Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows 7 hasnt updated since 2015. I found Malware using Total AV, b


  • Please log in to reply

#1
akeener11

akeener11

    New Member

  • Member
  • Pip
  • 4 posts

Hi everyone, new guy here.  I decided to run a third party scan on my PC after I began to see a lot of ads pop up on my peronal PC.  My kids use it more so than I these days.  I used a program called Total AV.  It found these items;   Ibryte.bxop,  um.exe, lwks.download.32, Zip Opener Setup.exe, and Internet Explorer Cookie Tracker.

 

I was curious as to why Microsoft Security Essentials didnt find this stuff so I went to microsoft for answers.  While perusing there, I decided to make sure things were up to date.  It told me to go to my control panel and update windows.  I was pretty sure that was up to date because MSE showed me my virus definitions are up to date.  When I get to updating Windows, It tells me that I have 87 updates pending!   I check the history of the updates and every single one has failed since 2015.  So I try to start the update, and it will not update.   it says 0% of 0kb and it has for the last 20 minutes.

 

I am guessing this Malware is keeping it from downloading and keeping me thinking that my MSE is up to date when its not.

 

Any help you guys could give me would be greatly appreciated and thank you to the staff and members in advance

 

Kindly,

Adam Keener


  • 0

Advertisements


#2
akeener11

akeener11

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

i just now have seen the tutorial.  I will try this first and report back.  thank you.  my apologies


  • 0

#3
akeener11

akeener11

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-10-2017
Ran by Keener (administrator) on KEENER-PC (15-10-2017 10:39:34)
Running from C:\Users\Keener\Desktop
Loaded Profiles: Keener & Ethan and (Available Profiles: Keener & Ethan and)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Roblox Corporation) C:\Users\Ethan and\AppData\Local\Roblox\Versions\version-50e234c37b004e7b\RobloxPlayerBeta.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\TotalAV\TotalAV.exe
() C:\Program Files (x86)\TotalAV\SecurityService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Users\Keener\AppData\Roaming\Update Manager\UM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Amazon Services LLC) C:\Users\Keener\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicatorCom.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-14] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [fssui] => C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [892608 2014-03-31] (Microsoft Corporation)
HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [124544 2016-02-11] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [Necutray] => C:\Windows\NECUTRAY.EXE [40960 2002-08-01] (NEC Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-4262196293-2968505908-2180120118-1000\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)
HKU\S-1-5-21-4262196293-2968505908-2180120118-1000\...\Run: [HP Photosmart 6520 series (NET)] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-4262196293-2968505908-2180120118-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-4262196293-2968505908-2180120118-1000\...\Run: [UM] => C:\Users\Keener\AppData\Roaming\Update Manager\UM.EXE [1620224 2017-04-30] ()
HKU\S-1-5-21-4262196293-2968505908-2180120118-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-11-17] (Apple Inc.)
HKU\S-1-5-21-4262196293-2968505908-2180120118-1000\...\Run: [Amazon Music] => C:\Users\Keener\AppData\Local\Amazon Music\Amazon Music Helper.exe [3694056 2017-04-04] (Amazon Services LLC)
HKU\S-1-5-21-4262196293-2968505908-2180120118-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4262196293-2968505908-2180120118-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-4262196293-2968505908-2180120118-1000\...\MountPoints2: {5a0cbe5b-a586-11e3-80ab-50465d0aa28b} - "D:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-4262196293-2968505908-2180120118-1000\...\MountPoints2: {8e281f34-4195-11e4-a829-50465d0aa28b} - E:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B03 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-4262196293-2968505908-2180120118-1000\...\MountPoints2: {ac2900c1-317d-11e3-9e09-50465d0aa28b} - E:\Autorun.exe /s
HKU\S-1-5-21-4262196293-2968505908-2180120118-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\WLXPGSS.SCR [322248 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-4262196293-2968505908-2180120118-1003\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4262196293-2968505908-2180120118-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-4262196293-2968505908-2180120118-1003\...\MountPoints2: {5a0cbe5b-a586-11e3-80ab-50465d0aa28b} - "D:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-4262196293-2968505908-2180120118-1003\...\MountPoints2: {ac2900c1-317d-11e3-9e09-50465d0aa28b} - E:\Autorun.exe /s
AppInit_DLLs: C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL => C:\ProgramData\Fast And Safe\FastAndSafe_x64.dll [4302848 2014-07-07] ()
AppInit_DLLs-x32: c:\progra~3\fastan~1\fastan~1.dll => No File
Startup: C:\Users\Keener\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk [2017-10-15]
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-4262196293-2968505908-2180120118-1003\User: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 207.255.0.43 207.255.0.45
Tcpip\..\Interfaces\{1E766FDB-2605-445F-B461-DC0E5F85B3D5}: [DhcpNameServer] 207.255.0.43 207.255.0.45

