A-22F5F805BF05}F:\portableapps\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) F:\portableapps\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{0DAAD679-6AA8-42CE-93BD-AA2C1A04D043}F:\portableapps\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) F:\portableapps\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [{17ADA1A6-2CBB-44FF-8BBB-40564991B53B}] => (Allow) C:\Users\andy\AppData\Local\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
30-10-2017 14:34:04 Windows Update
31-10-2017 06:35:23 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/31/2017 06:55:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (10/31/2017 06:52:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (10/30/2017 02:45:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (10/30/2017 02:42:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (10/30/2017 02:31:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (10/30/2017 02:26:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (10/30/2017 11:44:12 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: )
Description: Installing the performance counter strings for service Outlook (Outlook) failed. The first DWORD in the Data section contains the error code.
Error: (10/30/2017 11:44:12 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3013) (User: )
Description: Unable to update the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the error code.
Error: (10/30/2017 11:23:31 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: )
Description: Installing the performance counter strings for service Outlook (Outlook) failed. The first DWORD in the Data section contains the error code.
Error: (10/30/2017 11:23:31 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3013) (User: )
Description: Unable to update the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the error code.
System errors:
=============
Error: (10/31/2017 06:57:04 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (10/31/2017 06:56:57 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1110) (User: HACI)
Description: The processing of Group Policy failed. Windows could not determine if the user and computer accounts are in the same forest. Ensure the user domain name matches the name of a trusted domain that resides in the same forest as the computer account.
Error: (10/31/2017 06:56:07 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Time service terminated with the following error:
An attempt was made to logon, but the network logon service was not started.
Error: (10/31/2017 06:56:04 AM) (Source: Microsoft-Windows-Time-Service) (EventID: 46) (User: NT AUTHORITY)
Description: The time service encountered an error and was forced to shut down. The error was: 0x80070700: An attempt was made to logon, but the network logon service was not started.
Error: (10/31/2017 06:53:01 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Time service terminated with the following error:
An attempt was made to logon, but the network logon service was not started.
Error: (10/31/2017 06:52:58 AM) (Source: Microsoft-Windows-Time-Service) (EventID: 46) (User: NT AUTHORITY)
Description: The time service encountered an error and was forced to shut down. The error was: 0x80070700: An attempt was made to logon, but the network logon service was not started.
Error: (10/31/2017 06:34:34 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1110) (User: HACI)
Description: The processing of Group Policy failed. Windows could not determine if the user and computer accounts are in the same forest. Ensure the user domain name matches the name of a trusted domain that resides in the same forest as the computer account.
Error: (10/30/2017 02:48:56 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070005: 2017-09 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4038777).
Error: (10/30/2017 02:48:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Time service terminated with the following error:
An attempt was made to logon, but the network logon service was not started.
Error: (10/30/2017 02:48:10 PM) (Source: Microsoft-Windows-Time-Service) (EventID: 46) (User: NT AUTHORITY)
Description: The time service encountered an error and was forced to shut down. The error was: 0x80070700: An attempt was made to logon, but the network logon service was not started.
CodeIntegrity:
===================================
Date: 2016-05-24 17:55:11.100
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2012-10-31 12:32:56.550
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dlumd9.dll because the set of per-page image hashes could not be found on the system.
Date: 2012-10-31 12:32:56.534
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dlumd9.dll because the set of per-page image hashes could not be found on the system.
Date: 2012-10-31 12:32:56.496
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dlumd9.dll because the set of per-page image hashes could not be found on the system.
Date: 2012-10-31 12:32:41.592
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dlumd9.dll because the set of per-page image hashes could not be found on the system.
Date: 2012-10-31 12:32:41.575
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dlumd9.dll because the set of per-page image hashes could not be found on the system.
Date: 2012-10-31 12:32:41.539
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dlumd9.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 26%
Total physical RAM: 8099.76 MB
Available physical RAM: 5934.36 MB
Total Virtual: 16197.71 MB
Available Virtual: 13880.64 MB
==================== Drives ================================
Drive c: (TI106348W0B) (Fixed) (Total:594.7 GB) (Free:313.79 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (Data) (Network) (Total:840 GB) (Free:82.35 GB) NTFS
Drive j: () (Network) (Total:299.9 GB) (Free:194.71 GB) NTFS
Drive m: () (Network) (Total:199.9 GB) (Free:55.96 GB) NTFS
Drive n: () (Network) (Total:299.9 GB) (Free:194.71 GB) NTFS
Drive p: (Data) (Network) (Total:840 GB) (Free:82.35 GB) NTFS
Drive r: () (Network) (Total:199.9 GB) (Free:55.96 GB) NTFS
Drive x: () (Network) (Total:199.9 GB) (Free:55.96 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 854931EA)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=594.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================