Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2019 01 Ran by Merlin (14-06-2019 23:44:57) Running from C:\Users\Merlin\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2011-07-30 20:14:15) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2540028857-2120196535-4242731766-500 - Administrator - Enabled) => C:\Users\Administrator.HOME-FLGILMORE2 Guest (S-1-5-21-2540028857-2120196535-4242731766-501 - Limited - Enabled) Merlin (S-1-5-21-2540028857-2120196535-4242731766-1000 - Administrator - Enabled) => C:\Users\Merlin ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton Security Online (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Security Online (Enabled - Up to date) {19116A92-4E0F-6AEB-F126-5230691200C8} FW: Norton Security Online (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4K Video Downloader 4.7 (HKLM\...\{AC1A4B11-192E-45F2-A205-D3BF4CC8D938}) (Version: 4.7.2.2732 - Open Media LLC) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated) Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.207 - Adobe) AMD System Monitor (HKLM-x32\...\{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}) (Version: 1.0.9 - Advanced Micro Devices, Inc.) Any Audio Converter 3.2.7 (HKLM-x32\...\Any Audio Converter_is1) (Version: - Any-Audio-Converter.com) Any Video Converter 3.4.0 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com) AOMEI Backupper Standard (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536C09F}_is1) (Version: - AOMEI Technology Co., Ltd.) Apple Application Support (32-bit) (HKLM-x32\...\{C1BCFECF-6EC2-4750-9072-5E2489423F8F}) (Version: 7.5 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{B202C7F5-7DE3-4FBF-B259-E70E625F56FC}) (Version: 7.5 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{B5A46811-3612-4DA5-8A5A-E6DED5D7C523}) (Version: 12.2.1.12 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) Audacity 1.3.13 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM-x32\...\Software Guide) (Version: 1.1.0.2 - Canon Inc.) CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.2.11 - Canon Inc.) Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.) Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.5.0.7 - Canon Inc.) Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.3.0.3 - Canon Inc.) Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.4.0.8 - Canon Inc.) Canon Personal Printing Guide (HKLM-x32\...\Personal Printing Guide) (Version: 1.1.0.2 - Canon Inc.) Canon PowerShot SD1400 IS_IXUS 130 Camera User Guide (HKLM-x32\...\CameraUserGuide-PSSD1400IS_IXUS130) (Version: 1.0.0.2 - Canon Inc.) Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.4.0.7 - Canon Inc.) Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.1.0.11 - Canon Inc.) Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.0.0.11 - Canon Inc.) Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.) Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.) Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.5.0.14 - Canon Inc.) Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC) e-Sword (HKLM-x32\...\{1D3D8773-56B9-44F0-ACC6-3DEA462E665F}) (Version: 11.01.0000 - Rick Meyers) Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated) Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden iTunes (HKLM\...\{A8AF3EF8-5010-4A92-BCCA-90F62A7D62B8}) (Version: 12.9.5.7 - Apple Inc.) LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version: - ) Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes) Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation) Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation) Norton Security Online (HKLM-x32\...\NGC) (Version: 22.17.1.50 - Symantec Corporation) NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden NVIDIA GeForce Experience 3.19.0.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.19.0.94 - NVIDIA Corporation) NVIDIA Graphics Driver 430.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 430.86 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.38.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.16 - NVIDIA Corporation) NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) Pretty Good Solitaire version 19.1 (HKLM-x32\...\Pretty Good Solitaire_is1) (Version: 19.1.0 - Goodsol Development Inc.) Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform) Strongvault Online Backup (HKLM-x32\...\{5E33D30D-D896-4D92-B033-5F45819B2937}) (Version: 5.0.2.34 - Strongvault Online Backup) Hidden <==== ATTENTION TomTom HOME (HKLM-x32\...\{30E6FC43-C31F-4968-9A06-AA38E3C3CF73}) (Version: 2.10.1 - TomTom) TomTom HOME (HKLM-x32\...\{C51F55EC-477D-4385-B951-BDEFA5DFC90B}) (Version: 2.11.6 - TomTom) VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden Windows Essentials Codec Pack 5.0 (HKLM-x32\...\Windows Essentials Codec Pack) (Version: 5.0 - Windows Essentials Codec Pack) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation) ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation) ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation) ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation) ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation) ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.1.50\NavShExt.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation) ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.1.50\NavShExt.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.1.50\NavShExt.