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-4262196293-2968505908-2180120118-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-4262196293-2968505908-2180120118-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-4262196293-2968505908-2180120118-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL =
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-4262196293-2968505908-2180120118-1000 -> DefaultScope {F0C40480-E303-40E3-AD89-9229164CA40D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-4262196293-2968505908-2180120118-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_dsites05_14_25_ch&cd=2XzuyEtN2Y1L1QzuyDtDyEyCyD0DtD0A0AtBzz0BtCzyyDtDtN0D0Tzu0SzzzyzztN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtDtBtA0DyC0E0CtG0ByD0D0AtG0EtCtAtAtGyBtC0EyBtGyDtD0F0ByByE0E0AyBzytCyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtAzz0EyCyE0FyDtGtD0BtD0DtGtAtAzztDtGtDyEzz0EtGtC0BzytDzzzz0EtA0E0FtD0F2Q&cr=501040579&ir=
SearchScopes: HKU\S-1-5-21-4262196293-2968505908-2180120118-1000 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M5334DA8E-2452-4DEB-B436-03337E8B5AF5&SearchSource=58&CUI=&UM=5&UP=SP58AD2E74-0814-49F7-9B17-948D019AD45B&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-4262196293-2968505908-2180120118-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-4262196293-2968505908-2180120118-1000 -> {F0C40480-E303-40E3-AD89-9229164CA40D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-4262196293-2968505908-2180120118-1003 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-4262196293-2968505908-2180120118-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-11-09] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-11-09] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-4262196293-2968505908-2180120118-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: deij28ba.default-1480018657186
FF ProfilePath: C:\Users\Keener\AppData\Roaming\Mozilla\Firefox\Profiles\deij28ba.default-1480018657186 [2017-10-15]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\deij28ba.default-1480018657186 -> Yahoo!
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\deij28ba.default-1480018657186 -> Yahoo!
FF Keyword.URL: Mozilla\Firefox\Profiles\deij28ba.default-1480018657186 -> hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=440674&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_159.dll [2017-10-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_159.dll [2017-10-15] ()
FF Plugin-x32: @ei.RecipeHub_2j.com/Plugin -> C:\Program Files (x86)\RecipeHub_2jEI\Installr\1.bin\NP2jEISB.dll [2013-11-24] (Recipe Hub)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-11-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-11-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2014-02-18] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-08-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4262196293-2968505908-2180120118-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Keener\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-04] (RocketLife, LLP)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-02-26] (Coupons, Inc.)

Chrome:
=======
CHR Profile: C:\Users\Keener\AppData\Local\Google\Chrome\User Data\Default [2017-10-06]
CHR Extension: (Google Slides) - C:\Users\Keener\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-23]
CHR Extension: (Google Docs) - C:\Users\Keener\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-23]
CHR Extension: (Google Drive) - C:\Users\Keener\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-23]
CHR Extension: (YouTube) - C:\Users\Keener\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-23]
CHR Extension: (Google Sheets) - C:\Users\Keener\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-23]
CHR Extension: (Google Docs Offline) - C:\Users\Keener\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Keener\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\Keener\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-23]
CHR Extension: (Chrome Media Router) - C:\Users\Keener\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-23]
CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4262196293-2968505908-2180120118-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1413104 2015-03-04] (Coupons.com Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 SecurityService; C:\Program Files (x86)\TotalAV\SecurityService.exe [441704 2017-09-25] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2013-10-31] (LeapFrog)
S3 ghsandroid; C:\Windows\System32\Drivers\ghsandroid.sys [38424 2011-03-30] (Google Inc)
S3 ghsdiagMDM; C:\Windows\System32\DRIVERS\ghsdiagMDM.sys [122496 2011-11-28] (HS Incorporated)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R1 MpKsl70a4534d; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7E08C7C4-2887-41C9-8ADD-D929F102D49D}\MpKsl70a4534d.sys [58120 2017-10-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-15 10:39 - 2017-10-15 10:40 - 000022287 _____ C:\Users\Keener\Desktop\FRST.txt
2017-10-15 10:37 - 2017-10-15 10:37 - 002401792 _____ (Farbar) C:\Users\Keener\Desktop\FRST64.exe
2017-10-15 10:34 - 2017-10-15 10:39 - 000000000 ____D C:\FRST
2017-10-15 10:34 - 2017-10-15 10:34 - 002401792 _____ (Farbar) C:\Users\Keener\Downloads\FRST64.exe
2017-10-15 09:18 - 2017-10-15 09:18 - 000000000 ____D C:\Users\Keener\Documents\TotalAV
2017-10-15 09:18 - 2017-10-15 09:18 - 000000000 ____D C:\ProgramData\SecuritySuite
2017-10-15 09:16 - 2017-10-15 09:16 - 000001883 _____ C:\Users\Keener\Desktop\TotalAV.lnk
2017-10-15 09:16 - 2017-10-15 09:16 - 000001020 _____ C:\Users\Keener\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TotalAV.lnk
2017-10-15 09:16 - 2017-10-15 09:16 - 000000000 ____D C:\Users\Keener\AppData\Roaming\TotalAV
2017-10-15 09:15 - 2017-10-15 09:31 - 000000000 ____D C:\Program Files (x86)\TotalAV
2017-10-15 09:15 - 2017-10-15 09:15 - 008412864 _____ C:\Users\Ethan and\Downloads\TotalAV.exe
2017-09-21 16:35 - 2017-09-21 16:35 - 000014194 _____ C:\Users\Keener\Desktop\EthanStudentCouncil2017.odt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-15 10:40 - 2015-07-12 17:14 - 000000408 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2017-10-15 10:38 - 2009-07-14 00:45 - 000021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-10-15 10:38 - 2009-07-14 00:45 - 000021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-10-15 09:54 - 2016-11-20 17:28 - 000000000 ____D C:\Users\Keener\AppData\LocalLow\Mozilla
2017-10-15 09:54 - 2014-06-07 12:25 - 000000000 ____D C:\Users\Keener\Tracing
2017-10-15 09:54 - 2013-10-27 12:23 - 000000632 __RSH C:\Users\Keener\ntuser.pol
2017-10-15 09:54 - 2013-09-08 14:51 - 000000000 ____D C:\Users\Keener
2017-10-15 09:14 - 2016-11-20 10:31 - 000000000 ____D C:\Users\Ethan and\AppData\LocalLow\Mozilla
2017-10-15 08:59 - 2017-03-05 10:39 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-10-15 08:59 - 2017-01-01 23:05 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-10-15 08:59 - 2017-01-01 23:05 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-15 08:59 - 2013-09-08 22:31 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-10-15 08:59 - 2013-09-08 22:31 - 000000000 ____D C:\Windows\system32\Macromed
2017-10-15 07:47 - 2016-11-20 10:44 - 000000000 ____D C:\Users\Ethan and\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-10-08 18:12 - 2013-10-27 16:03 - 000001042 _____ C:\Users\Ethan and\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-10-08 18:12 - 2013-09-08 14:52 - 000001042 _____ C:\Users\Keener\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-10-07 09:03 - 2009-07-14 01:13 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-07 09:03 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2017-10-07 08:57 - 2013-10-27 16:03 - 000001240 __RSH C:\Users\Ethan and\ntuser.pol
2017-10-07 08:57 - 2013-10-27 16:02 - 000000000 ____D C:\Users\Ethan and
2017-10-07 08:56 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-06 11:50 - 2016-11-19 15:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-10-06 09:11 - 2013-09-08 13:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-06 09:00 - 2017-01-10 22:55 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2017-09-27 15:31 - 2016-11-23 17:38 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-27 15:31 - 2016-11-23 17:38 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-21 16:35 - 2015-01-25 17:40 - 000996352 ___SH C:\Users\Keener\Desktop\Thumbs.db