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Merlin\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co ==================== Loaded Modules (Whitelisted) ============== ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2540028857-2120196535-4242731766-1000\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-2540028857-2120196535-4242731766-1000\...\webcompanion.com -> hxxp://webcompanion.com IE restricted site: HKU\S-1-5-21-2540028857-2120196535-4242731766-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-2540028857-2120196535-4242731766-1000\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-2540028857-2120196535-4242731766-1000\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-2540028857-2120196535-4242731766-1000\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-2540028857-2120196535-4242731766-1000\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-2540028857-2120196535-4242731766-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-2540028857-2120196535-4242731766-1000\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-2540028857-2120196535-4242731766-1000\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-2540028857-2120196535-4242731766-1000\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-2540028857-2120196535-4242731766-1000\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-2540028857-2120196535-4242731766-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-2540028857-2120196535-4242731766-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-2540028857-2120196535-4242731766-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-2540028857-2120196535-4242731766-1000\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-2540028857-2120196535-4242731766-1000\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-2540028857-2120196535-4242731766-1000\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-2540028857-2120196535-4242731766-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-2540028857-2120196535-4242731766-1000\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-2540028857-2120196535-4242731766-1000\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-2540028857-2120196535-4242731766-1000\...\1001movie.com -> 1001movie.com There are 6091 more sites. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 19:34 - 2008-01-01 03:13 - 000000855 ____N C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR HKU\S-1-5-21-2540028857-2120196535-4242731766-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Merlin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: Apple Mobile Device => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: iPod Service => 3 MSCONFIG\startupreg: ABNotify => C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe -auto MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{13E3F5AD-BD81-4EE7-A77E-F9AD9B51BB3B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{04D29961-17D1-4854-AEA1-C1F96D67C369}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{90DE7E4E-6257-474D-9DC1-AD942ACC336C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{A754F708-05F6-45F1-8B37-CA877CF3CB37}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{6DE4BD18-90C6-489B-8D23-EDC2E11227C1}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{3B3E5A85-B4F0-47D9-88D9-4811AC2FEE3F}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{AEE38E3F-EAC3-4B78-9794-8DBFAAC4BF38}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{D4EC57D4-1853-42B2-9825-5A0DFC9BE001}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{1A80CE13-9633-42BB-A055-EB6E7F061328}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{F45878C0-46A5-4887-A1AD-430D1362E01C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{6AEF93D7-E1B6-4994-9AD5-610EE9305640}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{CEE54A90-C13E-4A0E-8D48-4FCEF2640376}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) ==================== Restore Points ========================= 09-06-2019 19:00:13 Windows Backup 12-06-2019 07:38:54 Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 12-06-2019 07:40:02 Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 12-06-2019 09:56:23 Windows Update 14-06-2019 23:08:14 Removed Java 8 Update 144 14-06-2019 23:10:44 Removed Java 8 Update 144 (64-bit) 14-06-2019 23:13:16 Removed Java 8 Update 211 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (06/14/2019 11:33:14 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. Error: (06/14/2019 11:32:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The AOMEI Backupper Scheduler Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (06/14/2019 11:32:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the AOMEI Backupper Scheduler Service service to connect. ==================== Memory info =========================== BIOS: Phoenix Technologies, LTD ASUS M2A-VM ACPI BIOS Revision 1705 03/28/2008 Motherboard: ASUSTeK Computer INC. M2A-VM Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5600+ Percentage of memory in use: 61% Total physical RAM: 6142.49 MB Available physical RAM: 2386.49 MB Total Virtual: 12283.13 MB Available Virtual: 7875.28 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:616.27 GB) (Free:491.46 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive e: (New Volume) (Fixed) (Total:315.24 GB) (Free:224.9 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 0F0919B2) Partition 1: (Active) - (Size=616.3 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=315.2 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================