==================== Files in the root of some directories =======

2016-02-21 10:34 - 2016-02-21 10:34 - 000001481 _____ () C:\Users\Keener\AppData\Local\recently-used.xbel
2016-01-28 23:49 - 2016-01-28 23:49 - 000000000 _____ () C:\Users\Keener\AppData\Local\{239323B7-99F4-405D-B124-0B7DB9F615A7}
2013-12-26 18:14 - 2013-12-26 18:14 - 000000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
2013-11-14 17:49 - 2013-11-14 17:50 - 010355400 _____ () C:\Users\Keener\AppData\Local\Temp\BackupSetup.exe
2013-10-08 14:27 - 2013-10-08 14:27 - 000915368 _____ (Oracle Corporation) C:\Users\Keener\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
2013-12-19 13:06 - 2013-12-19 13:06 - 000921512 _____ (Oracle Corporation) C:\Users\Keener\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
2014-07-28 01:15 - 2014-07-28 01:15 - 000918440 _____ (Oracle Corporation) C:\Users\Keener\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
2014-09-29 13:06 - 2014-09-29 13:06 - 000937896 _____ (Oracle Corporation) C:\Users\Keener\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
2017-07-28 07:40 - 2017-07-28 07:41 - 000740416 _____ (Oracle Corporation) C:\Users\Keener\AppData\Local\Temp\jre-8u144-windows-au.exe
2014-05-29 06:58 - 2014-05-29 06:58 - 000156061 _____ (Client Connect LTD) C:\Users\Keener\AppData\Local\Temp\nsf1DAD.exe
2014-05-29 06:58 - 2014-05-29 06:58 - 000156061 _____ (Client Connect LTD) C:\Users\Keener\AppData\Local\Temp\nsi3C63.exe
2014-05-29 06:58 - 2014-05-29 06:58 - 000156061 _____ (Client Connect LTD) C:\Users\Keener\AppData\Local\Temp\nsj77D3.exe
2014-05-29 06:58 - 2014-05-29 06:58 - 000156061 _____ (Client Connect LTD) C:\Users\Keener\AppData\Local\Temp\nst3773.exe
2014-05-29 06:58 - 2014-05-29 06:58 - 000156061 _____ (Client Connect LTD) C:\Users\Keener\AppData\Local\Temp\nst7BBA.exe
2014-05-29 06:58 - 2014-05-29 06:58 - 000156061 _____ (Client Connect LTD) C:\Users\Keener\AppData\Local\Temp\nsy401C.exe
2014-05-29 06:58 - 2014-05-29 06:58 - 000156061 _____ (Client Connect LTD) C:\Users\Keener\AppData\Local\Temp\nsy80BA.exe
2014-06-16 16:41 - 2014-06-16 16:41 - 006691384 _____ (                                                            ) C:\Users\Keener\AppData\Local\Temp\optprosetup.exe
2017-01-07 12:05 - 2017-01-07 12:10 - 090840784 _____ () C:\Users\Keener\AppData\Local\Temp\playstv_patch.exe
2017-01-07 12:01 - 2017-01-07 12:04 - 059396240 _____ () C:\Users\Keener\AppData\Local\Temp\raptrpatch.exe
2017-01-07 12:01 - 2017-01-07 12:01 - 000221632 _____ () C:\Users\Keener\AppData\Local\Temp\raptr_stub.exe
2015-01-09 23:58 - 2015-05-07 16:58 - 001034352 _____ () C:\Users\Keener\AppData\Local\Temp\SearchProtectionSetup.exe
2014-05-12 18:04 - 2014-05-12 18:04 - 000231768 _____ (Adobe Systems Inc.) C:\Users\Keener\AppData\Local\Temp\Shockwave_Installer_FF.exe
2016-12-02 13:11 - 2015-12-29 17:34 - 008387696 _____ (Spotify Ltd) C:\Users\Keener\AppData\Local\Temp\SpotifyUninstall.exe
2013-11-14 17:50 - 2013-11-14 17:51 - 004961800 _____ (Microsoft Corporation) C:\Users\Keener\AppData\Local\Temp\vcredist_x64.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-07-17 12:47

==================== End of FRST.txt ============================


  • 0

#4
akeener11

akeener11

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

==================== Accounts: =============================

Administrator (S-1-5-21-4262196293-2968505908-2180120118-500 - Administrator - Disabled)
Ethan and (S-1-5-21-4262196293-2968505908-2180120118-1003 - Limited - Enabled) => C:\Users\Ethan and
Guest (S-1-5-21-4262196293-2968505908-2180120118-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4262196293-2968505908-2180120118-1005 - Limited - Enabled)
Keener (S-1-5-21-4262196293-2968505908-2180120118-1000 - Administrator - Enabled) => C:\Users\Keener

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Total AV (Disabled - Up to date) {AB73D7DB-EEDE-3CBB-CC36-E31145532EB0}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Total AV (Disabled - Up to date) {1012363F-C8E4-3335-F686-D8633ED4640D}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.159 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.22) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.22 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-4262196293-2968505908-2180120118-1000\...\Amazon Kindle) (Version: 1.20.1.47037 - Amazon)
Amazon Music (HKU\S-1-5-21-4262196293-2968505908-2180120118-1000\...\Amazon Amazon Music) (Version: 5.4.1.1786 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
ASUS Product Register Program (HKLM-x32\...\{49BE9B8A-E858-4533-A74A-64306C13DB59}) (Version: 1.0.014 - ASUS)
Avery Design & Print (HKLM-x32\...\Avery Design & Print 3.0.2) (Version: 3.0.2 - Avery Products Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.5) (Version: 5.0.1.5 - Coupons.com Incorporated)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Fast And Safe (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{64af91bf}) (Version:  - GTgroup) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GoZone iSync (HKLM-x32\...\GoZone iSync) (Version: 2.0.1 - Virgin HealthMiles)
HP Photo Creations (HKU\S-1-5-21-4262196293-2968505908-2180120118-1000\...\HP Photo Creations) (Version: 1.0.0.18702 - HP)
HP Photosmart 6520 series Basic Device Software (HKLM\...\{1151BCF8-3246-4E34-9C17-22E66318C41C}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 6520 series Help (HKLM-x32\...\{D3293275-1002-41F5-BC37-099B4251FF5B}) (Version: 28.0.0 - Hewlett Packard)
HP Photosmart 6520 series Product Improvement Study (HKLM\...\{F144E07C-4019-4092-BE25-B57819C97D2F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
iCloud (HKLM\...\{4BB313CE-D3D1-424C-8823-15CF85B00B05}) (Version: 6.1.0.30 - Apple Inc.)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LeapFrog Connect (HKLM-x32\...\{97CD1D2B-20BD-40E8-825E-B4BDA5071B73}) (Version: 7.0.7.20035 - LeapFrog) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 7.0.7.20035 - LeapFrog)
LeapFrog MyOwnLeaptop Plugin (HKLM-x32\...\{76AE89CC-3E78-4927-A781-63C398329F9B}) (Version: 7.0.6.19846 - LeapFrog) Hidden
LeapFrog Tag Plugin (HKLM-x32\...\{6A04826B-5056-4B0F-BD5B-1F88DCFFD9B5}) (Version: 7.0.6.19846 - LeapFrog) Hidden
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 12.0.2.0 - Lightworks)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4262196293-2968505908-2180120118-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 56.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.0.6478 - Mozilla)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.2.0.38 - Symantec Corporation)
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.17.6-r119262-release - Plays.tv, LLC)
Pokémon Trading Card Game Online (HKLM-x32\...\{E46A5439-C642-43B5-A639-107662FF9A49}) (Version: 2.25.0 - The Pokémon Company International)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.7-r116720-release - Raptr, Inc)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Retouch Pilot Trial 3.9.3 (HKLM\...\Retouch Pilot Trial_is1) (Version: 3.9.3 - Two Pilots)
Roblox Player for Ethan and (HKU\S-1-5-21-4262196293-2968505908-2180120118-1003\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
Roblox Studio for Ethan and (HKU\S-1-5-21-4262196293-2968505908-2180120118-1003\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - Roblox Corporation)
Serif PagePlus Starter Edition (HKLM-x32\...\{C675C60B-0CB7-4108-B8CA-C3EC0706DEF0}) (Version: 2.0.2.009 - Serif (Europe) Ltd)
Shutterfly Express Uploader (HKLM-x32\...\{7CD0118B-FE1C-6513-7FCC-2D4BC220DD1F}) (Version: 1.2.0 - Shutterfly, Inc.) Hidden
Shutterfly Express Uploader (HKLM-x32\...\com.Shutterfly.ExpressUploader) (Version: 1.2.0.0 - Shutterfly, Inc.)
Stellar Phoenix Photo Recovery (HKLM-x32\...\Stellar Phoenix Photo Recovery_is1) (Version: 7.0.0.0 - Stellar Information Technology Pvt Ltd.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TotalAV (HKLM-x32\...\TotalAV) (Version: 1.35.18 - TotalAV)
Use the entry named LeapFrog Connect to uninstall (LeapFrog MyOwnLeaptop Plugin) (HKLM-x32\...\LeaptopPlugin) (Version:  - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (HKLM-x32\...\TagPlugin) (Version: 7.0.6.19846 - LeapFrog)
Video Download Capture V4.6.8 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.6.8 - Apowersoft)
Western Digital USB 2.0 Series II, Combo Drive Win98 SE Driver (HKLM-x32\...\{FBF79AB0-3A91-4D44-9772-A8FC8A3FFD70}) (Version: 1.0.03 - Western Digital Corp)
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4262196293-2968505908-2180120118-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Keener\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4262196293-2968505908-2180120118-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Keener\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4262196293-2968505908-2180120118-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Keener\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4262196293-2968505908-2180120118-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Keener\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4262196293-2968505908-2180120118-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Keener\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2015-04-30] (Microsoft Corporation)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2016-11-17] (Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2015-04-30] (Microsoft Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2015-04-30] (Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AFFC353-7726-4011-9F34-AE58B5F1583A} - System32\Tasks\HP AR Program Upload - 13098a22eb3943f5bf102d1f4473040f56e348d8c46246088f24ac8d18f37043 => C:\Program Files\HP\HP Photosmart 6520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {3945E711-13C4-44BA-A8E2-60E79F4F033B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-23] (Google Inc.)
Task: {406B4A87-AD67-410C-B2DC-FFBF4AF4CCEB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-15] (Adobe Systems Incorporated)
Task: {49C17870-A2ED-442F-8980-616EBDAFCFBA} - System32\Tasks\HPCustParticipation HP Photosmart 6520 series => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {49D31D2A-F48E-44CB-9BF0-FA8DE575CF21} - C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate
Task: {49D31D2A-F48E-44CB-9BF0-FA8DE575CF21} - C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(2): %windir%\system32\rundll32.exe -> invagent.dll,RunUpdate -noappraiser
Task: {611813FA-1B14-443B-8257-75D3FC417383} - System32\Tasks\HP Photo Creations Communicator => C:\Users\Keener\AppData\Roaming\HP Photo Creations\Communicator.exe [2011-06-16] ()
Task: {6A1DF18D-DCA0-456C-9B9A-D6962922132A} - System32\Tasks\HP AR Program Upload - 1a1df6df4eab485f8cbbee1f93911adbc1df6f3a31c74a00b6215493f6c41bff => C:\Program Files\HP\HP Photosmart 6520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {6D415CFF-8EA8-4203-BEA5-66230CC66435} - System32\Tasks\HP AR Program Upload - 54fc58f522c244f3853ba9007f9c8cdcc249154a83f7442592cb4f1f449efa8e => C:\Program Files\HP\HP Photosmart 6520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {775E23C6-7672-4C5F-9E48-E5CFF0E911B9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-23] (Google Inc.)
Task: {865E233C-BFC7-48C9-A5FC-62C1565909AA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {86A41EBB-848C-4BBC-8BBC-ABFDF3D6D56A} - System32\Tasks\HP AR Program Upload - 37a5d04b28aa493ba8c432028d91a85f7971f204efb34c3699d8642ea18a17cc => C:\Program Files\HP\HP Photosmart 6520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {8803505E-13C2-4575-88A2-FFAB485F4B00} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {A2839780-192B-431D-A7E8-3018ED216899} - System32\Tasks\{67FC98C4-4063-400F-B204-9B05145F9806} => C:\Windows\system32\pcalua.exe -a C:\Users\Keener\AppData\Local\Temp\{BEF1C82D-0A79-4570-B7B8-062FE4B58B4D}\setup.exe -d "C:\Program Files (x86)\Mozilla Firefox" <==== ATTENTION
Task: {A75E1F03-C58A-4352-B086-8B9965647178} - C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(2): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate -nolegacy
Task: {A75E1F03-C58A-4352-B086-8B9965647178} - C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(3): %windir%\system32\rundll32.exe -> appraiser.dll,DoScheduledTelemetryRun
Task: {BC090B46-7677-4EF5-82DA-1DFC6EBDF4D9} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks [Argument = /run /TN "\Microsoft\Windows\Setup\gwx\refreshgwxconfig"]
Task: {F71D3153-3C9E-4682-95E2-101E3E51AD82} - System32\Tasks\Digital Sites => C:\Users\Keener\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Keener\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\Users\Keener\AppData\Roaming\HP Photo Creations\Communicator.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-10-05 19:17 - 2016-10-05 19:17 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 14:56 - 2017-01-13 14:56 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-10-15 09:16 - 2017-09-25 09:28 - 002690064 _____ () C:\Program Files (x86)\TotalAV\TotalAV.exe
2017-10-15 09:16 - 2017-09-25 09:28 - 000441704 _____ () C:\Program Files (x86)\TotalAV\SecurityService.exe
2015-05-05 11:40 - 2017-04-30 11:11 - 001620224 _____ () C:\Users\Keener\AppData\Roaming\Update Manager\UM.exe
2014-07-07 09:09 - 2014-07-07 09:09 - 004302848 _____ () C:\ProgramData\Fast And Safe\FastAndSafe_x64.dll
2014-11-24 10:46 - 2014-11-24 10:46 - 000879104 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\platforms\qwindows.dll
2017-10-15 09:16 - 2017-09-25 09:24 - 000075264 _____ () C:\Program Files (x86)\TotalAV\SCAPI.dll
2017-10-15 09:16 - 2017-09-25 09:24 - 000010240 _____ () C:\Program Files (x86)\TotalAV\lib_SCAPI.dll
2017-01-13 14:56 - 2017-01-13 14:56 - 001041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-05 19:18 - 2016-10-05 19:18 - 000080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 14:56 - 2017-01-13 14:56 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2011-06-16 05:11 - 2011-06-16 05:11 - 000186368 _____ () C:\Users\Keener\AppData\Roaming\HP Photo Creations\Communicator.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:972E3A44 [135]
AlternateDataStreams: C:\Users\Keener\Documents\fundaiser2.ppp:SummaryInformation [229]
AlternateDataStreams: C:\Users\Keener\Documents\fundaiser2.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Keener\Documents\fundraiser.pub:SummaryInformation [229]
AlternateDataStreams: C:\Users\Keener\Documents\fundraiser.pub:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Keener\Documents\FUNDRAISER1.ppp:SummaryInformation [229]
AlternateDataStreams: C:\Users\Keener\Documents\FUNDRAISER1.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Keener\Documents\fundraiser2.pub:SummaryInformation [229]
AlternateDataStreams: C:\Users\Keener\Documents\fundraiser2.pub:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4262196293-2968505908-2180120118-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Keener\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-4262196293-2968505908-2180120118-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Ethan and\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 207.255.0.43 - 207.255.0.45
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^Keener^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GoZone iSync.lnk => C:\Windows\pss\GoZone iSync.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4C943634-A45F-4A3B-BC50-46D876506C6C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{101DBADC-D7FA-4517-B883-B39BCC410E55}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5540D378-37AA-442D-BD9A-90A904E31F69}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4DA84DF9-92B6-4D8D-BFB7-E4D6D29A1A63}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CAC8E73D-BBBF-45F6-8DF5-2B84D0EF7499}] => (Allow) C:\Users\Keener\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{198937FB-BA8E-4524-A3D6-DFAF66C81D6D}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
FirewallRules: [{C34A6D97-1520-40B8-AC4A-E22F8449CD94}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
FirewallRules: [{DB38614F-BF34-4B55-A0B3-F6378AD8803A}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{8C2030C3-C904-469C-BEC6-45294C6EFE3A}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{9B164DD0-5089-4AA8-89C4-35150BA4A515}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{80BE36D6-5DD3-478C-9E56-94830CB66063}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{19D1096B-185D-4FCF-A95E-52F42655E5C0}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{670693C2-83CC-4D23-91E2-54AAC7CB19A3}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{390FFCE9-76D1-46BF-BFD1-B514CAD8B86A}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{5BF76DE4-42F6-42E8-9C73-38968A84B761}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{3F966926-54BB-43A2-82C4-FD489CB4B926}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{2AFB8F92-153D-4C80-A537-701E7719B7A8}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{865F072A-4A73-4E5A-B12B-EE03CB056923}] => (Allow) C:\Program Files\HP\HP Photosmart 6520 series\Bin\DeviceSetup.exe
FirewallRules: [{9127D4C6-861E-4015-A5E2-C93BE34F6717}] => (Allow) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{9DF9A8FF-5C9F-41B4-9046-25FED51B696F}] => (Allow) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{7F258372-8AAE-424E-8EB8-90CE4ABD9F63}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A9269AFB-ABA2-4C5A-A560-D08C0931832B}] => (Allow) LPort=2869
FirewallRules: [{73EE0AE6-021A-4C8C-A4AF-BF829BFC363E}] => (Allow) LPort=1900
FirewallRules: [{7337DC50-68CC-44E7-9B51-B5AEEC3EE08E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{3F05D83B-3ADD-495B-8191-499BCBAD6922}C:\users\keener\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\keener\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{6692E27E-EB65-44D7-8AF3-DD9247F7DF0D}C:\users\keener\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\keener\appdata\roaming\spotify\spotify.exe
FirewallRules: [{72EC0566-F45B-4D4A-9C97-E1F3AB75272C}] => (Allow) C:\Users\Keener\AppData\Local\Temp\nsoAA66.tmp\CnetInstaller-76091740.exe
FirewallRules: [{F2CB7168-3C17-444F-8A33-AE26E2772525}] => (Allow) C:\Users\Keener\AppData\Local\Temp\nsoAA66.tmp\CnetInstaller-76091740.exe
FirewallRules: [{1F8FFC87-1BBE-440C-A172-F4BFD8E982AA}] => (Allow) C:\Program Files (x86)\Lightworks\Lightworks.exe
FirewallRules: [{FE9E3666-4956-4326-8B24-7EDCC1D555DD}] => (Allow) C:\Program Files (x86)\Lightworks\Lightworks.exe
FirewallRules: [{CB920D35-386B-488F-A4BE-B6205C79C602}] => (Allow) C:\Program Files (x86)\Lightworks\ntcardvt.exe
FirewallRules: [{E563B6D9-4FCF-4A4A-BEE0-F1646A898081}] => (Allow) C:\Program Files (x86)\Lightworks\ntcardvt.exe
FirewallRules: [{38B14C10-529E-4EFA-9D2A-C01B70974F76}] => (Allow) C:\Program Files\Lightworks\Lightworks.exe
FirewallRules: [{45D7B84A-CFA2-4003-A02B-F1385BA5F10F}] => (Allow) C:\Program Files\Lightworks\Lightworks.exe
FirewallRules: [{54A4CC43-5CC9-4DAF-A523-C2625097F19A}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{BAA84B2F-8CE0-4C93-8149-EB98B88AA7FA}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [TCP Query User{2DF00ED6-3CCD-43F5-BA1B-E1AE5A07612D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{7DB7949E-AA4B-4EBE-B591-58ED59588ED6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{9159A8D4-0018-4145-8988-42E5D0603E37}C:\users\keener\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\keener\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{08182962-981C-4D44-88D4-CE4ECE78DA6C}C:\users\keener\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\keener\appdata\roaming\spotify\spotify.exe
FirewallRules: [{D542AA36-9AD1-4178-AC90-3F015E4276E4}] => (Allow) C:\Users\Keener\AppData\Local\Temp\7zS87D4.tmp\SymNRT.exe
FirewallRules: [{B68A8282-5ABC-4283-9433-D7180FE90C91}] => (Allow) C:\Users\Keener\AppData\Local\Temp\7zS87D4.tmp\SymNRT.exe
FirewallRules: [{B003EE33-C4E5-43C1-9583-30140761EA63}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FE902B21-BFC8-462E-B8B0-225429491B74}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2FF93E96-3784-4DDC-B000-5FFBD1317C69}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6DF7FEAF-3D33-4A6A-B13E-CB88A4860CFD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{906F2EDE-0755-433B-8FAC-5909E0BA0BB1}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe
FirewallRules: [{137E958A-F7B1-4D00-8EAA-D3B78B818914}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DE006388-01D8-4C20-96BC-A5817A06B5DF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{14552309-B62A-4467-9C99-6C99F0687A0D}C:\users\keener\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\keener\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{509DD632-2F31-46D8-926C-77276A2253F9}C:\users\keener\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\keener\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{09381B1B-3634-4236-9DE6-8AD49669F2B2}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{5E3F843B-36B5-4FC3-BA65-638CEBEBCF85}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{E40D13D2-9083-4ABD-AC7E-140874E17BA5}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{366F5593-2E31-4712-8354-23669A5BE348}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{8EC584FA-696B-4916-8CD0-7827FFEB3E62}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{C156D8A5-8B9D-410E-8F7A-9D9DC87B2CDE}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [TCP Query User{BAB7EB42-634C-47F2-BE8E-F07A27DF40FE}C:\users\keener\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\keener\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{B19EBF63-2031-4FCB-AC09-0C733F792B40}C:\users\keener\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\keener\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{97595839-1D96-49BB-85D5-81AFCB995535}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{7F95B984-BC64-4D9E-AB47-5D9E9D7A64B5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

26-02-2017 20:09:26 Windows Backup
17-03-2017 14:22:49 Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008
17-03-2017 14:31:33 Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008
17-03-2017 14:32:37 Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008
17-03-2017 14:33:33 Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008
29-08-2017 16:47:49 Installed Serif PagePlus Starter Edition

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/14/2017 10:58:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7067

Error: (10/14/2017 10:58:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7067

Error: (10/14/2017 10:58:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/14/2017 10:58:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6053

Error: (10/14/2017 10:58:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6053

Error: (10/14/2017 10:58:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/14/2017 10:58:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5055

Error: (10/14/2017 10:58:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5055

Error: (10/14/2017 10:58:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/14/2017 10:58:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4041


System errors:
=============
Error: (10/15/2017 09:57:02 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024894 = The system cannot find the file specified..

Error: (10/15/2017 09:57:02 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
Description: The BITS service failed to start.  Error 2147942402.

Error: (10/15/2017 09:56:22 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024894 = The system cannot find the file specified..

Error: (10/15/2017 09:56:22 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
Description: The BITS service failed to start.  Error 2147942402.

Error: (10/15/2017 09:55:42 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024894 = The system cannot find the file specified..

Error: (10/15/2017 09:55:42 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
Description: The BITS service failed to start.  Error 2147942402.

Error: (10/15/2017 09:55:31 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {659CDEA7-489E-11D9-A9CD-000D56965251} did not register with DCOM within the required timeout.

Error: (10/15/2017 09:55:01 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024894 = The system cannot find the file specified..

Error: (10/15/2017 09:55:01 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
Description: The BITS service failed to start.  Error 2147942402.

Error: (10/15/2017 09:55:01 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.


==================== Memory info ===========================

Processor: AMD A8-5600K APU with Radeon™ HD Graphics
Percentage of memory in use: 54%
Total physical RAM: 7624.94 MB
Available physical RAM: 3504.63 MB
Total Virtual: 15248.08 MB
Available Virtual: 8690.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.75 GB) (Free:87.93 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10.59 GB) (Free:3.95 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive h: (Second HD) (Fixed) (Total:455.13 GB) (Free:122.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6C086C08)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 86C69001)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=10.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=455.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP