Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Pop up message [Solved]

Started by Rickles , Feb 09 2019 03:09 AM

  • This topic is locked This topic is locked

#16
Rickles
Posted 15 February 2019 - 10:25 PM

Rickles

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 629 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.02.2019
Ran by Rick (administrator) on HALPC (16-02-2019 14:53:45)
Running from C:\Users\Rick\Desktop\Downloads\Geeks 11 01 19
Loaded Profiles: Rick (Available Profiles: Rick & Administrator)
Platform: Windows 10 Home Version 1803 17134.590 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Secure VPN\client\NSVService.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.3.21\NortonSecurity.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.3.21\nsWscSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.3.21\NortonSecurity.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\YunDetectService.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() C:\Program Files (x86)\X-Rite\ColorMunki Smile\application\ColorMunki Smile Tray.exe
() C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\Creator\FoxitProxyServer_Socket_RD.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-21] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [mylbx] => C:\Program Files\My Lockbox\mylbx.exe [2143552 2012-03-21] (FSPro Labs -> FSPro Labs)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [2309008 2017-09-19] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [UPSmart2000R] => C:\Program Files (x86)\UPSmart2000R\UPSmart2000R.exe [1721856 2011-06-21] () [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Winlogon: [Userinit] C:\WINDOWS\system32\userinit.exe, [27136 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [1769312 2015-11-23] (Acer Incorporated -> )
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1104384 2014-01-07] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [Avanquest Message] => C:\Users\Rick\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497640 2017-02-20] (AVANQUEST S.A. -> Avanquest Software)
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [5KPlayer] => C:\Program Files (x86)\DearMob\5KPlayer\5KPlayer.exe [29318088 2018-06-20] (Digiarty, Inc. -> DearMob)
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [Bonus.SSR.FR14] => "C:\Program Files (x86)\ABBYY FineReader 14\ScreenshotReader.exe" /autorun
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [BaiduYunGuanjia] => "C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\BaiduNetdisk.exe" AutoRun
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [BaiduYunDetect] => C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\YunDetectService.exe [1127448 2018-08-06] (Beijing Baidu Netcom Science and Technology Co.,Ltd -> )
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [SurfEasy] => C:\Program Files (x86)\Norton WiFi Privacy\client\Norton WiFi Privacy.exe startup
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [Deskpecker] => C:\Program Files (x86)\Zamaan's Software\Deskpecker 1.0\deskpecker.exe
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [UPSmart] => C:\Program Files (x86)\IDBK\UPSmart\UPSmart.exe [4472320 2015-04-10] ()
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1708016 2019-02-13] (Google LLC -> Google Inc.)
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --notification-launch-id=0|2|Default|0|chrome-extension://admmjipmmciaobhojoghlmleefbicajg/|admmjipmmciaobhojoghlmleefbicajg-52d81f95-f5f9-4213-8fd9-b451d6a0ec2b --flag-switches-begin --flag-switches-end --restore-last-session
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\MountPoints2: {07374292-edfb-11e3-825e-40f02f1b2390} - "G:\HPLauncher.exe" 
HKU\S-1-5-21-1630993411-145381888-747447847-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\DOLPHI~1.SCR [275931 2005-05-16] ()
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [175392 2012-10-26] (Logitech Inc.)
HKLM\...\Drivers32: [vidc.rscc] => C:\Windows\system32\rscc.dll [836096 2013-02-21] (RSUPPORT)
HKLM\...\Drivers32: [MSVideo] => C:\Windows\system32\vfwwdm32.dll [67072 2018-04-12] (Microsoft Corporation)
HKLM\...\Drivers32-x32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech Inc.)
HKLM\...\Drivers32-x32: [vidc.MPG4] => C:\Windows\SysWOW64\MPG4C32.dll [413760 2010-03-15] (Microsoft Corporation)
HKLM\...\Drivers32-x32: [vidc.MP42] => C:\Windows\SysWOW64\MPG4C32.dll [413760 2010-03-15] (Microsoft Corporation)
HKLM\...\Drivers32-x32: [vidc.MP43] => C:\Windows\SysWOW64\MPG4C32.dll [413760 2010-03-15] (Microsoft Corporation)
HKLM\...\Drivers32-x32: [vidc.rscc] => C:\Windows\SysWOW64\rscc.dll [671744 2013-02-21] (RSUPPORT)
HKLM\...\Drivers32-x32: [vidc.n264] => C:\Windows\SysWOW64\n264.dll [12888576 2014-10-20] (RSUPPORT)
HKLM\...\Drivers32-x32: [vidc.mp4v] => C:\Windows\SysWOW64\n264.dll [12888576 2014-10-20] (RSUPPORT)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\Installer\chrmstp.exe [2019-02-16] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2013-09-25] (Qualcomm Atheros -> Qualcomm®Atheros®)
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2013-09-25] (Qualcomm Atheros -> Qualcomm®Atheros®)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ColorMunki Smile Tray.lnk [2017-02-17]
ShortcutTarget: ColorMunki Smile Tray.lnk -> C:\Program Files (x86)\X-Rite\ColorMunki Smile\application\ColorMunki Smile Tray.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Finder.lnk [2017-10-04]
ShortcutTarget: Scanner Finder.lnk -> C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe ()
Startup: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2018-07-31]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{700625b6-a397-4ec9-928e-f5e2582bcb2a}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{dc9ebe64-8951-4d4c-8f4e-7a22cf7a6f01}: [DhcpNameServer] 10.0.0.138
 
Internet Explorer:
==================
HKU\S-1-5-21-1630993411-145381888-747447847-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\S-1-5-21-1630993411-145381888-747447847-1001 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=oem&geo=AU&ver=22.16.3.21&locale=en_AU&guid=F113AF33-50B6-4FC4-9B92-A61EDF325BE2&doi=2016-09-01&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-1630993411-145381888-747447847-1001 -> {2EE8CAB0-3292-4D28-A7B7-2A77AFAA1ACE} URL = 
SearchScopes: HKU\S-1-5-21-1630993411-145381888-747447847-1001 -> {6BF85770-390E-4771-8FDF-86EA5796A242} URL = hxxps://www.google.com.au/search?hl=en&q={searchTerms}&meta=cr%3DcountryAU
SearchScopes: HKU\S-1-5-21-1630993411-145381888-747447847-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=oem&geo=AU&ver=22.16.3.21&locale=en_AU&guid=F113AF33-50B6-4FC4-9B92-A61EDF325BE2&doi=2016-09-01&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-1630993411-145381888-747447847-1001 -> {C7C07245-7FB2-48A9-85DE-F1A2B330DC1D} URL = hxxps://www.google.com.au/search?hl=en&q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.)
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.16.3.21\coIEPlg.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_201\bin\ssv.dll [2019-01-19] ()
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-01-19] ()
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.16.3.21\coIEPlg.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.16.3.21\coIEPlg.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.16.3.21\coIEPlg.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
DPF: HKLM-x32 {CB927D12-4FF7-4A9E-A169-56E4B8A75598} hxxps://qtinstall.apple.com/qtactivex/qtplugin.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
 
FireFox:
========
FF DefaultProfile: zv9a8e0y.default
FF ProfilePath: C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\zv9a8e0y.default [2019-02-16]
FF Homepage: Mozilla\Firefox\Profiles\zv9a8e0y.default -> hxxps://www.google.com.au/?gws_rd=ssl|hxxps://www.google.com.au/?gws_rd=ssl|about:preferences
FF Extension: (Norton Password Manager) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\zv9a8e0y.default\Extensions\[email protected] [2019-01-05]
FF Extension: (Norton Safe Search) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\zv9a8e0y.default\Extensions\[email protected] [2018-11-22]
FF Extension: (Norton Safe Search) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\zv9a8e0y.default\Extensions\[email protected] [2018-11-22]
FF Extension: (Norton Safe Web) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\zv9a8e0y.default\Extensions\[email protected] [2019-01-05]
FF Extension: (Safe Preview) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\zv9a8e0y.default\Extensions\[email protected] [2016-06-08] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_142.dll [2019-02-13] ()
FF Plugin: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-01-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-01-19] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_142.dll [2019-02-13] ()
FF Plugin-x32: @baidu.com/YunWebDetectPlugin -> C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\npYunWebDetect.dll [No File]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2016-04-14] (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-12-27] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-12-27] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-12-27] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-12-27] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-20] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\Program Files (x86)\Common Files\Nero\BrowserPlugin\npBrowserPlugin.dll [2014-08-29] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2018-05-01] ()
FF Plugin HKU\S-1-5-21-1630993411-145381888-747447847-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Rick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-19] (Unity Technologies ApS)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.co.uk/?gws_rd=ssl
CHR StartupUrls: Default -> "hxxps://www.google.com.au/webhp?cr=countryAU&tbs=ctr:countryAU"
CHR NewTab: Default -> "active": false,
            "entry": "chrome-extension://mhffmephdchhhbfjmdpoaldedhhdanbn/homePageRedirect.html"
          
CHR Profile: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default [2019-02-14]
CHR Extension: (Google Slides) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-27]
CHR Extension: (Logitech Unifying for Chrome) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\agpmgihmmmfkbhckmciedmhincdggomo [2015-10-27]
CHR Extension: (Google Docs) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-27]
CHR Extension: (Google Drive) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]
CHR Extension: (YouTube) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-27]
CHR Extension: (Norton Security Toolbar) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-12-07]
CHR Extension: (Google Search) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-12-06]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2015-12-07]
CHR Extension: (Google Sheets) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (AdBlock) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-04]
CHR Extension: (Norton Identity Safe) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-12-06]
CHR Extension: (Norton Safe) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2015-10-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-27]
CHR Extension: (Norton Security Toolbar) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2015-10-27]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2015-11-16]
CHR Extension: (Gmail) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-27]
CHR Profile: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default [2019-02-16]
CHR Extension: (Slides) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Norton Password Manager) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\admmjipmmciaobhojoghlmleefbicajg [2019-02-02]
CHR Extension: (Docs) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-07]
CHR Extension: (YouTube) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-07]
CHR Extension: (Flash Player) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmimdmkleccdoghpgdhaahkelfhjfhgm [2018-10-30]
CHR Extension: (Google Search) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-07]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2016-09-26]
CHR Extension: (Norton Safe Search) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogpedgkejfmehnklhahflpmplhiceal [2018-11-16]
CHR Extension: (Sheets) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Norton Safe Web) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpbeacklnhmkkilekogeiekaglbmmka [2019-01-24]
CHR Extension: (Google Docs Offline) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-15]
CHR Extension: (AdBlock) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-02-08]
CHR Extension: (Skype) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-26]
CHR Extension: (Norton Home Page) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhffmephdchhhbfjmdpoaldedhhdanbn [2018-12-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-07]
CHR Extension: (Chrome Media Router) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-16]
CHR Profile: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-02-16]
CHR Profile: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\System Profile [2019-02-16]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.3.21\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1630993411-145381888-747447847-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.3.21\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc. -> Apple Inc.)
S4 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2860760 2016-01-14] (Acer Incorporated -> Acer Incorporated)
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] (Canon Inc. -> )
S4 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Trusted Connect Service -> Intel® Corporation)
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-20] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-20] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-31] (Logitech -> Logitech, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-01] (Symantec Corporation -> Symantec Corporation)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.16.3.21\NortonSecurity.exe [328648 2018-12-13] (Symantec Corporation -> Symantec Corporation)
R2 NortonWiFiPrivacy; C:\Program Files (x86)\Norton Secure VPN\client\NSVService.exe [6236176 2018-11-22] (Symantec Corporation -> Symantec Corporation)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.16.3.21\nsWscSvc.exe [915712 2018-12-13] (Symantec Corporation -> Symantec Corporation)
S4 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3476432 2015-10-12] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [355184 2017-09-19] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4403496 2019-01-09] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-21] (Microsoft Corporation -> Microsoft Corporation)
R2 xrdd.exe; C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe [83312 2015-09-18] (X-Rite Incorporated -> X-Rite Inc.)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 378634B9; C:\WINDOWS\System32\drivers\378634B9.sys [478392 2016-09-13] (Kaspersky Lab -> Kaspersky Lab ZAO)
R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2018-04-12] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.12.0.104\Definitions\BASHDefs\20190212.002\BHDrvx64.sys [1934048 2019-02-12] (Symantec Corporation -> Symantec Corporation)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [610336 2016-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\ccSetx64.sys [189152 2018-12-12] (Symantec Corporation -> Symantec Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515792 2018-12-05] (Symantec Corporation -> Symantec Corporation)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation -> EldoS Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153296 2018-12-07] (Symantec Corporation -> Symantec Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2019-02-07] (Malwarebytes Corporation -> Malwarebytes)
S3 EyeOneDisplay; C:\WINDOWS\System32\Drivers\i1display_x64.sys [15016 2013-01-07] (X-Rite Incorporated -> GretagMacbeth LLC)
R0 FSProFilter; C:\WINDOWS\System32\Drivers\FSPFltd.sys [54848 2010-07-22] (FSPro Labs -> FSPro Labs)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.12.0.104\Definitions\IPSDefs\20190215.061\IDSvia64.sys [1424904 2019-01-23] (Symantec Corporation -> Symantec Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-02-16] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [126624 2019-02-16] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [72536 2019-02-16] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [261032 2019-02-16] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [113016 2019-02-16] (Malwarebytes Corporation -> Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-20] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
U5 NortonSecureVPN; C:\Program Files (x86)\Norton Secure VPN\client\NSVService.exe [6236176 2018-11-22] (Symantec Corporation -> Symantec Corporation)
S3 npf; C:\WINDOWS\system32\drivers\npf.sys [35344 2018-07-17] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvaewu.inf_amd64_8baa9d083edacf87\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation -> NVIDIA Corporation)
R2 RtkIOAC60; C:\WINDOWS\system32\DRIVERS\RtkIOAC60.sys [29912 2013-07-19] (Realtek Semiconductor Corp -> Realtek semiconductor corp)
R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SRTSP64.SYS [855256 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SRTSPX64.SYS [49880 2018-12-12] (Symantec Corporation -> Symantec Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SYMEFASI64.SYS [1969328 2018-12-12] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SymELAM.sys [25744 2018-12-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-06-15] (Symantec Corporation -> Symantec Corporation)
S4 SymEvnt; C:\Program Files\Norton Security\NortonData\22.12.0.104\SymPlatform\SymEvnt.sys [678616 2019-02-02] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\Ironx64.SYS [308416 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\symnets.sys [567024 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R3 SymTAP; C:\WINDOWS\System32\drivers\SymTAP.sys [52512 2018-10-13] (Symantec Corporation -> The OpenVPN Project)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2018-05-05] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\wpCtrlDrv.sys [1011056 2018-12-12] (Symantec Corporation -> Symantec Corporation)
U3 aswbdisk; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-16 14:50 - 2019-02-16 14:51 - 000000000 ____D C:\Users\Rick\Desktop\Geeks
2019-02-16 14:46 - 2019-02-16 14:46 - 000072536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-02-16 14:45 - 2019-02-16 14:54 - 000113016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-02-16 14:45 - 2019-02-16 14:45 - 000261032 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-02-16 14:45 - 2019-02-16 14:45 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-02-16 14:45 - 2019-02-16 14:45 - 000126624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-02-16 04:00 - 2019-02-16 04:00 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2019-02-15 22:20 - 2019-02-15 22:20 - 000000000 ____D C:\Users\Rick\AppData\Roaming\Ashampoo
2019-02-14 14:21 - 2019-02-14 14:21 - 000003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2019-02-14 14:10 - 2019-02-14 14:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2019-02-14 14:10 - 2019-02-14 14:10 - 000000000 ____D C:\Program Files\VS Revo Group
2019-02-13 17:42 - 2019-02-06 18:54 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-02-13 17:42 - 2019-02-06 18:32 - 003648512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-02-13 17:42 - 2019-02-06 17:52 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-02-13 17:42 - 2019-02-06 14:01 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-02-13 17:42 - 2019-02-06 14:01 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-02-13 17:42 - 2019-02-06 14:00 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-02-13 17:42 - 2019-02-06 14:00 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-02-13 17:42 - 2019-02-06 14:00 - 006572416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-13 17:42 - 2019-02-06 14:00 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-02-13 17:42 - 2019-02-06 13:52 - 022014464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-02-13 17:42 - 2019-02-06 13:45 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-02-13 17:42 - 2019-02-06 13:42 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-02-13 17:42 - 2019-02-06 13:41 - 025853952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-02-13 17:42 - 2019-02-06 13:40 - 005792256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-02-13 17:42 - 2019-02-06 13:37 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-02-13 17:42 - 2019-02-06 13:33 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-02-13 17:42 - 2019-02-06 13:29 - 004865536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-02-13 17:42 - 2019-02-06 13:26 - 007599616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-02-13 17:42 - 2019-02-06 13:24 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-02-13 17:42 - 2019-01-10 04:42 - 004716032 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-02-13 17:42 - 2019-01-10 04:41 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-02-13 17:42 - 2019-01-10 04:35 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-02-13 17:42 - 2019-01-09 20:55 - 011919872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-02-13 17:42 - 2019-01-09 16:43 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-02-13 17:42 - 2019-01-09 16:43 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-02-13 17:42 - 2019-01-09 16:43 - 002253480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-02-13 17:42 - 2019-01-09 16:42 - 001035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-02-13 17:42 - 2019-01-09 16:40 - 002765336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-02-13 17:42 - 2019-01-09 16:39 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-02-13 17:42 - 2019-01-09 16:39 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-02-13 17:42 - 2019-01-09 16:39 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-02-13 17:42 - 2019-01-09 16:33 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-02-13 17:42 - 2019-01-09 16:32 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-02-13 17:42 - 2019-01-09 16:29 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-02-13 17:42 - 2019-01-09 16:29 - 002500096 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-02-13 17:42 - 2019-01-09 16:27 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-02-13 17:42 - 2019-01-09 16:27 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-02-13 17:42 - 2019-01-09 16:26 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-02-13 17:42 - 2019-01-09 16:26 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-02-13 17:42 - 2019-01-09 16:23 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-02-13 17:41 - 2019-02-06 18:53 - 001634704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-02-13 17:41 - 2019-02-06 18:35 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-02-13 17:41 - 2019-02-06 18:30 - 004052992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-02-13 17:41 - 2019-02-06 18:30 - 001662464 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-02-13 17:41 - 2019-02-06 18:30 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-02-13 17:41 - 2019-02-06 18:11 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-02-13 17:41 - 2019-02-06 17:57 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-02-13 17:41 - 2019-02-06 17:52 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-02-13 17:41 - 2019-02-06 17:52 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-02-13 17:41 - 2019-02-06 14:01 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-02-13 17:41 - 2019-02-06 14:01 - 000720480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-02-13 17:41 - 2019-02-06 14:01 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-02-13 17:41 - 2019-02-06 14:01 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-02-13 17:41 - 2019-02-06 14:01 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-02-13 17:41 - 2019-02-06 14:01 - 000033576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-02-13 17:41 - 2019-02-06 14:00 - 002719760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-02-13 17:41 - 2019-02-06 14:00 - 002421264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-02-13 17:41 - 2019-02-06 14:00 - 001257904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-02-13 17:41 - 2019-02-06 14:00 - 001140680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-02-13 17:41 - 2019-02-06 14:00 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-02-13 17:41 - 2019-02-06 14:00 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-02-13 17:41 - 2019-02-06 14:00 - 000945680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-02-13 17:41 - 2019-02-06 14:00 - 000899728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-02-13 17:41 - 2019-02-06 14:00 - 000466960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-02-13 17:41 - 2019-02-06 14:00 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-02-13 17:41 - 2019-02-06 14:00 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-13 17:41 - 2019-02-06 14:00 - 000038792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-02-13 17:41 - 2019-02-06 13:59 - 001922064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-02-13 17:41 - 2019-02-06 13:59 - 001457248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-02-13 17:41 - 2019-02-06 13:59 - 000983128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-02-13 17:41 - 2019-02-06 13:59 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-02-13 17:41 - 2019-02-06 13:41 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-02-13 17:41 - 2019-02-06 13:40 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2019-02-13 17:41 - 2019-02-06 13:38 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-02-13 17:41 - 2019-02-06 13:38 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-02-13 17:41 - 2019-02-06 13:37 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-02-13 17:41 - 2019-02-06 13:28 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-02-13 17:41 - 2019-02-06 13:28 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2019-02-13 17:41 - 2019-02-06 13:27 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-02-13 17:41 - 2019-02-06 13:27 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-02-13 17:41 - 2019-02-06 13:27 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-02-13 17:41 - 2019-02-06 13:27 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-02-13 17:41 - 2019-02-06 13:26 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-02-13 17:41 - 2019-02-06 13:26 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-02-13 17:41 - 2019-02-06 13:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-02-13 17:41 - 2019-02-06 13:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-02-13 17:41 - 2019-02-06 13:25 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-02-13 17:41 - 2019-02-06 13:25 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-02-13 17:41 - 2019-02-06 13:24 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-02-13 17:41 - 2019-02-06 13:23 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2019-02-13 17:41 - 2019-02-06 13:22 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-02-13 17:41 - 2019-02-06 13:22 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-02-13 17:41 - 2019-02-06 13:21 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-02-13 17:41 - 2019-02-06 12:04 - 000001314 _____ C:\WINDOWS\system32\tcbres.wim
2019-02-13 17:41 - 2019-01-12 19:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-02-13 17:41 - 2019-01-12 13:28 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-13 17:41 - 2019-01-10 05:08 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-02-13 17:41 - 2019-01-10 04:57 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-02-13 17:41 - 2019-01-10 04:41 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-02-13 17:41 - 2019-01-10 04:40 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2019-02-13 17:41 - 2019-01-10 04:36 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-02-13 17:41 - 2019-01-09 21:14 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-02-13 17:41 - 2019-01-09 20:55 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2019-02-13 17:41 - 2019-01-09 19:55 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-02-13 17:41 - 2019-01-09 19:48 - 000527368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-02-13 17:41 - 2019-01-09 16:59 - 000611848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-02-13 17:41 - 2019-01-09 16:44 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-02-13 17:41 - 2019-01-09 16:43 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-02-13 17:41 - 2019-01-09 16:43 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-02-13 17:41 - 2019-01-09 16:43 - 000607376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-02-13 17:41 - 2019-01-09 16:43 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-02-13 17:41 - 2019-01-09 16:43 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-02-13 17:41 - 2019-01-09 16:43 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-02-13 17:41 - 2019-01-09 16:43 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-02-13 17:41 - 2019-01-09 16:43 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
2019-02-13 17:41 - 2019-01-09 16:42 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-02-13 17:41 - 2019-01-09 16:40 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-02-13 17:41 - 2019-01-09 16:40 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-02-13 17:41 - 2019-01-09 16:40 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-02-13 17:41 - 2019-01-09 16:40 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-02-13 17:41 - 2019-01-09 16:39 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-02-13 17:41 - 2019-01-09 16:39 - 000789696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-02-13 17:41 - 2019-01-09 16:39 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-02-13 17:41 - 2019-01-09 16:39 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-02-13 17:41 - 2019-01-09 16:39 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-02-13 17:41 - 2019-01-09 16:39 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-02-13 17:41 - 2019-01-09 16:39 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-02-13 17:41 - 2019-01-09 16:39 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-02-13 17:41 - 2019-01-09 16:39 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2019-02-13 17:41 - 2019-01-09 16:27 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-02-13 17:41 - 2019-01-09 16:26 - 002966016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-02-13 17:41 - 2019-01-09 16:25 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-02-13 17:41 - 2019-01-09 16:24 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-02-13 17:41 - 2019-01-09 16:24 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-13 17:41 - 2019-01-09 16:24 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-02-13 17:41 - 2019-01-09 16:23 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-02-13 17:41 - 2019-01-09 16:23 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-02-13 17:41 - 2019-01-09 16:23 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-02-13 17:41 - 2019-01-09 16:23 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-02-13 17:41 - 2019-01-09 16:23 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-02-13 17:41 - 2019-01-09 16:23 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-02-13 17:41 - 2019-01-09 16:23 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2019-02-13 17:41 - 2019-01-09 16:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-02-13 17:41 - 2019-01-09 16:22 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-02-13 17:41 - 2019-01-09 16:22 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-02-13 17:41 - 2019-01-09 16:22 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-02-13 17:41 - 2019-01-09 16:22 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-02-13 17:41 - 2019-01-09 16:22 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-02-13 17:41 - 2019-01-09 16:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 17:41 - 2019-01-09 16:22 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-02-13 17:41 - 2019-01-09 16:21 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-02-13 17:41 - 2019-01-09 16:21 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-02-13 17:41 - 2019-01-09 16:21 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 17:41 - 2019-01-09 16:20 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-02-13 17:41 - 2019-01-09 16:20 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-13 17:41 - 2019-01-09 16:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-02-13 17:41 - 2019-01-09 16:20 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-02-13 17:41 - 2019-01-09 16:19 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-13 17:41 - 2019-01-09 16:19 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-02-13 17:41 - 2019-01-09 16:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2019-02-13 17:41 - 2019-01-09 16:19 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-02-13 17:41 - 2019-01-09 16:18 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2019-02-13 17:41 - 2019-01-09 15:34 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-02-13 17:41 - 2019-01-09 15:34 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2019-02-13 17:41 - 2019-01-08 20:08 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-02-13 17:41 - 2019-01-08 14:06 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-02-13 17:41 - 2019-01-08 14:06 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-02-13 17:41 - 2019-01-08 14:06 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2019-02-11 14:08 - 2019-02-16 14:53 - 000000000 ____D C:\FRST
2019-02-09 12:08 - 2019-02-09 12:08 - 000000000 ____D C:\Users\Rick\AppData\Local\AOP SDK
2019-02-09 02:12 - 2019-02-09 02:19 - 000000000 ____D C:\Users\Rick\AppData\Local\Adobe
2019-02-04 21:38 - 2019-02-09 18:26 - 000000000 ____D C:\Users\Rick\AppData\Local\Canon Easy-PhotoPrint EX
2019-02-04 21:38 - 2019-02-04 21:38 - 000000000 ___HD C:\ProgramData\CanonIJEPPEX2
2019-02-04 21:38 - 2019-02-04 21:38 - 000000000 ___HD C:\ProgramData\CanonIJEPPEX
2019-02-04 21:38 - 2019-02-04 21:38 - 000000000 ___HD C:\ProgramData\CanonEPP
2019-01-31 21:54 - 2019-01-31 22:03 - 000000000 ____D C:\Program Files\PortraitPro 18 Trial
2019-01-29 14:15 - 2019-01-29 14:15 - 000001237 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disketch Disc Label Software.lnk
2019-01-29 14:15 - 2019-01-29 14:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2019-01-29 14:15 - 2019-01-29 14:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graphics Related Programs
2019-01-29 14:15 - 2019-01-29 14:15 - 000000000 ____D C:\Program Files (x86)\NCH Software
2019-01-27 22:32 - 2017-03-02 02:47 - 000000055 _____ C:\Users\Rick\Desktop\Ann and Les Gunn (2).txt
2019-01-21 18:35 - 2019-01-21 18:35 - 000000000 ____D C:\Users\Rick\AppData\Roaming\CDROLLER
2019-01-19 16:40 - 2019-01-19 16:40 - 000000000 ____D C:\Users\Rick\AppData\LocalLow\Oracle
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-16 14:50 - 2018-10-10 22:23 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security with Backup
2019-02-16 14:49 - 2018-05-16 18:00 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-02-16 14:49 - 2018-04-12 10:36 - 000000000 ____D C:\WINDOWS\INF
2019-02-16 14:46 - 2018-04-12 10:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-16 14:45 - 2018-05-16 17:55 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-02-16 14:45 - 2018-04-12 08:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-02-16 14:45 - 2016-10-02 22:04 - 000000000 ____D C:\ProgramData\NVIDIA
2019-02-16 14:43 - 2018-04-12 08:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-02-16 14:39 - 2016-09-01 03:53 - 000000000 ____D C:\AdwCleaner
2019-02-16 14:18 - 2018-04-12 10:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-16 14:18 - 2018-04-12 10:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-02-16 05:14 - 2018-05-20 20:36 - 000000000 ____D C:\Users\Rick\AppData\Local\D3DSCache
2019-02-16 03:58 - 2017-12-19 09:52 - 000000000 ____D C:\Users\Rick\AppData\LocalLow\Mozilla
2019-02-16 03:48 - 2015-12-07 13:19 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-16 02:29 - 2018-05-16 17:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-02-15 22:20 - 2018-11-26 14:20 - 000000000 ____D C:\Users\Rick\AppData\Local\Ashampoo
2019-02-15 22:20 - 2016-06-19 21:41 - 000000000 ____D C:\ProgramData\Ashampoo
2019-02-15 22:20 - 2016-05-22 19:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2019-02-15 22:19 - 2016-05-22 19:18 - 000000000 ____D C:\Program Files (x86)\Ashampoo
2019-02-15 19:27 - 2015-10-27 11:17 - 000000000 ____D C:\Users\Rick\AppData\Roaming\Adobe
2019-02-15 17:32 - 2017-09-29 19:08 - 000000000 ____D C:\Program Files\rempl
2019-02-15 02:04 - 2015-12-24 01:02 - 000000000 ____D C:\Users\Rick\AppData\Local\ElevatedDiagnostics
2019-02-14 14:24 - 2018-05-16 17:55 - 000000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2019-02-14 14:16 - 2014-06-14 15:50 - 000000000 ____D C:\Users\Rick\AppData\LocalLow\Temp
2019-02-14 00:15 - 2018-05-16 17:40 - 005435112 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-02-14 00:10 - 2018-04-12 10:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-02-14 00:10 - 2018-04-12 10:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-02-14 00:10 - 2018-04-12 10:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-02-14 00:10 - 2018-04-12 10:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-02-14 00:10 - 2018-04-12 10:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-02-14 00:10 - 2018-04-12 10:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-02-13 20:56 - 2018-07-06 22:18 - 000000000 ____D C:\Users\Rick\AppData\Roaming\5KPlayer
2019-02-13 17:48 - 2018-04-12 10:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-02-13 17:41 - 2015-10-27 12:48 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-02-13 17:38 - 2015-10-27 12:47 - 129330784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-02-13 15:56 - 2018-07-05 15:29 - 000000000 ____D C:\Users\Rick\AppData\Roaming\dvdcss
2019-02-13 15:49 - 2014-11-10 23:43 - 000000000 ____D C:\Users\Rick\Documents\liteCam
2019-02-13 15:48 - 2015-12-05 02:17 - 000025088 _____ C:\Users\Rick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-02-13 05:16 - 2018-05-16 17:55 - 000004578 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-02-13 05:16 - 2018-04-12 10:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-02-13 05:16 - 2018-04-12 10:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-02-13 04:24 - 2018-05-16 17:55 - 000004566 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-02-13 03:58 - 2018-09-08 04:26 - 000000000 ____D C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\百度网盘
2019-02-11 13:24 - 2018-05-16 17:55 - 000004144 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9FED51AC-BB0D-4BEE-9687-B54D279E2473}
2019-02-11 03:02 - 2018-05-16 17:55 - 000003352 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1630993411-145381888-747447847-1001
2019-02-11 03:02 - 2018-05-16 17:45 - 000002364 _____ C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-11 03:02 - 2014-07-26 03:23 - 000000000 __RDO C:\Users\Rick\OneDrive
2019-02-10 22:20 - 2018-04-12 20:18 - 000000000 ____D C:\WINDOWS\OCR
2019-02-10 19:16 - 2016-09-26 02:11 - 000000000 ____D C:\Users\Rick\AppData\Local\File Viewer Plus
2019-02-09 19:00 - 2015-11-04 15:07 - 000000000 ____D C:\ProgramData\CanonIJPLM
2019-02-09 18:46 - 2018-04-12 10:38 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2019-02-08 17:52 - 2018-07-11 14:28 - 000000000 ____D C:\ProgramData\Packages
2019-02-08 17:42 - 2018-12-07 22:24 - 000000000 ____D C:\Program Files\CCleaner
2019-02-07 01:15 - 2018-09-25 22:11 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-02-06 21:23 - 2018-04-12 10:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-02-06 21:23 - 2015-10-28 00:56 - 000000000 ____D C:\Users\Rick\AppData\Local\CrashDumps
2019-02-05 15:02 - 2018-08-12 03:15 - 000000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2019-02-04 21:38 - 2015-11-04 15:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2019-02-04 21:37 - 2015-11-04 15:09 - 000000000 ____D C:\Program Files\Canon
2019-02-03 09:53 - 2018-11-14 23:17 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-02-03 09:53 - 2018-11-14 23:17 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-30 21:24 - 2015-10-27 12:04 - 000000000 ____D C:\ProgramData\FLEXnet
2019-01-29 14:16 - 2015-12-03 14:38 - 000000000 ____D C:\Users\Rick\AppData\Roaming\NCH Software
2019-01-24 22:01 - 2017-10-21 20:06 - 000000000 ____D C:\ProgramData\Corel
2019-01-24 19:55 - 2015-10-28 00:25 - 000000000 ____D C:\ProgramData\Package Cache
2019-01-23 19:13 - 2014-01-07 06:27 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-01-20 04:46 - 2018-05-16 17:45 - 000000000 ____D C:\Users\Rick
2019-01-19 16:41 - 2018-11-10 15:29 - 000110968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2019-01-19 16:41 - 2018-11-10 15:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-01-19 16:41 - 2018-11-10 15:28 - 000000000 ____D C:\Program Files\Java
 
==================== Files in the root of some directories =======
 
2016-05-21 15:20 - 2018-09-18 18:43 - 000013531 _____ () C:\Users\Rick\AppData\Roaming\event.log
2015-12-05 02:17 - 2019-02-13 15:48 - 000025088 _____ () C:\Users\Rick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-09-22 18:55 - 2018-09-22 18:55 - 000000000 _____ () C:\Users\Rick\AppData\Local\oobelibMkey.log
2015-11-17 17:18 - 2015-11-17 17:18 - 000000000 _____ () C:\Users\Rick\AppData\Local\{33487DA2-1ED6-4DAD-A40C-AB6B7AA40B7E}
 
Some files in TEMP:
====================
2019-02-15 18:58 - 2019-01-09 21:14 - 000607744 _____ (Microsoft Corporation) C:\Users\Rick\AppData\Local\Temp\kernel32.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-16 17:40
 
==================== End of FRST.txt ============================

  • 0

Advertisements

#17
Rickles
Posted 15 February 2019 - 10:27 PM

Rickles

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 629 posts
Hi Joe, it seems to be working and I think I have all you requested. Regards
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.02.2019
Ran by Rick (16-02-2019 14:55:10)
Running from C:\Users\Rick\Desktop\Downloads\Geeks 11 01 19
Windows 10 Home Version 1803 17134.590 (X64) (2018-05-16 07:16:50)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1630993411-145381888-747447847-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1630993411-145381888-747447847-503 - Limited - Disabled)
Guest (S-1-5-21-1630993411-145381888-747447847-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1630993411-145381888-747447847-1003 - Limited - Enabled)
Rick (S-1-5-21-1630993411-145381888-747447847-1001 - Administrator - Enabled) => C:\Users\Rick
WDAGUtilityAccount (S-1-5-21-1630993411-145381888-747447847-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security (Disabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
3D Shadow 2.0 (HKLM\...\3D Shadow_is1) (Version: 2.0 - Lokas Software)
5KPlayer (HKLM-x32\...\5KPlayer) (Version: 5.1 - DearMob, Inc.)
7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version:  - )
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.09.2001 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.09.2003.0 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.06.2000.22 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3019 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.09.2002 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8100 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
ADAudit Plus (HKLM-x32\...\{B4E87CC6-F195-4CFE-92A2-8439FC3716C9}) (Version: 4.6.0 - ZOHO Corp)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe CMaps x64 CS4 (HKLM\...\{90BA8112-80B3-4617-A3C1-BD2771B60F74}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.142 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.142 - Adobe Systems Incorporated)
Adobe Fonts All x64 (HKLM\...\{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe PDF Library Files x64 CS4 (HKLM\...\{DFFABE78-8173-4E97-9C5C-22FB26192FC5}) (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Type Support x64 CS4 (HKLM\...\{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}) (Version: 9.0 - Adobe Systems Incorporated) Hidden
AnalogX NetStat Live (HKLM-x32\...\AnalogX NetStat Live) (Version:  - AnalogX)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.15.2000.1 - Acer Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Ashampoo Burning Studio 2019 (HKLM-x32\...\{91B33C97-293D-A984-2057-76661C44CB0E}_is1) (Version: 1.20.0 - Ashampoo GmbH & Co. KG)
Ashampoo Cover Studio 2017 (HKLM-x32\...\{91B33C97-6D7D-102A-7711-56C011AFB81B}_is1) (Version: 3.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo MyAutoplay Menu v.1.0.5 (HKLM-x32\...\{91B33C97-FD41-09C7-0F51-78F94C35D772}_is1) (Version: 1.0.5 - Ashampoo GmbH & Co. KG)
Avanquest Message (HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.06.0 - Avanquest Software)
Awesome Duplicate Photo Finder v. 1.0.1 (HKLM-x32\...\Awesome Duplicate Photo Finder_is1) (Version:  - Duplicate-Finder.com)
BenVista PhotoZoom Classic 6.1 (HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\PhotoZoom Classic 6) (Version: 6.1 - BenVista Ltd.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.7.0 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon MX920 series On-screen Manual (HKLM-x32\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.52 - Piriform)
ClipGrab 3.7.1 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
CODIJY Pro version 3.6.1 (HKLM\...\{26339FAF-FA88-4C47-9E68-D4D3E8C512D9}_is1) (Version: 3.6.1 - CODIJY)
CoffeeCup Free Zip Wizard (HKLM-x32\...\CoffeeCup Free Zip Wizard) (Version:  - CoffeeCup Software)
ColorMunki Smile (HKLM-x32\...\ColorMunki Smile_is1) (Version:  - X-Rite)
Data Lifeguard Diagnostic for Windows 1.31 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform)
Disketch Disc Label Software (HKLM-x32\...\Disketch) (Version: 3.39 - NCH Software)
Dolphin Pod 0.3 (HKLM-x32\...\Dolphin Pod_is1) (Version:  - )
DVD-Cloner V9.60 Build 1114 (HKLM-x32\...\DVD-Cloner 9_is1) (Version: 9.60.0.1114 - OpenCloner Inc.)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
File Identifier (HKLM-x32\...\{C257E434-E8F1-4E06-A616-598E4933553E}_is1) (Version: 1.0.11 - Sharpened Productions)
File Viewer Plus (HKLM-x32\...\{C8B24B83-920A-446E-B027-38F72C9D8898}_is1) (Version: 2.2.1 - Sharpened Productions)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.4.0.16811 - Foxit Software Inc.)
Free FreeCell Solitaire 2015 v3.0 (HKLM-x32\...\Free FreeCell Solitaire_is1) (Version:  - TreeCardGames)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.109 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.22) (Version: 9.22 - Artifex Software Inc.)
Grant Digital (HKLM-x32\...\{ED4830CC-FB1B-4E51-9ED3-0FCC97758D1D}) (Version:  - )
HAL 9000 [Console] Basic Screen Saver (HKLM-x32\...\HAL 9000 [Console] Basic) (Version:  - )
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.8101 - Acer Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Image Resizer for Windows (64 bit) (HKLM\...\{2A1F3759-5792-469B-B895-7E29680F02F1}) (Version: 3.1.1.0 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{92916BDF-74CB-479C-B69E-32EACB074FFE}) (Version: 3.1.1.0 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{c624f5da-779e-4ccb-9ce1-34bc5ef0a6b9}) (Version: 3.1.1.0 - Brice Lambson)
ImageMixer VCD2 for FinePix (HKLM-x32\...\{934E9442-D305-4ACF-AD87-A6C11D677CB9}) (Version:  - )
InCD EasyWrite Reader (HKLM-x32\...\MRW!UninstallKey) (Version:  - )
InPixio Photo (HKLM-x32\...\{5F0C0CD8-77B1-4C3E-9F01-5AF10D85DBB4}) (Version: 6.09.0 - Avanquest Software)
InPixio Photo Maximizer (HKLM-x32\...\{33DB8C17-40C9-4629-B6D4-05A4C7E8AA86}) (Version: 2.03.25799 - Avanquest Software)
InstaCards (HKLM-x32\...\{58259C24-7B5E-4977-93B0-E9EEA1B884CE}) (Version: 1.6.1 - Avanquest Software)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Java 8 Update 201 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
LicenseCrawler version 1.25 build-298 (HKLM-x32\...\{12151216-3E3F-4118-AE95-49C39F1D7EA2}_is1) (Version: 1.25 build-298 - Martin Klinzmann)
liteCam HD (HKLM-x32\...\{4926737D-839C-430F-805F-28C7EF86A432}) (Version: 4.95.0000 - RSUPPORT)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Macrium Reflect Free Edition (HKLM\...\{08B0BEF7-A098-4A77-B132-8702E9F43682}) (Version: 6.1.1225 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Mahjong Champ (HKLM-x32\...\MahjongChamp) (Version:  - )
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
McAfee Safe Connect (HKLM-x32\...\{54EB2499-4B4F-4AE5-9D1E-CCAE9D6ED880}) (Version: 1.3.1.128 - McAfee, Inc)
Microsoft LifeCam (HKLM\...\{8EC9E7BB-2443-49B1-8476-490EBF932C2E}) (Version: 4.25.512.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{386881cc-7635-4ec3-aaf3-e28904b27a28}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movavi Photo Noir (HKLM-x32\...\Movavi Photo Noir) (Version: 1.0.1 - Movavi)
Mozilla Firefox 63.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.3 (x64 en-US)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 63.0.3.6892 - Mozilla)
My Lockbox 2.8.2 (HKLM\...\My Lockbox_is1) (Version: 2.8.2 - )
Nero 11 InfoTool (HKLM-x32\...\{64BEF779-5053-48AF-A3D8-B70EBC1C70E7}) (Version: 11.0.00500 - Nero AG)
Nero 2015 (HKLM-x32\...\{E6626251-ED62-469C-821F-D75C50154C48}) (Version: 16.0.02800 - Nero AG)
Nero CoverDesigner 2017 (HKLM-x32\...\{29102D23-A61D-48BC-876D-449BF9937B62}) (Version: 18.0.00900 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 20.0.1011 - Nero AG)
Nero Prerequisite Installer 7.0 (HKLM-x32\...\{20A619F0-E309-4434-A7ED-C270759803AA}) (Version: 19.0.00000 - Nero AG)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Secure VPN (HKLM-x32\...\Norton Secure VPN) (Version: 1.6.0.280 - Symantec Corporation)
Norton Security (HKLM-x32\...\NGC) (Version: 22.16.3.21 - Symantec Corporation)
Norton WiFi Privacy (HKLM-x32\...\Norton WiFi Privacy) (Version: 1.4.9 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 326.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 326.01 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
PcCloneEX (HKLM-x32\...\PcCloneEX) (Version:  - )
PDF Settings CS4 (HKLM-x32\...\{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}) (Version: 9.0 - Adobe Systems Incorporated) Hidden
PicaView32 (HKLM-x32\...\PicaView32) (Version:  - )
Plantraco FMS Model Installer (HKLM-x32\...\{002D2C86-303B-4146-A3F6-8F0BA5A93F11}) (Version: 1.0.5 - Plantraco)
PowerPoint CD-ROM Wizard (HKLM-x32\...\PowerPoint CD-ROM Wizard) (Version:  - )
Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0010 - Nero AG) Hidden
Prerequisite installer (HKLM-x32\...\{5F284483-EE8D-447E-BEBE-2BF13B08C4BF}) (Version: 17.0.0002 - Nero AG) Hidden
Prerequisite installer (HKLM-x32\...\{799AFA36-4EA5-4323-8689-74C06645A26B}) (Version: 16.0.0000 - Nero AG) Hidden
Prerequisite installer (HKLM-x32\...\{AD240F1A-3102-492E-B657-17969A9D5E9A}) (Version: 19.0.0003 - Nero AG) Hidden
Prerequisite installer (HKLM-x32\...\{EB511CD1-C87C-490D-A7B1-D6C47F57820F}) (Version: 18.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.11 - Qualcomm Atheros)
RAW FILE CONVERTER LE (HKLM-x32\...\{D680C913-5955-469D-9D88-C1940F7506D6}) (Version:  - )
Rays (HKLM\...\Digital Film Tools-Rays 1.0) (Version: 1.0 - Digital Film Tools)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller 2.0.6 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.6 - VS Revo Group, Ltd.)
RMP4 (HKLM-x32\...\{F78FC958-7354-43EA-BF26-AFCBFE7B9C18}) (Version: 1.05.0000 - RSUPPORT)
RSCC (HKLM-x32\...\{562CBD30-CA59-4640-862C-99C0ECED4B4C}) (Version: 2.02.0000 - RSUPPORT)
ScanWizard 5 (HKLM-x32\...\{B08D262E-D902-11D5-9C28-0080C85A0C2D}) (Version:  - )
Serif WebPlus X7 (HKLM\...\{DDC54AEA-0ED0-4F2F-9C3C-7C382D80B5FB}) (Version: 15.0.4.38 - Serif (Europe) Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SlimDX Runtime .NET 2.0 (January 2012) (HKLM-x32\...\{014A2868-BE56-4888-A16C-693989B8F153}) (Version: 2.0.13.43 - SlimDX Group)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
stashimi (HKLM-x32\...\{9E0284FD-B627-42AC-B17A-99930793A9E5}) (Version: 12.1.9800.0 - Audials AG)
SureThing Decal Maker (HKLM-x32\...\MVApplication1) (Version:  - )
Unity Web Player (HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
UPSmart version 1.5 (HKLM-x32\...\UPSmart_is1) (Version: 1.5 - Guangdong IDBK software technology Inc)
UPSmart2000R 1.9( Build 110621 ) (HKLM-x32\...\UPSmart2000R_is1) (Version: 1.9 - )
Video Booth (HKLM-x32\...\VideoBooth) (Version: 2.8.1.8 - )
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WD Drive Utilities (HKLM-x32\...\{27c7215d-df19-4095-8f6a-eba55cab35be}) (Version: 2.0.0.25 - Western Digital Technologies, Inc.)
WD Drive Utilities (HKLM-x32\...\{F413FB4C-7CFF-4737-BCC3-5EE43BFB3721}) (Version: 2.0.0.25 - Western Digital Technologies, Inc.) Hidden
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames) (Version: 4.1.1.40 - WildTangent)
WildTangent ShortcutProvider (HKLM-x32\...\{80831F60-19D7-43B3-A60C-5CAF8C478DF6}) (Version: 1.0.0.60 - WildTangent) Hidden
Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com)
Windows 7 Games for Windows 8 and 10 (HKLM-x32\...\MicrosoftGamesForWin8) (Version: 1.1.0.10 - )
X-Rite Device Services Manager (HKLM-x32\...\{1E18A923-CDF1-4D1C-93B2-AD4CC5BD33EA}) (Version: 2.4.1 - X-Rite)
Zipware (HKLM-x32\...\{978B4C17-660C-4521-A024-0E4311DF0192}) (Version: 1.2.0 - Bazwise)
百度网盘 (HKLM-x32\...\百度云管家) (Version: 6.2.4 - 百度在线网络技术(北京)有限公司)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1630993411-145381888-747447847-1001_Classes\CLSID\{F692AFB9-21F4-EE57-7255-CA9A52655345}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Windows -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-15] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-15] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-15] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2009-02-03] (Igor Pavlov)
ContextMenuHandlers1-x32: [ASZipF] -> {e13d3e68-0f44-3d45-b15f-bcfd8a8b4c7e} =>  -> No File
ContextMenuHandlers1-x32: [ASZipF64] -> {e13d3e78-0f44-3d45-b15f-bcfd8a8b4c7e} =>  -> No File
ContextMenuHandlers1-x32: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1-x32-x32: [ccZipWizDll] -> {FFEAB400-3031-11D5-B653-0050BAD1A371} => C:\Program Files (x86)\CoffeeCup Software\FreeZip\cczipdll.dll [2001-04-14] (CoffeeCup Software)
ContextMenuHandlers1-x32-x32: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2018-05-03] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers1-x32-x32: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2018-12-25] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1-x32-x32: [Image Resizer] -> {51B4D7E5-7568-4234-B4BB-47FB3C016A69} => C:\Program Files\Image Resizer for Windows\ShellExtensions.dll [2018-05-26] (Open Source Developer, Brice Lambson -> Brice Lambson)
ContextMenuHandlers1-x32-x32-x32: [PicaView32] -> {68f32140-2ca3-11d0-acc1-444553540000} => C:\Program Files (x86)\PICAVI~1\PicaView.dll -> No File
ContextMenuHandlers1-x32-x32-x32: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers1-x32-x32-x32: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.3.21\NavShExt.dll [2018-12-13] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1-x32-x32-x32: [YunShellExt] -> {6D85624F-305A-491d-8848-C1927AA0D790} => C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\YunShellExt64.dll [2018-08-06] (Beijing Baidu Netcom Science and Technology Co.,Ltd -> )
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.3.21\NavShExt.dll [2018-12-13] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2009-02-03] (Igor Pavlov)
ContextMenuHandlers4-x32: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers4-x32: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-07] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers4-x32: [YunShellExt] -> {6D85624F-305A-491d-8848-C1927AA0D790} => C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\YunShellExt64.dll [2018-08-06] (Beijing Baidu Netcom Science and Technology Co.,Ltd -> )
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-30] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [ASZipF] -> {e13d3e68-0f44-3d45-b15f-bcfd8a8b4c7e} =>  -> No File
ContextMenuHandlers6: [ASZipF64] -> {e13d3e78-0f44-3d45-b15f-bcfd8a8b4c7e} =>  -> No File
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2018-05-03] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2018-12-25] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-07] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.3.21\NavShExt.dll [2018-12-13] (Symantec Corporation -> Symantec Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {07078F0D-4A2E-421B-8C08-848A3BEBA180} - System32\Tasks\Norton Security with Backup\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.16.3.21\SymErr.exe (Symantec Corporation -> Symantec Corporation)
Task: {0AA0B89D-FC57-489F-96C8-1B2409FEE784} - System32\Tasks\GoogleUpdateTaskMachineUA1d1b3309bb50295 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {1B01DDB7-6DB5-444E-BC5B-751A4312FAAC} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe (Symantec Corporation -> Symantec Corporation)
Task: {2D578C79-C768-4973-B599-3C6085E828CF} - System32\Tasks\CareCenter\Spotify Web Helper_Reg_HKCURun_S-1-5-21-1630993411-145381888-747447847-1001 => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe (Spotify AB -> Spotify Ltd)
Task: {2F1171C8-8F99-40CC-85F0-6C02351FE0A6} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {32DD3A34-10B3-4BBF-A519-BEB19B897897} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {42F19B06-23B5-4258-97F9-B82DE655E4B4} - System32\Tasks\Abelssoft\Abelssoft Abelssoft File Organizer_117 => C:\Program Files (x86)\Abelssoft File Organizer\AbLauncher.exe
Task: {43D3296B-AFF6-4CEA-8929-E06F9706C0E7} - System32\Tasks\Norton Security with Backup\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.16.3.21\SymErr.exe (Symantec Corporation -> Symantec Corporation)
Task: {4733B00B-CD56-4474-A8DE-87A80D8827A1} - System32\Tasks\Norton Security with Backup\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.16.3.21\SymErr.exe (Symantec Corporation -> Symantec Corporation)
Task: {4B03C7D4-4B11-44CA-A80A-B5B346229A13} - System32\Tasks\{6C49A8F2-4C8C-449C-BBB9-6F0A12CEE1BC} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Rick\Desktop\Navy\New folder\freezip.exe" -d "C:\Users\Rick\Desktop\Navy\New folder"
Task: {4FC8428F-A07A-49DE-9BEC-2A26C04F5344} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {51BB7444-0E84-4A99-82D0-B4AC2B2C19EC} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_Plugin.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {5DDA4DFC-3179-4CFB-BF12-D63DB742015B} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe (Acer Incorporated -> )
Task: {674997DC-07F8-4B9B-B01B-5E2BBD94FD74} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe (Acer Incorporated -> Acer Incorporated)
Task: {67DDF01E-9BE3-4F75-BAF1-E7E0C253CA0E} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_pepper.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {6A6745C1-3B55-430B-8821-1A00BBD3E284} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.16.3.21\WSCStub.exe (Symantec Corporation -> Symantec Corporation)
Task: {6D727AAB-CD0C-46F6-B520-A3EF4CB701A9} - System32\Tasks\X-Rite Device Services Software Updater => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe (X-Rite Incorporated -> X-Rite Inc.)
Task: {6F83278E-0757-4266-A13E-BE4996F1E4DB} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe (Nero AG -> Nero AG)
Task: {729A2C47-8797-48E8-B494-6C733C3442A5} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe (Acer Incorporated -> )
Task: {7A383737-2EC7-41EF-8D24-E7E745A1D810} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {7D0B6B5E-862D-4708-9F10-00EEC5698842} - System32\Tasks\CareCenter\BCSSync_Reg_HKLMWow6432Run => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {8258A44C-AF33-4AF8-BB6E-4FB3D00F296A} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {891D978B-CC83-4DC0-8B35-E6BF65228EEA} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe (Acer Incorporated -> )
Task: {A1B092F4-BB88-4842-B834-A63F5135FFF8} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\inPixio\InPixio Photo Clip 8 Demo\InPixioPhotoClip8.exe
Task: {A906909E-1638-427D-9571-0BAF4C968473} - System32\Tasks\CareCenter\ABBYY Screenshot Reader Bonus_Reg_HKCURun_S-1-5-21-1630993411-145381888-747447847-1001 => C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint\Bonus.ScreenshotReader.exe
Task: {B06FF82D-8BE6-4633-8D8D-C82D3162FB4B} - System32\Tasks\CareCenter\OneNote 2010 Screen Clipper and Launcher.lnk_FolderAppdata_S-1-5-21-1630993411-145381888-747447847-1001 => C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Task: {B59C37AA-5BDE-49D7-A3F6-2683D4B25389} - System32\Tasks\CareCenter\CanonQuickMenu_Reg_HKLMWow6432Run => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (Canon Inc. -> CANON INC.)
Task: {C7F54203-607F-41C8-9FD0-B0DF4DF5B24A} - System32\Tasks\GoogleUpdateTaskMachineCore1d1b3309b3906f6 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {D7569C8C-3763-4460-923B-DECB9FBC73A2} - System32\Tasks\S-1-5-21-1630993411-145381888-747447847-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe (Microsoft Windows -> Microsoft Corporation)
Task: {F17E0D40-D4EB-4086-B5DE-B7650AA84A4C} - System32\Tasks\CareCenter\OfficeSyncProcess_Reg_HKCURun_S-1-5-21-1630993411-145381888-747447847-1001 => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation -> Microsoft Corporation)
Task: {F89E8CF7-22D1-4BFC-8312-96F0FF6CA68A} - System32\Tasks\CareCenter\RTHDVCPL_Reg_HKLMRun => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\X-Rite Device Services Software Updater.job => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Rick\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-04-12 10:34 - 2018-04-12 10:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-12 10:34 - 2018-04-12 10:34 - 000444416 _____ () c:\windows\system32\SSDM.dll
2018-09-25 22:11 - 2019-02-07 01:15 - 002842608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-09-25 22:11 - 2019-02-07 01:15 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-10-02 22:04 - 2016-12-30 00:16 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-11-20 04:46 - 2018-11-20 04:46 - 004310296 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2018-04-12 10:34 - 2018-04-12 10:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-12 13:26 - 2018-11-09 13:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2014-01-07 06:48 - 2013-07-30 18:11 - 000110152 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2018-08-06 19:33 - 2018-08-06 19:33 - 000291864 _____ () C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\YunShellExt64.dll
2019-02-13 17:42 - 2019-02-06 13:25 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2019-02-08 17:50 - 2019-02-08 17:51 - 028028416 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe
2019-02-08 17:50 - 2019-02-08 17:50 - 000305152 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-10-09 15:33 - 2018-10-09 15:33 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2018-11-29 18:36 - 2018-11-29 18:36 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-02-08 17:50 - 2019-02-08 17:50 - 006033408 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\EntCommon.dll
2019-02-08 17:50 - 2019-02-08 17:50 - 009338368 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-10-04 16:35 - 2018-10-04 16:36 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-02-15 22:22 - 2019-02-15 22:22 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2019-02-15 22:22 - 2019-02-15 22:22 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2019-02-15 22:22 - 2019-02-15 22:22 - 010541568 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2019-02-15 22:22 - 2019-02-15 22:22 - 002933760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\skypert.dll
2019-02-15 22:22 - 2019-02-15 22:22 - 000688640 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2019-02-15 22:22 - 2019-02-15 22:22 - 002362096 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\Processing.NDI.Lib.UWP.x64.dll
2018-08-06 19:35 - 2018-08-06 19:35 - 001127448 _____ () C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\YunDetectService.exe
2019-02-15 22:22 - 2019-02-15 22:22 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2016-12-22 13:55 - 2016-08-18 07:50 - 002365920 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Smile\application\ColorMunki Smile Tray.exe
2017-10-04 14:06 - 2009-06-26 15:25 - 000356352 _____ () C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe
2019-01-02 21:28 - 2019-01-02 21:28 - 000059376 _____ () C:\Program Files\CCleaner\branding.dll
2018-09-08 00:04 - 2018-09-08 00:04 - 032745472 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1805.2331.0_x64__8wekyb3d8bbwe\PilotshubApp.dll
2018-09-08 00:04 - 2018-09-08 00:04 - 000528896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1805.2331.0_x64__8wekyb3d8bbwe\Helper.dll
2015-07-13 10:33 - 2015-07-13 10:33 - 001592832 _____ () C:\Program Files (x86)\X-Rite\Devices\rm200\GoldenEye.dll
2013-06-21 14:03 - 2013-06-21 14:03 - 002633728 _____ () C:\Program Files (x86)\X-Rite\Devices\colormunki\colormunki.dll
2016-12-22 13:55 - 2016-08-19 00:16 - 044202496 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Smile\application\Prism.dll
2016-12-22 13:55 - 2016-08-19 00:16 - 000898560 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Smile\application\libxml2.dll
2016-12-22 13:55 - 2016-08-19 00:16 - 003449344 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Smile\application\CxF2_VC90MD_2.1.dll
2016-12-22 13:55 - 2016-08-19 00:16 - 000073728 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Smile\application\zlib1.dll
2017-10-04 14:06 - 2009-07-22 16:58 - 000258048 _____ () C:\Program Files (x86)\ScanWizard 5\SFRes.dll
2018-11-20 02:11 - 2018-11-20 02:11 - 004310088 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-11-04 18:36 - 2015-11-04 18:36 - 000149720 _____ () C:\Program Files (x86)\Acer\abDocs Office AddIn\AcerWordAddin.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-23 00:25 - 2016-08-08 15:27 - 000000855 ____N C:\WINDOWS\system32\drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Acer\Remote Files\;C:\Program Files (x86)\Common Files\ACD Systems\EN\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1630993411-145381888-747447847-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rick\Documents\My Documents\Spare Icons\1\Photos 2\Wallpaper\BingWallpaper-2018-06-18.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
MSCONFIG\Services: ABBYY.Licensing.FineReader.Sprint.9.0 => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CCDMonitorService => 2
MSCONFIG\Services: CodeMeter.exe => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: GamesAppIntegrationService => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IJPLMSVC => 2
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: Intel® ME Service => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: L4301_Solar => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: NOBU => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: ReflectService.exe => 2
MSCONFIG\Services: Stereo Service => 2
HKLM\...\StartupApproved\StartupFolder: => "PC Clone EX.LNK"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "mylbx"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "LifeCam"
HKLM\...\StartupApproved\Run32: => "Malwarebytes Anti-Exploit"
HKLM\...\StartupApproved\Run32: => "ShaPlus Bandwidth Meter"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\Run: => "abDocsDllLoader"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\Run: => "OfficeSyncProcess"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\Run: => "ABBYY Screenshot Reader Bonus"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\Run: => "Avanquest Message"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\Run: => "5KPlayer"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\Run: => "Bonus.SSR.FR14"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\Run: => "UPSmart"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{0955A86A-2ED8-4E39-9329-0F2A2ABC8744}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe No File
FirewallRules: [{50143828-261D-4073-AE7B-F625BD9012A6}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe No File
FirewallRules: [{484F38D2-32FC-4FDC-9DC2-4DDEC02F66AA}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe No File
FirewallRules: [{7DC0C804-70DF-424D-BD87-6AD435A39C3E}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe No File
FirewallRules: [{EE5AF3DE-39B7-4032-8B82-A7DAC76C73CA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{8A6A80A5-8488-4639-AC02-0D10F3BA96E2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{2D90616E-620B-4704-9FE2-188396CD332B}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{897B1F29-60CF-4AFC-BA04-3BE54DA11E35}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FAE71AF6-7F25-4423-B1CA-E5D4C25A24BE}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{61F70EAE-A460-45BD-AC7D-542ED2A34FE7}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B1B8424F-3F40-4F51-AAE7-B0433B25D790}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{4C4AC1DC-3879-41DD-8E1A-9C8709745E01}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{E006BC02-43B3-41A1-BA28-2D78FAC1E58C}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe (Acer Incorporated -> acer)
FirewallRules: [{AC8334EF-1EBF-46D6-942D-E6645FDF3A02}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe (Acer Incorporated -> acer)
FirewallRules: [{6F2575DD-8B74-452A-A869-F3220637BA29}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{AA1F52B4-5D29-4263-983C-F171A36DD445}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{59A244B5-FD13-4CE9-B7BB-434E9B1CCB5C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{D0C095EF-62FB-4836-AF9E-09BBCCEDD3B1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{15937FE9-6B7C-4F06-A3AA-09E4142B19F6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{BC6340C9-1AAA-4B4A-884F-33EE6946AD08}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{710A0316-D030-4762-A753-884D9F048C01}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{0A791055-516F-4ABF-9CC0-7C60F8E04AE3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{7F9D5A5D-3277-4778-8DB6-43DE68F0F1F9}] => (Allow) C:\Program Files (x86)\stashimi\stashimi 12\Audials.exe (Audials AG -> Audials AG)
FirewallRules: [{3FCCCE94-DC9B-4961-990D-F763B5CDF777}] => (Allow) LPort=12972
FirewallRules: [{A5D845CB-23BA-4445-A24C-FE60495D37E4}] => (Allow) LPort=14714
FirewallRules: [{8007E4CA-A8D1-4C1F-9DEF-791B533C01DD}] => (Allow) LPort=31931
FirewallRules: [{49A38E7F-03A1-41A9-A70D-136BE1A71605}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe (Nero AG -> Nero AG)
FirewallRules: [{C9CC69B5-59D1-4B62-96C1-F3C853B80215}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe (Nero AG -> Nero AG)
FirewallRules: [{07755194-8ABB-4D57-8FE9-F2D7E9E1CE0C}] => (Allow) C:\Program Files (x86)\Nero\Nero 2015\Nero Burning ROM\StartNBR.exe (Nero AG -> Nero AG)
FirewallRules: [{3753B8A7-C901-420F-B35E-E695CFA30C26}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe (Nero AG -> Nero AG)
FirewallRules: [{C61BECE5-79BF-4348-A2BC-E705831F4572}] => (Allow) C:\Program Files (x86)\Nero\Nero 2015\Nero Burning ROM\nero.exe (Nero AG -> Nero AG)
FirewallRules: [{4AAF9233-4763-4545-9569-3A432271E7DE}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (Acer Incorporated -> Acer Cloud Technology)
FirewallRules: [{6D3F7FC8-EAB4-47B8-B745-80245527CD1D}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (Acer Incorporated -> Acer Cloud Technology)
FirewallRules: [{09FF3557-254C-4CA3-8034-4F22E5DEFF4E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FED014A0-63EE-45F5-8B26-CD012D2DDCA2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{52A5CACB-9FCD-4682-92EB-655F401BE9AA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{6B512EC7-1C9A-4DD0-B90B-F3260D3426ED}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{11764031-4EC4-46FD-BF07-045402D5F92D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{1033ED95-03C5-49BE-AED3-8A0CACCA4B07}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{E6B331CE-C73A-4EF3-8F2D-4E023D1C4A1F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{F5BB788E-DF73-4CCF-A918-C717FFBEFB6C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{32469169-AA4A-45EB-ACB1-CE527B05773B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{38363DE5-0DF2-4D82-91E0-FA87882BB990}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{BFA0A2B0-62A9-40BA-B6EB-36ED5C0698EF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3503228D-7DAD-4A19-8D18-181F6D555EB2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{33E3A89D-8087-4EE4-B24A-8A9AD592F383}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0EEFCB46-7766-49B8-8658-0795DC9BFDF2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CB345A0B-5CFD-4DA3-8DF8-533AF5BBCAC2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BD99BF21-82FD-4F96-8C8E-9C395773199D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{32DA455E-E9CB-46B6-A5BA-4D85A2D09E33}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
FirewallRules: [{BF17EB2F-6735-44B1-B7B8-DF2AF8D34021}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
FirewallRules: [{E25F5355-6388-4598-B2A9-B2C64F9CFE62}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
FirewallRules: [{20E6D3A9-4BD0-40A4-9A38-2C32477831DA}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
FirewallRules: [{2F288AEC-36A5-410F-845A-FDBC12DB8DE1}] => (Allow) LPort=5454
FirewallRules: [{81821348-98D7-44C8-BA48-72A6A06ED2EA}] => (Allow) LPort=5454
FirewallRules: [{A4A4AE44-7EC8-455B-A560-BD6C2CB6DA66}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2018\on1sandbox.exe No File
FirewallRules: [{51D22DDC-5C82-4E23-8274-257254BF729E}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2018\on1sandbox.exe No File
FirewallRules: [{35F70A29-BE37-4140-977B-FA4726385DF0}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2018\on1capture.exe No File
FirewallRules: [{63EFCE3B-EFFE-4686-BD84-4E8318A16A87}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2018\on1capture.exe No File
FirewallRules: [{1051BA62-C267-4506-8C21-30088E14074C}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2018\on1 photo raw 2018.exe No File
FirewallRules: [{F614331A-D0D5-4542-B9A9-DA557EE0D6C6}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2018\on1 photo raw 2018.exe No File
FirewallRules: [{F0295F0F-85D4-4554-B3AF-893FB77414B1}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [{8A1B1CB5-E93D-4CE5-BD55-93384AAD9EF1}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [TCP Query User{68FD5875-AB16-4B73-866E-0FDAA21B88F4}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe (Digiarty, Inc. -> DearMob)
FirewallRules: [UDP Query User{F5A1BA6C-C456-4E11-9357-B01CF09840BC}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe (Digiarty, Inc. -> DearMob)
FirewallRules: [{306B9756-D585-4046-85CB-5779A0470EC4}] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe (Digiarty, Inc. -> DearMob)
FirewallRules: [{A710A770-E3F8-422A-87D7-2BADDBB83176}] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe (Digiarty, Inc. -> DearMob)
FirewallRules: [TCP Query User{E0311600-CFE6-4EE0-9FE4-5F080D548139}C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe] => (Block) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe No File
FirewallRules: [UDP Query User{7372B4B5-E4B1-40DF-AAAB-591E3BED6389}C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe] => (Block) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe No File
FirewallRules: [{12C793FA-308C-483E-A837-D55A23A9B9E0}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{C74F49EA-15F3-4ACA-8D9D-E1F65FF23CE5}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{7DC66632-EE26-4ACB-BF46-A41F6ED806C2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DBC7321D-2567-4F07-BBDF-C0EED41F366B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CE1E5A85-3049-4129-842C-D4925CB80336}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
 
==================== Restore Points =========================
 
11-02-2019 12:58:33 Scheduled Checkpoint
15-02-2019 17:31:33 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/15/2019 06:21:17 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: Event-ID 3
 
Error: (02/15/2019 06:21:17 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: Event-ID 3
 
Error: (02/15/2019 06:21:17 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: Event-ID 3
 
Error: (02/15/2019 06:21:17 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: Event-ID 3
 
Error: (02/15/2019 06:21:17 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: Event-ID 3
 
Error: (02/15/2019 06:21:17 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: Event-ID 3
 
Error: (02/15/2019 06:21:17 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: Event-ID 3
 
Error: (02/15/2019 06:21:17 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: Event-ID 3
 
 
System errors:
=============
Error: (02/16/2019 02:47:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscBrokerManager
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/16/2019 02:46:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/16/2019 02:46:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/16/2019 02:46:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Media Player Network Sharing Service service terminated with the following error: 
An attempt was made to reference a token that does not exist.
 
Error: (02/16/2019 02:45:25 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (02/16/2019 02:43:20 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume H: encountered a non-retryable error and could not start.  The data contains the error code.
 
Error: (02/16/2019 02:42:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The X-Rite Device Services Manager service failed to start due to the following error: 
The pipe has been ended.
 
Error: (02/16/2019 02:42:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Remediation Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
 
Date: 2019-01-23 05:22:38.485
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Acer\shellext\x64\shellext_win.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-01-23 05:22:38.458
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Acer\shellext\x64\shellext_win.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-01-23 05:22:38.432
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Acer\shellext\x64\shellext_win.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-01-23 05:22:38.405
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.16.3.21\BuShell.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-01-23 05:22:38.392
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.16.3.21\BuShell.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-01-23 05:22:38.379
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.16.3.21\BuShell.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-01-23 05:22:38.297
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Acer\shellext\x64\shellext_win.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-01-23 05:22:38.269
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Acer\shellext\x64\shellext_win.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4440 CPU @ 3.10GHz
Percentage of memory in use: 36%
Total physical RAM: 8125.09 MB
Available physical RAM: 5184.32 MB
Total Virtual: 16317.09 MB
Available Virtual: 13375.18 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:457.31 GB) (Free:384.13 GB) NTFS
Drive d: (DATA) (Fixed) (Total:457.31 GB) (Free:457.12 GB) NTFS
Drive f: (My Passport Ultra) (Fixed) (Total:931.48 GB) (Free:894.08 GB) NTFS
Drive h: (HP SimpleSave) (Fixed) (Total:930.86 GB) (Free:468.44 GB) NTFS
 
\\?\Volume{b096842d-7d80-4c4a-8eb4-e5827b8055db}\ (Recovery) (Fixed) (Total:0.39 GB) (Free:0.15 GB) NTFS
\\?\Volume{f6bcedad-eb04-46fa-b9ae-76917f8a3f45}\ (Push Button Reset) (Fixed) (Total:16.08 GB) (Free:1.17 GB) NTFS
\\?\Volume{dab56a16-f60a-48f0-ab2f-c837a014a40d}\ (ESP) (Fixed) (Total:0.29 GB) (Free:0.24 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 3456572E)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 9B4C464D)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 930.9 GB) (Disk ID: 0016E3C0)
Partition 1: (Not Active) - (Size=930.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#18
Joeicam
Posted 16 February 2019 - 10:11 PM

Joeicam

    Malware Removal

  • Malware Removal
  • 1,289 posts
Hi Rickles,
 
Thanks for those logs. Let's try something...
 
Step 1 of 1: FRST Registry Search
  • Right-click the FRST application and select run as administrator. When the tool opens click Yes to disclaimer.
  • Copy/paste the following into the box after "Search:" Badiu
  • FRST will search your registry. When finished it will produce a log entitled SearchReg.txt in the same directory the tool is run.
  • Please copy and paste the log back here.
===============================================
 
When you reply to me, I need to see:
  • Any questions/concerns you might have, or if you were not able to complete any of the steps above
  • The copied and pasted results of the SearchReg.txt log
 
 

  • 0

#19
Rickles
Posted 17 February 2019 - 02:24 AM

Rickles

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 629 posts

Hi Joe,

 

After typing in the word Badiu I presume you wanted me to press the Search Registry button? Regards

 

Farbar Recovery Scan Tool (x64) Version: 16.02.2019 01
Ran by Rick (17-02-2019 18:22:08)
Running from C:\Users\Rick\Desktop\Downloads\Geeks 11 01 19
Boot Mode: Normal
 
================== Search Registry: "Badiu" ===========
 
 
====== End of Search ======

  • 0

#20
Joeicam
Posted 17 February 2019 - 09:27 AM

Joeicam

    Malware Removal

  • Malware Removal
  • 1,289 posts

Hi Rickles,

 

After typing in the word Badiu I presume you wanted me to press the Search Registry button? Regards

You were correctly! Sorry about that, I'll updated my instructions :).

 

  • Try those instructions again, but instead type the following into the FRST box: baidu
  • Then click the "Search Registry" button
  • Copy/paste the log back here when it's finished

- Joe

 


  • 0

#21
Rickles
Posted 17 February 2019 - 10:03 PM

Rickles

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 629 posts

Hi Joe,

 

Log  and popups as requested.

 

During a search for a program I came across this, see photos, it is only a shortcut but goes nowhere.

 

Regards

 

Farbar Recovery Scan Tool (x64) Version: 17.02.2019
Ran by Rick (18-02-2019 14:49:24)
Running from C:\Users\Rick\Desktop\Downloads\Geeks 11 01 19
Boot Mode: Normal
 
================== Search Registry: "Badiu" ===========
 
 
====== End of Search ======

Attached Thumbnails

  • G1.jpg
  • G2.jpg
  • G3.jpg

  • 0

#22
Rickles
Posted 17 February 2019 - 10:17 PM

Rickles

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 629 posts

Hi Joe,

 

I noticed just as I posted the last reply that the word  BAIDA has been spelt in two different ways.

 

The previous log was spelt Badiu and then I noticed that in your last post it was spelt Baidu, no letter i.

 

Years ago when I was learning photography I was taught to proof read and the old Professor did the same kind of thing to give me practise.

 

So I rescanned:

 

Farbar Recovery Scan Tool (x64) Version: 17.02.2019
Ran by Rick (18-02-2019 15:08:25)
Running from C:\Users\Rick\Desktop\Downloads\Geeks 11 01 19
Boot Mode: Normal
 
================== Search Registry: "baidu" ===========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Baiduyunguanjia]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Baiduyunguanjia]
""="BaiduyunguanjiaProtocol"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Baiduyunguanjia]
"URL Protocol"="C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\YunDetectService.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Baiduyunguanjia\DefaultIcon]
""="C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\YunDetectService.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Baiduyunguanjia\shell\open\command]
""=""C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\YunDetectService.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduYunGuanjia.torrent]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduYunGuanjia.torrent\DefaultIcon]
""="C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\YunTorrentFile.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduYunGuanjia.torrent\Shell\Open\Command]
""=""C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\BaiduNetdisk.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D85624F-305A-491d-8848-C1927AA0D790}\InprocServer32]
""="C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\YunShellExt64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{75711486-6BB1-4C76-853A-F3B7763FACF4}\1.0\0\win64]
""="C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\YunShellExt64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{75711486-6BB1-4C76-853A-F3B7763FACF4}\1.0\HELPDIR]
""="C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8D20829A-1E9A-47CE-B851-08E204DDC970}\1.0\0\win32]
""="C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\npYunWebDetect.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8D20829A-1E9A-47CE-B851-08E204DDC970}\1.0\HELPDIR]
""="C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\InprocServer32]
""="C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\npYunWebDetect.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\ToolboxBitmap32]
""="C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\npYunWebDetect.dll, 105"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Baidu]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Baidu\BaiduYunGuanjia]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Baidu\BaiduYunGuanjia]
"installDir"="C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度云管家]
"UninstallString"=""C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\uninst.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度云管家]
"DisplayIcon"=""C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\BaiduNetdisk.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度云管家]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\百度云管家]
"InstallLocation"=""C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk""
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\MozillaPlugins\@baidu.com/YunWebDetectPlugin]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\MozillaPlugins\@baidu.com/YunWebDetectPlugin]
"Path"="C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\npYunWebDetect.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\MozillaPlugins\@baidu.com/YunWebDetectPlugin]
"Vendor"="Baidu,Inc."
[HKEY_USERS\S-1-5-21-1630993411-145381888-747447847-1001\Software\Baidu]
[HKEY_USERS\S-1-5-21-1630993411-145381888-747447847-1001\Software\Baidu\BaiduYunGuanjia]
[HKEY_USERS\S-1-5-21-1630993411-145381888-747447847-1001\Software\Baidu\BaiduYunGuanjia]
"installDir"="C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk"
[HKEY_USERS\S-1-5-21-1630993411-145381888-747447847-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"BaiduYunGuanjia"="0x020000000000000000000000"
[HKEY_USERS\S-1-5-21-1630993411-145381888-747447847-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"BaiduYunDetect"="0x020000000000000000000000"
[HKEY_USERS\S-1-5-21-1630993411-145381888-747447847-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"BaiduYunGuanjia"=""C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\BaiduNetdisk.exe" AutoRun"
[HKEY_USERS\S-1-5-21-1630993411-145381888-747447847-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"BaiduYunDetect"=""C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\YunDetectService.exe""
[HKEY_USERS\S-1-5-21-1630993411-145381888-747447847-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\Rick\Downloads\BaiduNetdisk-6.2.4.exe"="0x53414350010000000000000007000000280000009858E401C7ADE40101000000000000000000010600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000016960401000000000100000001000000"
[HKEY_USERS\S-1-5-21-1630993411-145381888-747447847-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\BaiduNetdisk.exe"="0x534143500100000000000000070000002800000018EC7F0094BB800001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000005A200300000000000300000003000000"
[HKEY_USERS\S-1-5-21-1630993411-145381888-747447847-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\uninst.exe"="0x534143500100000000000000070000002800000000831E00ADA71E0001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000E14B0600000000000600000006000000"
[HKEY_USERS\S-1-5-21-1630993411-145381888-747447847-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\Rick\Desktop\Downloads\New Scanner\BaiduNetdisk-6.2.4.exe"="0x53414350010000000000000007000000280000009858E401C7ADE40101000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000C7E75400000000000100000001000000"
 
====== End of Search ======
 
Regards

  • 0

#23
Joeicam
Posted 18 February 2019 - 10:14 PM

Joeicam

    Malware Removal

  • Malware Removal
  • 1,289 posts
Hi Rickles,
 

The previous log was spelt Badiu and then I noticed that in your last post it was spelt Baidu, no letter i.

No worries  :). It got me too! Let's continue...
 
Step 1 of 3: Fix with FRST
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Open FRST. Please copy the entire contents of the code box below, excluding the word "Quote". (To do this highlight the contents of the box, right click on it and select copy. NOTE: It is not necessary to paste the copied text anywhere. The FRST tool is designed to work with fixes that are copied directly to the clipboard. 
  • Navigate back to FRST and click on Fix
Start::
CreateRestorePoint:
() C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\YunDetectService.exe
C:\Users\Rick\AppData\Roaming\baidu
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [BaiduYunGuanjia] => "C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\BaiduNetdisk.exe" AutoRun
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [BaiduYunDetect] => C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\YunDetectService.exe [1127448 2018-08-06] (Beijing Baidu Netcom Science and Technology Co.,Ltd -> )
FF Plugin-x32: @baidu.com/YunWebDetectPlugin -> C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\npYunWebDetect.dll [No File]
ContextMenuHandlers1-x32-x32-x32: [YunShellExt] -> {6D85624F-305A-491d-8848-C1927AA0D790} => C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\YunShellExt64.dll [2018-08-06] (Beijing Baidu Netcom Science and Technology Co.,Ltd -> )
ContextMenuHandlers4-x32: [YunShellExt] -> {6D85624F-305A-491d-8848-C1927AA0D790} => C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\YunShellExt64.dll [2018-08-06] (Beijing Baidu Netcom Science and Technology Co.,Ltd -> )
C:\Users\Rick\Downloads\BaiduNetdisk-6.2.4.exe
C:\Users\Rick\Desktop\Downloads\New Scanner\BaiduNetdisk-6.2.4.exe
Reboot:
End::

 

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
Step 2 of 3: Run Malwarebytes
 
Since you already have Malwarebytes installed, open it up as you did before, and follow the directions below:
  • If an update is found, you will be prompted to download and install the latest version.
  • On the Dashboard screen, click the blue Scan Now button.
  • Wait for Malwarebytes Anti-Malware to finish the scan
  • If the program detects anything, click Remove Selected. The program might want to reboot the system. Allow it if it wants to.
  • Once the deletion is done (or after reboot), go to Reports, put a check-mark next to the most current Scan Report and click View Report.
  • Click Export, then click Copy to Clipboard.
  • Paste (CTRL+V) the log into your next reply.
 
Step 3 of 3: Re-Scan with FRST
  • Right-click the FRST application and select run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce logs called FRST.txt and Addition.txt in the same directory the tool is run from.
  • Please copy and paste the logs back here.
===============================================
 
When you reply to me, I need to see:
  • Any questions/concerns you might have, or if you were not able to complete any of the steps above
  • The copied and pasted results of Fixlog.txt
  • The copied and pasted results of the Malwarebytes text file
  • The copied and pasted results of the FRST.txt and Addition.txt logs

 


  • 0

#24
Rickles
Posted 19 February 2019 - 10:55 PM

Rickles

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 629 posts

Hi Joe,

 

Logs as requested. If they do not all load on one page I will send them one at a time.

 

I have noticed that when I right click a folder the Chinese script no longer appears.

 

Regards

 

Logs:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 18.02.2019
Ran by Rick (20-02-2019 15:09:56) Run:2
Running from C:\Users\Rick\Desktop\Downloads\Geeks 11 01 19
Loaded Profiles: Rick (Available Profiles: Rick & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
() C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\YunDetectService.exe
C:\Users\Rick\AppData\Roaming\baidu
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [BaiduYunGuanjia] => "C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\BaiduNetdisk.exe" AutoRun
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [BaiduYunDetect] => C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\YunDetectService.exe [1127448 2018-08-06] (Beijing Baidu Netcom Science and Technology Co.,Ltd -> )
FF Plugin-x32: @baidu.com/YunWebDetectPlugin -> C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\npYunWebDetect.dll [No File]
ContextMenuHandlers1-x32-x32-x32: [YunShellExt] -> {6D85624F-305A-491d-8848-C1927AA0D790} => C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\YunShellExt64.dll [2018-08-06] (Beijing Baidu Netcom Science and Technology Co.,Ltd -> )
ContextMenuHandlers4-x32: [YunShellExt] -> {6D85624F-305A-491d-8848-C1927AA0D790} => C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\YunShellExt64.dll [2018-08-06] (Beijing Baidu Netcom Science and Technology Co.,Ltd -> )
C:\Users\Rick\Downloads\BaiduNetdisk-6.2.4.exe
C:\Users\Rick\Desktop\Downloads\New Scanner\BaiduNetdisk-6.2.4.exe
Reboot:
 
*****************
 
Restore point was successfully created.
[12200] C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\YunDetectService.exe => process closed successfully.
C:\Users\Rick\AppData\Roaming\baidu => moved successfully
"HKU\S-1-5-21-1630993411-145381888-747447847-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BaiduYunGuanjia" => removed successfully
"HKU\S-1-5-21-1630993411-145381888-747447847-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BaiduYunDetect" => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@baidu.com/YunWebDetectPlugin => removed successfully
ContextMenuHandlers1-x32-x32-x32: [YunShellExt] -> {6D85624F-305A-491d-8848-C1927AA0D790} => C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\YunShellExt64.dll [2018-08-06] (Beijing Baidu Netcom Science and Technology Co.,Ltd -> ) => Error: No automatic fix found for this entry.
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\YunShellExt => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{6D85624F-305A-491d-8848-C1927AA0D790} => not found
"C:\Users\Rick\Downloads\BaiduNetdisk-6.2.4.exe" => not found
"C:\Users\Rick\Desktop\Downloads\New Scanner\BaiduNetdisk-6.2.4.exe" => not found
 
 
The system needed a reboot.
 
==== End of Fixlog 15:10:29 ====
 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 2/20/19
Scan Time: 3:18 PM
Log File: a33675e8-34c6-11e9-8cf2-40f02f1b2390.json
 
-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.538
Update Package Version: 1.0.9346
License: Premium
 
-System Information-
OS: Windows 10 (Build 17134.590)
CPU: x64
File System: NTFS
User: HALPC\Rick
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 365366
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 17 min, 10 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18.02.2019
Ran by Rick (administrator) on HALPC (20-02-2019 15:41:11)
Running from C:\Users\Rick\Desktop\Downloads\Geeks 11 01 19
Loaded Profiles: Rick (Available Profiles: Rick & Administrator)
Platform: Windows 10 Home Version 1803 17134.590 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.3.21\NortonSecurity.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.3.21\nsWscSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Secure VPN\client\NSVService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.3.21\NortonSecurity.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\X-Rite\ColorMunki Smile\application\ColorMunki Smile Tray.exe
() C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\Creator\FoxitProxyServer_Socket_RD.exe
(Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-21] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [mylbx] => C:\Program Files\My Lockbox\mylbx.exe [2143552 2012-03-21] (FSPro Labs -> FSPro Labs)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [2309008 2017-09-19] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [UPSmart2000R] => C:\Program Files (x86)\UPSmart2000R\UPSmart2000R.exe [1721856 2011-06-21] () [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [1769312 2015-11-23] (Acer Incorporated -> )
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1104384 2014-01-07] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [Avanquest Message] => C:\Users\Rick\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497640 2017-02-20] (AVANQUEST S.A. -> Avanquest Software)
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [5KPlayer] => C:\Program Files (x86)\DearMob\5KPlayer\5KPlayer.exe [29318088 2018-06-20] (Digiarty, Inc. -> DearMob)
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [Bonus.SSR.FR14] => "C:\Program Files (x86)\ABBYY FineReader 14\ScreenshotReader.exe" /autorun
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [SurfEasy] => C:\Program Files (x86)\Norton WiFi Privacy\client\Norton WiFi Privacy.exe startup
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [Deskpecker] => C:\Program Files (x86)\Zamaan's Software\Deskpecker 1.0\deskpecker.exe
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19646312 2019-02-13] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [UPSmart] => C:\Program Files (x86)\IDBK\UPSmart\UPSmart.exe [4472320 2015-04-10] ()
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1708016 2019-02-13] (Google LLC -> Google Inc.)
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --notification-launch-id=0|2|Default|0|chrome-extension://admmjipmmciaobhojoghlmleefbicajg/|admmjipmmciaobhojoghlmleefbicajg-52d81f95-f5f9-4213-8fd9-b451d6a0ec2b --flag-switches-begin --flag-switches-end --restore-last-session
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\MountPoints2: {07374292-edfb-11e3-825e-40f02f1b2390} - "G:\HPLauncher.exe" 
HKU\S-1-5-21-1630993411-145381888-747447847-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\DOLPHI~1.SCR [275931 2005-05-16] ()
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [175392 2012-10-26] (Logitech Inc.)
HKLM\...\Drivers32: [vidc.rscc] => C:\Windows\system32\rscc.dll [836096 2013-02-21] (RSUPPORT)
HKLM\...\Drivers32: [MSVideo] => C:\Windows\system32\vfwwdm32.dll [67072 2018-04-12] (Microsoft Corporation)
HKLM\...\Drivers32-x32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech Inc.)
HKLM\...\Drivers32-x32: [vidc.MPG4] => C:\Windows\SysWOW64\MPG4C32.dll [413760 2010-03-15] (Microsoft Corporation)
HKLM\...\Drivers32-x32: [vidc.MP42] => C:\Windows\SysWOW64\MPG4C32.dll [413760 2010-03-15] (Microsoft Corporation)
HKLM\...\Drivers32-x32: [vidc.MP43] => C:\Windows\SysWOW64\MPG4C32.dll [413760 2010-03-15] (Microsoft Corporation)
HKLM\...\Drivers32-x32: [vidc.rscc] => C:\Windows\SysWOW64\rscc.dll [671744 2013-02-21] (RSUPPORT)
HKLM\...\Drivers32-x32: [vidc.n264] => C:\Windows\SysWOW64\n264.dll [12888576 2014-10-20] (RSUPPORT)
HKLM\...\Drivers32-x32: [vidc.mp4v] => C:\Windows\SysWOW64\n264.dll [12888576 2014-10-20] (RSUPPORT)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\Installer\chrmstp.exe [2019-02-16] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2013-09-25] (Qualcomm Atheros -> Qualcomm®Atheros®)
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2013-09-25] (Qualcomm Atheros -> Qualcomm®Atheros®)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ColorMunki Smile Tray.lnk [2017-02-17]
ShortcutTarget: ColorMunki Smile Tray.lnk -> C:\Program Files (x86)\X-Rite\ColorMunki Smile\application\ColorMunki Smile Tray.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Finder.lnk [2017-10-04]
ShortcutTarget: Scanner Finder.lnk -> C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe ()
Startup: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2018-07-31]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{700625b6-a397-4ec9-928e-f5e2582bcb2a}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{dc9ebe64-8951-4d4c-8f4e-7a22cf7a6f01}: [DhcpNameServer] 10.0.0.138
 
Internet Explorer:
==================
HKU\S-1-5-21-1630993411-145381888-747447847-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\S-1-5-21-1630993411-145381888-747447847-1001 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=oem&geo=AU&ver=22.16.3.21&locale=en_AU&guid=F113AF33-50B6-4FC4-9B92-A61EDF325BE2&doi=2016-09-01&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-1630993411-145381888-747447847-1001 -> {2EE8CAB0-3292-4D28-A7B7-2A77AFAA1ACE} URL = 
SearchScopes: HKU\S-1-5-21-1630993411-145381888-747447847-1001 -> {6BF85770-390E-4771-8FDF-86EA5796A242} URL = hxxps://www.google.com.au/search?hl=en&q={searchTerms}&meta=cr%3DcountryAU
SearchScopes: HKU\S-1-5-21-1630993411-145381888-747447847-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=oem&geo=AU&ver=22.16.3.21&locale=en_AU&guid=F113AF33-50B6-4FC4-9B92-A61EDF325BE2&doi=2016-09-01&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-1630993411-145381888-747447847-1001 -> {C7C07245-7FB2-48A9-85DE-F1A2B330DC1D} URL = hxxps://www.google.com.au/search?hl=en&q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.)
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.16.3.21\coIEPlg.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_201\bin\ssv.dll [2019-01-19] (Oracle America, Inc. -> Oracle Corporation)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-01-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.16.3.21\coIEPlg.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.16.3.21\coIEPlg.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.16.3.21\coIEPlg.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
DPF: HKLM-x32 {CB927D12-4FF7-4A9E-A169-56E4B8A75598} hxxps://qtinstall.apple.com/qtactivex/qtplugin.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
 
FireFox:
========
FF DefaultProfile: zv9a8e0y.default
FF ProfilePath: C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\zv9a8e0y.default [2019-02-20]
FF Homepage: Mozilla\Firefox\Profiles\zv9a8e0y.default -> hxxps://www.google.com.au/?gws_rd=ssl|hxxps://www.google.com.au/?gws_rd=ssl|about:preferences
FF Extension: (Norton Password Manager) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\zv9a8e0y.default\Extensions\[email protected] [2019-01-05]
FF Extension: (Norton Safe Search) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\zv9a8e0y.default\Extensions\[email protected] [2018-11-22] [UpdateUrl:hxxps://static.nortoncdn.com/idscp/firefox/nsss/ds/updates.json]
FF Extension: (Norton Safe Search) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\zv9a8e0y.default\Extensions\[email protected] [2018-11-22] [UpdateUrl:hxxps://static.nortoncdn.com/idscp/firefox/nsss/ds_modified/updates.json]
FF Extension: (Norton Safe Web) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\zv9a8e0y.default\Extensions\[email protected] [2019-01-05]
FF Extension: (Safe Preview) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\zv9a8e0y.default\Extensions\[email protected] [2016-06-08] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_142.dll [2019-02-13] ()
FF Plugin: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-01-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-01-19] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_142.dll [2019-02-13] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2016-04-14] (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-12-27] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-12-27] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-12-27] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-12-27] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-20] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\Program Files (x86)\Common Files\Nero\BrowserPlugin\npBrowserPlugin.dll [2014-08-29] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2018-05-01] ()
FF Plugin HKU\S-1-5-21-1630993411-145381888-747447847-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Rick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-19] (Unity Technologies ApS)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com
CHR StartupUrls: Default -> "hxxps://www.google.com.au/webhp?cr=countryAU&tbs=ctr:countryAU"
CHR NewTab: Default -> "active": false,
            "entry": "chrome-extension://mhffmephdchhhbfjmdpoaldedhhdanbn/homePageRedirect.html"
          
CHR Profile: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default [2019-02-14]
CHR Extension: (Google Slides) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-27]
CHR Extension: (Logitech Unifying for Chrome) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\agpmgihmmmfkbhckmciedmhincdggomo [2015-10-27]
CHR Extension: (Google Docs) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-27]
CHR Extension: (Google Drive) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]
CHR Extension: (YouTube) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-27]
CHR Extension: (Norton Security Toolbar) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-12-07]
CHR Extension: (Google Search) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-12-06]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2015-12-07]
CHR Extension: (Google Sheets) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (AdBlock) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-04]
CHR Extension: (Norton Identity Safe) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-12-06]
CHR Extension: (Norton Safe) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2015-10-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-27]
CHR Extension: (Norton Security Toolbar) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2015-10-27]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2015-11-16]
CHR Extension: (Gmail) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-27]
CHR Profile: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default [2019-02-20]
CHR Extension: (Slides) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Norton Password Manager) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\admmjipmmciaobhojoghlmleefbicajg [2019-02-19]
CHR Extension: (Docs) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-07]
CHR Extension: (YouTube) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-07]
CHR Extension: (Flash Player) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmimdmkleccdoghpgdhaahkelfhjfhgm [2018-10-30]
CHR Extension: (Google Search) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-07]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2016-09-26]
CHR Extension: (Norton Safe Search) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogpedgkejfmehnklhahflpmplhiceal [2018-11-16]
CHR Extension: (Sheets) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Norton Safe Web) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpbeacklnhmkkilekogeiekaglbmmka [2019-01-24]
CHR Extension: (Google Docs Offline) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-15]
CHR Extension: (AdBlock) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-02-16]
CHR Extension: (Skype) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-26]
CHR Extension: (Norton Home Page) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhffmephdchhhbfjmdpoaldedhhdanbn [2018-12-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-07]
CHR Extension: (Chrome Media Router) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-16]
CHR Profile: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-02-20]
CHR Profile: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\System Profile [2019-02-20]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.3.21\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1630993411-145381888-747447847-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.3.21\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc. -> Apple Inc.)
S4 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2860760 2016-01-14] (Acer Incorporated -> Acer Incorporated)
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] (Canon Inc. -> )
S4 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Trusted Connect Service -> Intel® Corporation)
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-20] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-20] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-31] (Logitech -> Logitech, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-01] (Symantec Corporation -> Symantec Corporation)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.16.3.21\NortonSecurity.exe [328648 2018-12-13] (Symantec Corporation -> Symantec Corporation)
R2 NortonWiFiPrivacy; C:\Program Files (x86)\Norton Secure VPN\client\NSVService.exe [6236176 2018-11-22] (Symantec Corporation -> Symantec Corporation)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.16.3.21\nsWscSvc.exe [915712 2018-12-13] (Symantec Corporation -> Symantec Corporation)
S4 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3476432 2015-10-12] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [355184 2017-09-19] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4403496 2019-01-09] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-21] (Microsoft Corporation -> Microsoft Corporation)
R2 xrdd.exe; C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe [83312 2015-09-18] (X-Rite Incorporated -> X-Rite Inc.)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 378634B9; C:\WINDOWS\System32\drivers\378634B9.sys [478392 2016-09-13] (Kaspersky Lab -> Kaspersky Lab ZAO)
R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2018-04-12] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.12.0.104\Definitions\BASHDefs\20190212.002\BHDrvx64.sys [1934048 2019-02-12] (Symantec Corporation -> Symantec Corporation)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [610336 2016-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\ccSetx64.sys [189152 2018-12-12] (Symantec Corporation -> Symantec Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515792 2018-12-05] (Symantec Corporation -> Symantec Corporation)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation -> EldoS Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153296 2018-12-07] (Symantec Corporation -> Symantec Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
S3 EyeOneDisplay; C:\WINDOWS\System32\Drivers\i1display_x64.sys [15016 2013-01-07] (X-Rite Incorporated -> GretagMacbeth LLC)
R0 FSProFilter; C:\WINDOWS\System32\Drivers\FSPFltd.sys [54848 2010-07-22] (FSPro Labs -> FSPro Labs)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.12.0.104\Definitions\IPSDefs\20190219.061\IDSvia64.sys [1424904 2019-01-23] (Symantec Corporation -> Symantec Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-02-20] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-02-20] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [72864 2019-02-20] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-02-20] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [114040 2019-02-20] (Malwarebytes Corporation -> Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-20] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
U5 NortonSecureVPN; C:\Program Files (x86)\Norton Secure VPN\client\NSVService.exe [6236176 2018-11-22] (Symantec Corporation -> Symantec Corporation)
S3 npf; C:\WINDOWS\system32\drivers\npf.sys [35344 2018-07-17] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvaewu.inf_amd64_8baa9d083edacf87\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation -> NVIDIA Corporation)
R2 RtkIOAC60; C:\WINDOWS\system32\DRIVERS\RtkIOAC60.sys [29912 2013-07-19] (Realtek Semiconductor Corp -> Realtek semiconductor corp)
R1 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SRTSP64.SYS [855256 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SRTSPX64.SYS [49880 2018-12-12] (Symantec Corporation -> Symantec Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SYMEFASI64.SYS [1969328 2018-12-12] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SymELAM.sys [25744 2018-12-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-06-15] (Symantec Corporation -> Symantec Corporation)
S4 SymEvnt; C:\Program Files\Norton Security\NortonData\22.12.0.104\SymPlatform\SymEvnt.sys [678616 2019-02-02] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\Ironx64.SYS [308416 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\symnets.sys [567024 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R3 SymTAP; C:\WINDOWS\System32\drivers\SymTAP.sys [52512 2018-10-13] (Symantec Corporation -> The OpenVPN Project)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2018-05-05] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\wpCtrlDrv.sys [1011056 2018-12-12] (Symantec Corporation -> Symantec Corporation)
U3 aswbdisk; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-20 15:30 - 2019-02-20 15:30 - 000000000 ____D C:\Users\Rick\Desktop\POWERTECH PLUS MB-3603 User Manual
2019-02-20 15:18 - 2019-02-20 15:18 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-02-20 15:18 - 2019-02-20 15:18 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-02-20 15:18 - 2019-02-20 15:18 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-02-20 15:18 - 2019-02-20 15:18 - 000114040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-02-20 15:18 - 2019-02-20 15:18 - 000072864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-02-20 15:15 - 2019-02-20 15:40 - 000000000 ____D C:\Users\Rick\Desktop\To Post
2019-02-20 14:18 - 2019-02-20 14:18 - 000000000 ____D C:\Users\Rick\AppData\Local\AOP SDK
2019-02-20 02:40 - 2019-02-20 02:40 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2019-02-17 18:26 - 2019-02-17 18:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-02-17 18:26 - 2019-02-01 11:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-02-17 18:26 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-02-15 22:20 - 2019-02-15 22:20 - 000000000 ____D C:\Users\Rick\AppData\Roaming\Ashampoo
2019-02-14 14:21 - 2019-02-14 14:21 - 000003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2019-02-14 14:10 - 2019-02-14 14:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2019-02-14 14:10 - 2019-02-14 14:10 - 000000000 ____D C:\Program Files\VS Revo Group
2019-02-13 17:42 - 2019-02-06 18:54 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-02-13 17:42 - 2019-02-06 18:32 - 003648512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-02-13 17:42 - 2019-02-06 17:52 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-02-13 17:42 - 2019-02-06 14:01 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-02-13 17:42 - 2019-02-06 14:01 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-02-13 17:42 - 2019-02-06 14:00 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-02-13 17:42 - 2019-02-06 14:00 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-02-13 17:42 - 2019-02-06 14:00 - 006572416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-13 17:42 - 2019-02-06 14:00 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-02-13 17:42 - 2019-02-06 13:52 - 022014464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-02-13 17:42 - 2019-02-06 13:45 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-02-13 17:42 - 2019-02-06 13:42 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-02-13 17:42 - 2019-02-06 13:41 - 025853952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-02-13 17:42 - 2019-02-06 13:40 - 005792256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-02-13 17:42 - 2019-02-06 13:37 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-02-13 17:42 - 2019-02-06 13:33 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-02-13 17:42 - 2019-02-06 13:29 - 004865536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-02-13 17:42 - 2019-02-06 13:26 - 007599616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-02-13 17:42 - 2019-02-06 13:24 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-02-13 17:42 - 2019-01-10 04:42 - 004716032 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-02-13 17:42 - 2019-01-10 04:41 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-02-13 17:42 - 2019-01-10 04:35 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-02-13 17:42 - 2019-01-09 20:55 - 011919872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-02-13 17:42 - 2019-01-09 16:43 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-02-13 17:42 - 2019-01-09 16:43 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-02-13 17:42 - 2019-01-09 16:43 - 002253480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-02-13 17:42 - 2019-01-09 16:42 - 001035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-02-13 17:42 - 2019-01-09 16:40 - 002765336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-02-13 17:42 - 2019-01-09 16:39 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-02-13 17:42 - 2019-01-09 16:39 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-02-13 17:42 - 2019-01-09 16:39 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-02-13 17:42 - 2019-01-09 16:33 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-02-13 17:42 - 2019-01-09 16:32 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-02-13 17:42 - 2019-01-09 16:29 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-02-13 17:42 - 2019-01-09 16:29 - 002500096 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-02-13 17:42 - 2019-01-09 16:27 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-02-13 17:42 - 2019-01-09 16:27 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-02-13 17:42 - 2019-01-09 16:26 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-02-13 17:42 - 2019-01-09 16:26 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-02-13 17:42 - 2019-01-09 16:23 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-02-13 17:41 - 2019-02-06 18:53 - 001634704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-02-13 17:41 - 2019-02-06 18:35 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-02-13 17:41 - 2019-02-06 18:30 - 004052992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-02-13 17:41 - 2019-02-06 18:30 - 001662464 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-02-13 17:41 - 2019-02-06 18:30 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-02-13 17:41 - 2019-02-06 18:11 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-02-13 17:41 - 2019-02-06 17:57 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-02-13 17:41 - 2019-02-06 17:52 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-02-13 17:41 - 2019-02-06 17:52 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-02-13 17:41 - 2019-02-06 14:01 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-02-13 17:41 - 2019-02-06 14:01 - 000720480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-02-13 17:41 - 2019-02-06 14:01 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-02-13 17:41 - 2019-02-06 14:01 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-02-13 17:41 - 2019-02-06 14:01 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-02-13 17:41 - 2019-02-06 14:01 - 000033576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-02-13 17:41 - 2019-02-06 14:00 - 002719760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-02-13 17:41 - 2019-02-06 14:00 - 002421264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-02-13 17:41 - 2019-02-06 14:00 - 001257904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-02-13 17:41 - 2019-02-06 14:00 - 001140680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-02-13 17:41 - 2019-02-06 14:00 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-02-13 17:41 - 2019-02-06 14:00 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-02-13 17:41 - 2019-02-06 14:00 - 000945680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-02-13 17:41 - 2019-02-06 14:00 - 000899728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-02-13 17:41 - 2019-02-06 14:00 - 000466960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-02-13 17:41 - 2019-02-06 14:00 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-02-13 17:41 - 2019-02-06 14:00 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-13 17:41 - 2019-02-06 14:00 - 000038792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-02-13 17:41 - 2019-02-06 13:59 - 001922064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-02-13 17:41 - 2019-02-06 13:59 - 001457248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-02-13 17:41 - 2019-02-06 13:59 - 000983128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-02-13 17:41 - 2019-02-06 13:59 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-02-13 17:41 - 2019-02-06 13:41 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-02-13 17:41 - 2019-02-06 13:40 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2019-02-13 17:41 - 2019-02-06 13:38 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-02-13 17:41 - 2019-02-06 13:38 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-02-13 17:41 - 2019-02-06 13:37 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-02-13 17:41 - 2019-02-06 13:28 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-02-13 17:41 - 2019-02-06 13:28 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2019-02-13 17:41 - 2019-02-06 13:27 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-02-13 17:41 - 2019-02-06 13:27 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-02-13 17:41 - 2019-02-06 13:27 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-02-13 17:41 - 2019-02-06 13:27 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-02-13 17:41 - 2019-02-06 13:26 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-02-13 17:41 - 2019-02-06 13:26 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-02-13 17:41 - 2019-02-06 13:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-02-13 17:41 - 2019-02-06 13:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-02-13 17:41 - 2019-02-06 13:25 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-02-13 17:41 - 2019-02-06 13:25 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-02-13 17:41 - 2019-02-06 13:24 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-02-13 17:41 - 2019-02-06 13:23 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2019-02-13 17:41 - 2019-02-06 13:22 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-02-13 17:41 - 2019-02-06 13:22 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-02-13 17:41 - 2019-02-06 13:21 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-02-13 17:41 - 2019-02-06 12:04 - 000001314 _____ C:\WINDOWS\system32\tcbres.wim
2019-02-13 17:41 - 2019-01-12 19:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-02-13 17:41 - 2019-01-12 13:28 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-13 17:41 - 2019-01-10 05:08 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-02-13 17:41 - 2019-01-10 04:57 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-02-13 17:41 - 2019-01-10 04:41 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-02-13 17:41 - 2019-01-10 04:40 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2019-02-13 17:41 - 2019-01-10 04:36 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-02-13 17:41 - 2019-01-09 21:14 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-02-13 17:41 - 2019-01-09 20:55 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2019-02-13 17:41 - 2019-01-09 19:55 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-02-13 17:41 - 2019-01-09 19:48 - 000527368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-02-13 17:41 - 2019-01-09 16:59 - 000611848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-02-13 17:41 - 2019-01-09 16:44 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-02-13 17:41 - 2019-01-09 16:43 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-02-13 17:41 - 2019-01-09 16:43 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-02-13 17:41 - 2019-01-09 16:43 - 000607376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-02-13 17:41 - 2019-01-09 16:43 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-02-13 17:41 - 2019-01-09 16:43 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-02-13 17:41 - 2019-01-09 16:43 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-02-13 17:41 - 2019-01-09 16:43 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-02-13 17:41 - 2019-01-09 16:43 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
2019-02-13 17:41 - 2019-01-09 16:42 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-02-13 17:41 - 2019-01-09 16:40 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-02-13 17:41 - 2019-01-09 16:40 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-02-13 17:41 - 2019-01-09 16:40 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-02-13 17:41 - 2019-01-09 16:40 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-02-13 17:41 - 2019-01-09 16:39 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-02-13 17:41 - 2019-01-09 16:39 - 000789696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-02-13 17:41 - 2019-01-09 16:39 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-02-13 17:41 - 2019-01-09 16:39 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-02-13 17:41 - 2019-01-09 16:39 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-02-13 17:41 - 2019-01-09 16:39 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-02-13 17:41 - 2019-01-09 16:39 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-02-13 17:41 - 2019-01-09 16:39 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-02-13 17:41 - 2019-01-09 16:39 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2019-02-13 17:41 - 2019-01-09 16:27 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-02-13 17:41 - 2019-01-09 16:26 - 002966016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-02-13 17:41 - 2019-01-09 16:25 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-02-13 17:41 - 2019-01-09 16:24 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-02-13 17:41 - 2019-01-09 16:24 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-13 17:41 - 2019-01-09 16:24 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-02-13 17:41 - 2019-01-09 16:23 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-02-13 17:41 - 2019-01-09 16:23 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-02-13 17:41 - 2019-01-09 16:23 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-02-13 17:41 - 2019-01-09 16:23 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-02-13 17:41 - 2019-01-09 16:23 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-02-13 17:41 - 2019-01-09 16:23 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-02-13 17:41 - 2019-01-09 16:23 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2019-02-13 17:41 - 2019-01-09 16:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-02-13 17:41 - 2019-01-09 16:22 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-02-13 17:41 - 2019-01-09 16:22 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-02-13 17:41 - 2019-01-09 16:22 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-02-13 17:41 - 2019-01-09 16:22 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-02-13 17:41 - 2019-01-09 16:22 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-02-13 17:41 - 2019-01-09 16:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 17:41 - 2019-01-09 16:22 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-02-13 17:41 - 2019-01-09 16:21 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-02-13 17:41 - 2019-01-09 16:21 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-02-13 17:41 - 2019-01-09 16:21 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 17:41 - 2019-01-09 16:20 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-02-13 17:41 - 2019-01-09 16:20 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-13 17:41 - 2019-01-09 16:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-02-13 17:41 - 2019-01-09 16:20 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-02-13 17:41 - 2019-01-09 16:19 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-13 17:41 - 2019-01-09 16:19 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-02-13 17:41 - 2019-01-09 16:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2019-02-13 17:41 - 2019-01-09 16:19 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-02-13 17:41 - 2019-01-09 16:18 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2019-02-13 17:41 - 2019-01-09 15:34 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-02-13 17:41 - 2019-01-09 15:34 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2019-02-13 17:41 - 2019-01-08 20:08 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-02-13 17:41 - 2019-01-08 14:06 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-02-13 17:41 - 2019-01-08 14:06 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-02-13 17:41 - 2019-01-08 14:06 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2019-02-11 14:08 - 2019-02-20 15:41 - 000000000 ____D C:\FRST
2019-02-04 21:38 - 2019-02-09 18:26 - 000000000 ____D C:\Users\Rick\AppData\Local\Canon Easy-PhotoPrint EX
2019-02-04 21:38 - 2019-02-04 21:38 - 000000000 ___HD C:\ProgramData\CanonIJEPPEX2
2019-02-04 21:38 - 2019-02-04 21:38 - 000000000 ___HD C:\ProgramData\CanonIJEPPEX
2019-02-04 21:38 - 2019-02-04 21:38 - 000000000 ___HD C:\ProgramData\CanonEPP
2019-01-29 14:15 - 2019-01-29 14:15 - 000001237 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disketch Disc Label Software.lnk
2019-01-29 14:15 - 2019-01-29 14:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2019-01-29 14:15 - 2019-01-29 14:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graphics Related Programs
2019-01-29 14:15 - 2019-01-29 14:15 - 000000000 ____D C:\Program Files (x86)\NCH Software
2019-01-27 22:32 - 2017-03-02 02:47 - 000000055 _____ C:\Users\Rick\Desktop\Ann and Les Gunn (2).txt
2019-01-21 18:35 - 2019-01-21 18:35 - 000000000 ____D C:\Users\Rick\AppData\Roaming\CDROLLER
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-20 15:40 - 2018-04-12 10:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-20 15:17 - 2018-10-10 22:23 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security with Backup
2019-02-20 15:12 - 2018-05-16 17:55 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-02-20 15:12 - 2016-10-02 22:04 - 000000000 ____D C:\ProgramData\NVIDIA
2019-02-20 15:11 - 2018-04-12 08:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-02-20 15:06 - 2018-05-16 17:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-02-20 14:20 - 2018-12-07 22:24 - 000000000 ____D C:\Program Files\CCleaner
2019-02-20 05:25 - 2018-05-16 17:45 - 000000000 ____D C:\Users\Rick
2019-02-19 21:35 - 2018-05-16 17:55 - 000004144 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9FED51AC-BB0D-4BEE-9687-B54D279E2473}
2019-02-19 21:35 - 2016-09-26 02:11 - 000000000 ____D C:\Users\Rick\AppData\Local\File Viewer Plus
2019-02-19 21:29 - 2018-05-16 18:00 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-02-19 21:29 - 2018-04-12 10:36 - 000000000 ____D C:\WINDOWS\INF
2019-02-19 18:34 - 2015-10-27 11:17 - 000000000 ____D C:\Users\Rick\AppData\Roaming\Adobe
2019-02-19 15:06 - 2018-04-12 10:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-19 15:06 - 2018-04-12 10:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-02-19 01:04 - 2018-07-06 22:18 - 000000000 ____D C:\Users\Rick\AppData\Roaming\5KPlayer
2019-02-18 21:44 - 2015-10-28 00:56 - 000000000 ____D C:\Users\Rick\AppData\Local\CrashDumps
2019-02-17 21:50 - 2018-05-20 20:36 - 000000000 ____D C:\Users\Rick\AppData\Local\D3DSCache
2019-02-17 18:27 - 2015-10-27 13:57 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-02-17 18:26 - 2018-04-12 10:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-02-17 00:07 - 2018-07-21 23:57 - 000000000 ____D C:\WINDOWS\Minidump
2019-02-16 20:06 - 2018-04-12 08:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-02-16 14:39 - 2016-09-01 03:53 - 000000000 ____D C:\AdwCleaner
2019-02-16 03:58 - 2017-12-19 09:52 - 000000000 ____D C:\Users\Rick\AppData\LocalLow\Mozilla
2019-02-16 03:48 - 2015-12-07 13:19 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-15 22:20 - 2018-11-26 14:20 - 000000000 ____D C:\Users\Rick\AppData\Local\Ashampoo
2019-02-15 22:20 - 2016-06-19 21:41 - 000000000 ____D C:\ProgramData\Ashampoo
2019-02-15 22:20 - 2016-05-22 19:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2019-02-15 22:19 - 2016-05-22 19:18 - 000000000 ____D C:\Program Files (x86)\Ashampoo
2019-02-15 17:32 - 2017-09-29 19:08 - 000000000 ____D C:\Program Files\rempl
2019-02-15 02:04 - 2015-12-24 01:02 - 000000000 ____D C:\Users\Rick\AppData\Local\ElevatedDiagnostics
2019-02-14 14:24 - 2018-05-16 17:55 - 000000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2019-02-14 14:16 - 2014-06-14 15:50 - 000000000 ____D C:\Users\Rick\AppData\LocalLow\Temp
2019-02-14 00:15 - 2018-05-16 17:40 - 005435112 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-02-14 00:10 - 2018-04-12 10:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-02-14 00:10 - 2018-04-12 10:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-02-14 00:10 - 2018-04-12 10:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-02-14 00:10 - 2018-04-12 10:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-02-14 00:10 - 2018-04-12 10:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-02-14 00:10 - 2018-04-12 10:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-02-13 17:48 - 2018-04-12 10:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-02-13 17:41 - 2015-10-27 12:48 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-02-13 17:38 - 2015-10-27 12:47 - 129330784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-02-13 15:56 - 2018-07-05 15:29 - 000000000 ____D C:\Users\Rick\AppData\Roaming\dvdcss
2019-02-13 15:49 - 2014-11-10 23:43 - 000000000 ____D C:\Users\Rick\Documents\liteCam
2019-02-13 15:48 - 2015-12-05 02:17 - 000025088 _____ C:\Users\Rick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-02-13 05:16 - 2018-05-16 17:55 - 000004578 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-02-13 05:16 - 2018-04-12 10:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-02-13 05:16 - 2018-04-12 10:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-02-13 04:24 - 2018-05-16 17:55 - 000004566 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-02-13 03:58 - 2018-09-08 04:26 - 000000000 ____D C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\百度网盘
2019-02-11 03:02 - 2018-05-16 17:55 - 000003352 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1630993411-145381888-747447847-1001
2019-02-11 03:02 - 2018-05-16 17:45 - 000002364 _____ C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-11 03:02 - 2014-07-26 03:23 - 000000000 __RDO C:\Users\Rick\OneDrive
2019-02-10 22:20 - 2018-04-12 20:18 - 000000000 ____D C:\WINDOWS\OCR
2019-02-09 19:00 - 2015-11-04 15:07 - 000000000 ____D C:\ProgramData\CanonIJPLM
2019-02-09 18:46 - 2018-04-12 10:38 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2019-02-08 17:52 - 2018-07-11 14:28 - 000000000 ____D C:\ProgramData\Packages
2019-02-06 21:23 - 2018-04-12 10:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-02-05 15:02 - 2018-08-12 03:15 - 000000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2019-02-04 21:38 - 2015-11-04 15:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2019-02-04 21:37 - 2015-11-04 15:09 - 000000000 ____D C:\Program Files\Canon
2019-02-03 09:53 - 2018-11-14 23:17 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-02-03 09:53 - 2018-11-14 23:17 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-30 21:24 - 2015-10-27 12:04 - 000000000 ____D C:\ProgramData\FLEXnet
2019-01-29 14:16 - 2015-12-03 14:38 - 000000000 ____D C:\Users\Rick\AppData\Roaming\NCH Software
2019-01-24 22:01 - 2017-10-21 20:06 - 000000000 ____D C:\ProgramData\Corel
2019-01-24 19:55 - 2015-10-28 00:25 - 000000000 ____D C:\ProgramData\Package Cache
2019-01-23 19:13 - 2014-01-07 06:27 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
 
==================== Files in the root of some directories =======
 
2016-05-21 15:20 - 2018-09-18 18:43 - 000013531 _____ () C:\Users\Rick\AppData\Roaming\event.log
2015-12-05 02:17 - 2019-02-13 15:48 - 000025088 _____ () C:\Users\Rick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-09-22 18:55 - 2018-09-22 18:55 - 000000000 _____ () C:\Users\Rick\AppData\Local\oobelibMkey.log
2015-11-17 17:18 - 2015-11-17 17:18 - 000000000 _____ () C:\Users\Rick\AppData\Local\{33487DA2-1ED6-4DAD-A40C-AB6B7AA40B7E}
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-16 17:40
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18.02.2019
Ran by Rick (20-02-2019 15:43:01)
Running from C:\Users\Rick\Desktop\Downloads\Geeks 11 01 19
Windows 10 Home Version 1803 17134.590 (X64) (2018-05-16 07:16:50)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1630993411-145381888-747447847-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1630993411-145381888-747447847-503 - Limited - Disabled)
Guest (S-1-5-21-1630993411-145381888-747447847-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1630993411-145381888-747447847-1003 - Limited - Enabled)
Rick (S-1-5-21-1630993411-145381888-747447847-1001 - Administrator - Enabled) => C:\Users\Rick
WDAGUtilityAccount (S-1-5-21-1630993411-145381888-747447847-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
3D Shadow 2.0 (HKLM\...\3D Shadow_is1) (Version: 2.0 - Lokas Software)
5KPlayer (HKLM-x32\...\5KPlayer) (Version: 5.1 - DearMob, Inc.)
7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version:  - )
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.09.2001 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.09.2003.0 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.06.2000.22 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3019 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.09.2002 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8100 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
ADAudit Plus (HKLM-x32\...\{B4E87CC6-F195-4CFE-92A2-8439FC3716C9}) (Version: 4.6.0 - ZOHO Corp)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe CMaps x64 CS4 (HKLM\...\{90BA8112-80B3-4617-A3C1-BD2771B60F74}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.142 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.142 - Adobe Systems Incorporated)
Adobe Fonts All x64 (HKLM\...\{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe PDF Library Files x64 CS4 (HKLM\...\{DFFABE78-8173-4E97-9C5C-22FB26192FC5}) (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Type Support x64 CS4 (HKLM\...\{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}) (Version: 9.0 - Adobe Systems Incorporated) Hidden
AnalogX NetStat Live (HKLM-x32\...\AnalogX NetStat Live) (Version:  - AnalogX)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.15.2000.1 - Acer Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Ashampoo Burning Studio 2019 (HKLM-x32\...\{91B33C97-293D-A984-2057-76661C44CB0E}_is1) (Version: 1.20.0 - Ashampoo GmbH & Co. KG)
Ashampoo Cover Studio 2017 (HKLM-x32\...\{91B33C97-6D7D-102A-7711-56C011AFB81B}_is1) (Version: 3.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo MyAutoplay Menu v.1.0.5 (HKLM-x32\...\{91B33C97-FD41-09C7-0F51-78F94C35D772}_is1) (Version: 1.0.5 - Ashampoo GmbH & Co. KG)
Avanquest Message (HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.06.0 - Avanquest Software)
Awesome Duplicate Photo Finder v. 1.0.1 (HKLM-x32\...\Awesome Duplicate Photo Finder_is1) (Version:  - Duplicate-Finder.com)
BenVista PhotoZoom Classic 6.1 (HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\PhotoZoom Classic 6) (Version: 6.1 - BenVista Ltd.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.7.0 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon MX920 series On-screen Manual (HKLM-x32\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.53 - Piriform)
CODIJY Pro version 3.6.1 (HKLM\...\{26339FAF-FA88-4C47-9E68-D4D3E8C512D9}_is1) (Version: 3.6.1 - CODIJY)
CoffeeCup Free Zip Wizard (HKLM-x32\...\CoffeeCup Free Zip Wizard) (Version:  - CoffeeCup Software)
ColorMunki Smile (HKLM-x32\...\ColorMunki Smile_is1) (Version:  - X-Rite)
Data Lifeguard Diagnostic for Windows 1.31 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform)
Disketch Disc Label Software (HKLM-x32\...\Disketch) (Version: 3.39 - NCH Software)
Dolphin Pod 0.3 (HKLM-x32\...\Dolphin Pod_is1) (Version:  - )
DVD-Cloner V9.60 Build 1114 (HKLM-x32\...\DVD-Cloner 9_is1) (Version: 9.60.0.1114 - OpenCloner Inc.)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
File Identifier (HKLM-x32\...\{C257E434-E8F1-4E06-A616-598E4933553E}_is1) (Version: 1.0.11 - Sharpened Productions)
File Viewer Plus (HKLM-x32\...\{C8B24B83-920A-446E-B027-38F72C9D8898}_is1) (Version: 2.2.1 - Sharpened Productions)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.4.0.16811 - Foxit Software Inc.)
Free FreeCell Solitaire 2015 v3.0 (HKLM-x32\...\Free FreeCell Solitaire_is1) (Version:  - TreeCardGames)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.109 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.22) (Version: 9.22 - Artifex Software Inc.)
Grant Digital (HKLM-x32\...\{ED4830CC-FB1B-4E51-9ED3-0FCC97758D1D}) (Version:  - )
HAL 9000 [Console] Basic Screen Saver (HKLM-x32\...\HAL 9000 [Console] Basic) (Version:  - )
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.8101 - Acer Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Image Resizer for Windows (64 bit) (HKLM\...\{2A1F3759-5792-469B-B895-7E29680F02F1}) (Version: 3.1.1.0 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{92916BDF-74CB-479C-B69E-32EACB074FFE}) (Version: 3.1.1.0 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{c624f5da-779e-4ccb-9ce1-34bc5ef0a6b9}) (Version: 3.1.1.0 - Brice Lambson)
ImageMixer VCD2 for FinePix (HKLM-x32\...\{934E9442-D305-4ACF-AD87-A6C11D677CB9}) (Version:  - )
InCD EasyWrite Reader (HKLM-x32\...\MRW!UninstallKey) (Version:  - )
InPixio Photo (HKLM-x32\...\{5F0C0CD8-77B1-4C3E-9F01-5AF10D85DBB4}) (Version: 6.09.0 - Avanquest Software)
InPixio Photo Maximizer (HKLM-x32\...\{33DB8C17-40C9-4629-B6D4-05A4C7E8AA86}) (Version: 2.03.25799 - Avanquest Software)
InstaCards (HKLM-x32\...\{58259C24-7B5E-4977-93B0-E9EEA1B884CE}) (Version: 1.6.1 - Avanquest Software)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Java 8 Update 201 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
LicenseCrawler version 1.25 build-298 (HKLM-x32\...\{12151216-3E3F-4118-AE95-49C39F1D7EA2}_is1) (Version: 1.25 build-298 - Martin Klinzmann)
liteCam HD (HKLM-x32\...\{4926737D-839C-430F-805F-28C7EF86A432}) (Version: 4.95.0000 - RSUPPORT)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Macrium Reflect Free Edition (HKLM\...\{08B0BEF7-A098-4A77-B132-8702E9F43682}) (Version: 6.1.1225 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Mahjong Champ (HKLM-x32\...\MahjongChamp) (Version:  - )
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
McAfee Safe Connect (HKLM-x32\...\{54EB2499-4B4F-4AE5-9D1E-CCAE9D6ED880}) (Version: 1.3.1.128 - McAfee, Inc)
Microsoft LifeCam (HKLM\...\{8EC9E7BB-2443-49B1-8476-490EBF932C2E}) (Version: 4.25.512.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{386881cc-7635-4ec3-aaf3-e28904b27a28}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movavi Photo Noir (HKLM-x32\...\Movavi Photo Noir) (Version: 1.0.1 - Movavi)
Mozilla Firefox 63.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.3 (x64 en-US)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 63.0.3.6892 - Mozilla)
My Lockbox 2.8.2 (HKLM\...\My Lockbox_is1) (Version: 2.8.2 - )
Nero 11 InfoTool (HKLM-x32\...\{64BEF779-5053-48AF-A3D8-B70EBC1C70E7}) (Version: 11.0.00500 - Nero AG)
Nero 2015 (HKLM-x32\...\{E6626251-ED62-469C-821F-D75C50154C48}) (Version: 16.0.02800 - Nero AG)
Nero CoverDesigner 2017 (HKLM-x32\...\{29102D23-A61D-48BC-876D-449BF9937B62}) (Version: 18.0.00900 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 20.0.1011 - Nero AG)
Nero Prerequisite Installer 7.0 (HKLM-x32\...\{20A619F0-E309-4434-A7ED-C270759803AA}) (Version: 19.0.00000 - Nero AG)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Secure VPN (HKLM-x32\...\Norton Secure VPN) (Version: 1.6.0.280 - Symantec Corporation)
Norton Security (HKLM-x32\...\NGC) (Version: 22.16.3.21 - Symantec Corporation)
Norton WiFi Privacy (HKLM-x32\...\Norton WiFi Privacy) (Version: 1.4.9 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 326.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 326.01 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
PcCloneEX (HKLM-x32\...\PcCloneEX) (Version:  - )
PDF Settings CS4 (HKLM-x32\...\{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}) (Version: 9.0 - Adobe Systems Incorporated) Hidden
PicaView32 (HKLM-x32\...\PicaView32) (Version:  - )
Plantraco FMS Model Installer (HKLM-x32\...\{002D2C86-303B-4146-A3F6-8F0BA5A93F11}) (Version: 1.0.5 - Plantraco)
PowerPoint CD-ROM Wizard (HKLM-x32\...\PowerPoint CD-ROM Wizard) (Version:  - )
Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0010 - Nero AG) Hidden
Prerequisite installer (HKLM-x32\...\{5F284483-EE8D-447E-BEBE-2BF13B08C4BF}) (Version: 17.0.0002 - Nero AG) Hidden
Prerequisite installer (HKLM-x32\...\{799AFA36-4EA5-4323-8689-74C06645A26B}) (Version: 16.0.0000 - Nero AG) Hidden
Prerequisite installer (HKLM-x32\...\{AD240F1A-3102-492E-B657-17969A9D5E9A}) (Version: 19.0.0003 - Nero AG) Hidden
Prerequisite installer (HKLM-x32\...\{EB511CD1-C87C-490D-A7B1-D6C47F57820F}) (Version: 18.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.11 - Qualcomm Atheros)
RAW FILE CONVERTER LE (HKLM-x32\...\{D680C913-5955-469D-9D88-C1940F7506D6}) (Version:  - )
Rays (HKLM\...\Digital Film Tools-Rays 1.0) (Version: 1.0 - Digital Film Tools)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller 2.0.6 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.6 - VS Revo Group, Ltd.)
RMP4 (HKLM-x32\...\{F78FC958-7354-43EA-BF26-AFCBFE7B9C18}) (Version: 1.05.0000 - RSUPPORT)
RSCC (HKLM-x32\...\{562CBD30-CA59-4640-862C-99C0ECED4B4C}) (Version: 2.02.0000 - RSUPPORT)
ScanWizard 5 (HKLM-x32\...\{B08D262E-D902-11D5-9C28-0080C85A0C2D}) (Version:  - )
Serif WebPlus X7 (HKLM\...\{DDC54AEA-0ED0-4F2F-9C3C-7C382D80B5FB}) (Version: 15.0.4.38 - Serif (Europe) Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SlimDX Runtime .NET 2.0 (January 2012) (HKLM-x32\...\{014A2868-BE56-4888-A16C-693989B8F153}) (Version: 2.0.13.43 - SlimDX Group)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
stashimi (HKLM-x32\...\{9E0284FD-B627-42AC-B17A-99930793A9E5}) (Version: 12.1.9800.0 - Audials AG)
SureThing Decal Maker (HKLM-x32\...\MVApplication1) (Version:  - )
Unity Web Player (HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
UPSmart version 1.5 (HKLM-x32\...\UPSmart_is1) (Version: 1.5 - Guangdong IDBK software technology Inc)
UPSmart2000R 1.9( Build 110621 ) (HKLM-x32\...\UPSmart2000R_is1) (Version: 1.9 - )
Video Booth (HKLM-x32\...\VideoBooth) (Version: 2.8.1.8 - )
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WD Drive Utilities (HKLM-x32\...\{27c7215d-df19-4095-8f6a-eba55cab35be}) (Version: 2.0.0.25 - Western Digital Technologies, Inc.)
WD Drive Utilities (HKLM-x32\...\{F413FB4C-7CFF-4737-BCC3-5EE43BFB3721}) (Version: 2.0.0.25 - Western Digital Technologies, Inc.) Hidden
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames) (Version: 4.1.1.40 - WildTangent)
WildTangent ShortcutProvider (HKLM-x32\...\{80831F60-19D7-43B3-A60C-5CAF8C478DF6}) (Version: 1.0.0.60 - WildTangent) Hidden
Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com)
Windows 7 Games for Windows 8 and 10 (HKLM-x32\...\MicrosoftGamesForWin8) (Version: 1.1.0.10 - )
X-Rite Device Services Manager (HKLM-x32\...\{1E18A923-CDF1-4D1C-93B2-AD4CC5BD33EA}) (Version: 2.4.1 - X-Rite)
Zipware (HKLM-x32\...\{978B4C17-660C-4521-A024-0E4311DF0192}) (Version: 1.2.0 - Bazwise)
百度网盘 (HKLM-x32\...\百度云管家) (Version: 6.2.4 - 百度在线网络技术(北京)有限公司)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1630993411-145381888-747447847-1001_Classes\CLSID\{F692AFB9-21F4-EE57-7255-CA9A52655345}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Windows -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-15] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-15] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-15] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2009-02-03] (Igor Pavlov)
ContextMenuHandlers1-x32: [ASZipF] -> {e13d3e68-0f44-3d45-b15f-bcfd8a8b4c7e} =>  -> No File
ContextMenuHandlers1-x32: [ASZipF64] -> {e13d3e78-0f44-3d45-b15f-bcfd8a8b4c7e} =>  -> No File
ContextMenuHandlers1-x32: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1-x32-x32: [ccZipWizDll] -> {FFEAB400-3031-11D5-B653-0050BAD1A371} => C:\Program Files (x86)\CoffeeCup Software\FreeZip\cczipdll.dll [2001-04-14] (CoffeeCup Software)
ContextMenuHandlers1-x32-x32: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2018-05-03] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers1-x32-x32: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2018-12-25] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1-x32-x32: [Image Resizer] -> {51B4D7E5-7568-4234-B4BB-47FB3C016A69} => C:\Program Files\Image Resizer for Windows\ShellExtensions.dll [2018-05-26] (Open Source Developer, Brice Lambson -> Brice Lambson)
ContextMenuHandlers1-x32-x32-x32: [PicaView32] -> {68f32140-2ca3-11d0-acc1-444553540000} => C:\Program Files (x86)\PICAVI~1\PicaView.dll -> No File
ContextMenuHandlers1-x32-x32-x32: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers1-x32-x32-x32: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.3.21\NavShExt.dll [2018-12-13] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1-x32-x32-x32: [YunShellExt] -> {6D85624F-305A-491d-8848-C1927AA0D790} => C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\YunShellExt64.dll -> No File
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.3.21\NavShExt.dll [2018-12-13] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2009-02-03] (Igor Pavlov)
ContextMenuHandlers4-x32: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers4-x32: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-07] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-30] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [ASZipF] -> {e13d3e68-0f44-3d45-b15f-bcfd8a8b4c7e} =>  -> No File
ContextMenuHandlers6: [ASZipF64] -> {e13d3e78-0f44-3d45-b15f-bcfd8a8b4c7e} =>  -> No File
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2018-05-03] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2018-12-25] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-07] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.3.21\NavShExt.dll [2018-12-13] (Symantec Corporation -> Symantec Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0AA0B89D-FC57-489F-96C8-1B2409FEE784} - System32\Tasks\GoogleUpdateTaskMachineUA1d1b3309bb50295 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {2D578C79-C768-4973-B599-3C6085E828CF} - System32\Tasks\CareCenter\Spotify Web Helper_Reg_HKCURun_S-1-5-21-1630993411-145381888-747447847-1001 => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe (Spotify AB -> Spotify Ltd)
Task: {2F1171C8-8F99-40CC-85F0-6C02351FE0A6} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {32DD3A34-10B3-4BBF-A519-BEB19B897897} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {42F19B06-23B5-4258-97F9-B82DE655E4B4} - System32\Tasks\Abelssoft\Abelssoft Abelssoft File Organizer_117 => C:\Program Files (x86)\Abelssoft File Organizer\AbLauncher.exe
Task: {43D3296B-AFF6-4CEA-8929-E06F9706C0E7} - System32\Tasks\Norton Security with Backup\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.16.3.21\SymErr.exe (Symantec Corporation -> Symantec Corporation)
Task: {4480CF55-9C9D-4E42-9EC6-DFAAFE16C986} - System32\Tasks\Norton Security with Backup\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.16.3.21\SymErr.exe (Symantec Corporation -> Symantec Corporation)
Task: {4733B00B-CD56-4474-A8DE-87A80D8827A1} - System32\Tasks\Norton Security with Backup\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.16.3.21\SymErr.exe (Symantec Corporation -> Symantec Corporation)
Task: {4B03C7D4-4B11-44CA-A80A-B5B346229A13} - System32\Tasks\{6C49A8F2-4C8C-449C-BBB9-6F0A12CEE1BC} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Rick\Desktop\Navy\New folder\freezip.exe" -d "C:\Users\Rick\Desktop\Navy\New folder"
Task: {4FC8428F-A07A-49DE-9BEC-2A26C04F5344} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {51BB7444-0E84-4A99-82D0-B4AC2B2C19EC} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_Plugin.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {5DDA4DFC-3179-4CFB-BF12-D63DB742015B} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe (Acer Incorporated -> )
Task: {674997DC-07F8-4B9B-B01B-5E2BBD94FD74} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe (Acer Incorporated -> Acer Incorporated)
Task: {67DDF01E-9BE3-4F75-BAF1-E7E0C253CA0E} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_pepper.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {6A6745C1-3B55-430B-8821-1A00BBD3E284} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.16.3.21\WSCStub.exe (Symantec Corporation -> Symantec Corporation)
Task: {6D727AAB-CD0C-46F6-B520-A3EF4CB701A9} - System32\Tasks\X-Rite Device Services Software Updater => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe (X-Rite Incorporated -> X-Rite Inc.)
Task: {6F83278E-0757-4266-A13E-BE4996F1E4DB} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe (Nero AG -> Nero AG)
Task: {729A2C47-8797-48E8-B494-6C733C3442A5} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe (Acer Incorporated -> )
Task: {7A383737-2EC7-41EF-8D24-E7E745A1D810} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {7D0B6B5E-862D-4708-9F10-00EEC5698842} - System32\Tasks\CareCenter\BCSSync_Reg_HKLMWow6432Run => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {8258A44C-AF33-4AF8-BB6E-4FB3D00F296A} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {891D978B-CC83-4DC0-8B35-E6BF65228EEA} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe (Acer Incorporated -> )
Task: {A1B092F4-BB88-4842-B834-A63F5135FFF8} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\inPixio\InPixio Photo Clip 8 Demo\InPixioPhotoClip8.exe
Task: {A906909E-1638-427D-9571-0BAF4C968473} - System32\Tasks\CareCenter\ABBYY Screenshot Reader Bonus_Reg_HKCURun_S-1-5-21-1630993411-145381888-747447847-1001 => C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint\Bonus.ScreenshotReader.exe
Task: {AB2F7DE3-5D2C-4EBD-917F-F7A9CF634C23} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe (Symantec Corporation -> Symantec Corporation)
Task: {B06FF82D-8BE6-4633-8D8D-C82D3162FB4B} - System32\Tasks\CareCenter\OneNote 2010 Screen Clipper and Launcher.lnk_FolderAppdata_S-1-5-21-1630993411-145381888-747447847-1001 => C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Task: {B59C37AA-5BDE-49D7-A3F6-2683D4B25389} - System32\Tasks\CareCenter\CanonQuickMenu_Reg_HKLMWow6432Run => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (Canon Inc. -> CANON INC.)
Task: {C7F54203-607F-41C8-9FD0-B0DF4DF5B24A} - System32\Tasks\GoogleUpdateTaskMachineCore1d1b3309b3906f6 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {D7569C8C-3763-4460-923B-DECB9FBC73A2} - System32\Tasks\S-1-5-21-1630993411-145381888-747447847-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe (Microsoft Windows -> Microsoft Corporation)
Task: {F17E0D40-D4EB-4086-B5DE-B7650AA84A4C} - System32\Tasks\CareCenter\OfficeSyncProcess_Reg_HKCURun_S-1-5-21-1630993411-145381888-747447847-1001 => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation -> Microsoft Corporation)
Task: {F89E8CF7-22D1-4BFC-8312-96F0FF6CA68A} - System32\Tasks\CareCenter\RTHDVCPL_Reg_HKLMRun => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\X-Rite Device Services Software Updater.job => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Rick\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-04-12 10:34 - 2018-04-12 10:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-12 10:34 - 2018-04-12 10:34 - 000444416 _____ () c:\windows\system32\SSDM.dll
2016-10-02 22:04 - 2016-12-30 00:16 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-11-20 04:46 - 2018-11-20 04:46 - 004310296 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2018-04-12 10:34 - 2018-04-12 10:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-12 13:26 - 2018-11-09 13:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2014-01-07 06:48 - 2013-07-30 18:11 - 000110152 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2019-02-13 17:42 - 2019-02-06 13:25 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2019-02-08 17:50 - 2019-02-08 17:51 - 028028416 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe
2019-02-08 17:50 - 2019-02-08 17:50 - 000305152 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-10-09 15:33 - 2018-10-09 15:33 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2018-11-29 18:36 - 2018-11-29 18:36 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-02-08 17:50 - 2019-02-08 17:50 - 006033408 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\EntCommon.dll
2019-02-08 17:50 - 2019-02-08 17:50 - 009338368 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\EntPlat.dll
2019-02-15 22:22 - 2019-02-15 22:22 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2019-02-15 22:22 - 2019-02-15 22:22 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2016-12-22 13:55 - 2016-08-18 07:50 - 002365920 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Smile\application\ColorMunki Smile Tray.exe
2017-10-04 14:06 - 2009-06-26 15:25 - 000356352 _____ () C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe
2019-02-04 21:43 - 2019-02-04 21:43 - 000059376 _____ () C:\Program Files\CCleaner\branding.dll
2019-02-12 15:24 - 2019-02-12 15:24 - 008562688 _____ () C:\Program Files\WindowsApps\Microsoft.OneConnect_5.1901.311.0_x64__8wekyb3d8bbwe\OneConnect.dll
2015-07-13 10:33 - 2015-07-13 10:33 - 001592832 _____ () C:\Program Files (x86)\X-Rite\Devices\rm200\GoldenEye.dll
2013-06-21 14:03 - 2013-06-21 14:03 - 002633728 _____ () C:\Program Files (x86)\X-Rite\Devices\colormunki\colormunki.dll
2016-12-22 13:55 - 2016-08-19 00:16 - 044202496 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Smile\application\Prism.dll
2016-12-22 13:55 - 2016-08-19 00:16 - 000898560 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Smile\application\libxml2.dll
2016-12-22 13:55 - 2016-08-19 00:16 - 003449344 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Smile\application\CxF2_VC90MD_2.1.dll
2016-12-22 13:55 - 2016-08-19 00:16 - 000073728 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Smile\application\zlib1.dll
2017-10-04 14:06 - 2009-07-22 16:58 - 000258048 _____ () C:\Program Files (x86)\ScanWizard 5\SFRes.dll
2018-11-20 02:11 - 2018-11-20 02:11 - 004310088 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-11-04 18:36 - 2015-11-04 18:36 - 000149720 _____ () C:\Program Files (x86)\Acer\abDocs Office AddIn\AcerWordAddin.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-23 00:25 - 2016-08-08 15:27 - 000000855 ____N C:\WINDOWS\system32\drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Acer\Remote Files\;C:\Program Files (x86)\Common Files\ACD Systems\EN\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1630993411-145381888-747447847-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rick\Documents\My Documents\Spare Icons\1\Photos 2\Wallpaper\BingWallpaper-2018-06-18.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
MSCONFIG\Services: ABBYY.Licensing.FineReader.Sprint.9.0 => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CCDMonitorService => 2
MSCONFIG\Services: CodeMeter.exe => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: GamesAppIntegrationService => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IJPLMSVC => 2
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: Intel® ME Service => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: L4301_Solar => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: NOBU => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: ReflectService.exe => 2
MSCONFIG\Services: Stereo Service => 2
HKLM\...\StartupApproved\StartupFolder: => "PC Clone EX.LNK"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "mylbx"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "LifeCam"
HKLM\...\StartupApproved\Run32: => "Malwarebytes Anti-Exploit"
HKLM\...\StartupApproved\Run32: => "ShaPlus Bandwidth Meter"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\Run: => "abDocsDllLoader"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\Run: => "OfficeSyncProcess"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\Run: => "ABBYY Screenshot Reader Bonus"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\Run: => "Avanquest Message"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\Run: => "5KPlayer"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\Run: => "Bonus.SSR.FR14"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\Run: => "UPSmart"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{0955A86A-2ED8-4E39-9329-0F2A2ABC8744}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe No File
FirewallRules: [{50143828-261D-4073-AE7B-F625BD9012A6}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe No File
FirewallRules: [{484F38D2-32FC-4FDC-9DC2-4DDEC02F66AA}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe No File
FirewallRules: [{7DC0C804-70DF-424D-BD87-6AD435A39C3E}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe No File
FirewallRules: [{EE5AF3DE-39B7-4032-8B82-A7DAC76C73CA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{8A6A80A5-8488-4639-AC02-0D10F3BA96E2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{2D90616E-620B-4704-9FE2-188396CD332B}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{897B1F29-60CF-4AFC-BA04-3BE54DA11E35}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FAE71AF6-7F25-4423-B1CA-E5D4C25A24BE}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{61F70EAE-A460-45BD-AC7D-542ED2A34FE7}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B1B8424F-3F40-4F51-AAE7-B0433B25D790}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{4C4AC1DC-3879-41DD-8E1A-9C8709745E01}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{E006BC02-43B3-41A1-BA28-2D78FAC1E58C}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe (Acer Incorporated -> acer)
FirewallRules: [{AC8334EF-1EBF-46D6-942D-E6645FDF3A02}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe (Acer Incorporated -> acer)
FirewallRules: [{6F2575DD-8B74-452A-A869-F3220637BA29}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{AA1F52B4-5D29-4263-983C-F171A36DD445}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{59A244B5-FD13-4CE9-B7BB-434E9B1CCB5C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{D0C095EF-62FB-4836-AF9E-09BBCCEDD3B1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{15937FE9-6B7C-4F06-A3AA-09E4142B19F6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{BC6340C9-1AAA-4B4A-884F-33EE6946AD08}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{710A0316-D030-4762-A753-884D9F048C01}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{0A791055-516F-4ABF-9CC0-7C60F8E04AE3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{7F9D5A5D-3277-4778-8DB6-43DE68F0F1F9}] => (Allow) C:\Program Files (x86)\stashimi\stashimi 12\Audials.exe (Audials AG -> Audials AG)
FirewallRules: [{3FCCCE94-DC9B-4961-990D-F763B5CDF777}] => (Allow) LPort=12972
FirewallRules: [{A5D845CB-23BA-4445-A24C-FE60495D37E4}] => (Allow) LPort=14714
FirewallRules: [{8007E4CA-A8D1-4C1F-9DEF-791B533C01DD}] => (Allow) LPort=31931
FirewallRules: [{49A38E7F-03A1-41A9-A70D-136BE1A71605}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe (Nero AG -> Nero AG)
FirewallRules: [{C9CC69B5-59D1-4B62-96C1-F3C853B80215}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe (Nero AG -> Nero AG)
FirewallRules: [{07755194-8ABB-4D57-8FE9-F2D7E9E1CE0C}] => (Allow) C:\Program Files (x86)\Nero\Nero 2015\Nero Burning ROM\StartNBR.exe (Nero AG -> Nero AG)
FirewallRules: [{3753B8A7-C901-420F-B35E-E695CFA30C26}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe (Nero AG -> Nero AG)
FirewallRules: [{C61BECE5-79BF-4348-A2BC-E705831F4572}] => (Allow) C:\Program Files (x86)\Nero\Nero 2015\Nero Burning ROM\nero.exe (Nero AG -> Nero AG)
FirewallRules: [{4AAF9233-4763-4545-9569-3A432271E7DE}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (Acer Incorporated -> Acer Cloud Technology)
FirewallRules: [{6D3F7FC8-EAB4-47B8-B745-80245527CD1D}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (Acer Incorporated -> Acer Cloud Technology)
FirewallRules: [{09FF3557-254C-4CA3-8034-4F22E5DEFF4E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FED014A0-63EE-45F5-8B26-CD012D2DDCA2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{52A5CACB-9FCD-4682-92EB-655F401BE9AA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{6B512EC7-1C9A-4DD0-B90B-F3260D3426ED}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{11764031-4EC4-46FD-BF07-045402D5F92D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{1033ED95-03C5-49BE-AED3-8A0CACCA4B07}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{E6B331CE-C73A-4EF3-8F2D-4E023D1C4A1F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{F5BB788E-DF73-4CCF-A918-C717FFBEFB6C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{32469169-AA4A-45EB-ACB1-CE527B05773B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{38363DE5-0DF2-4D82-91E0-FA87882BB990}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{BFA0A2B0-62A9-40BA-B6EB-36ED5C0698EF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3503228D-7DAD-4A19-8D18-181F6D555EB2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{33E3A89D-8087-4EE4-B24A-8A9AD592F383}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0EEFCB46-7766-49B8-8658-0795DC9BFDF2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CB345A0B-5CFD-4DA3-8DF8-533AF5BBCAC2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BD99BF21-82FD-4F96-8C8E-9C395773199D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{32DA455E-E9CB-46B6-A5BA-4D85A2D09E33}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
FirewallRules: [{BF17EB2F-6735-44B1-B7B8-DF2AF8D34021}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
FirewallRules: [{E25F5355-6388-4598-B2A9-B2C64F9CFE62}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
FirewallRules: [{20E6D3A9-4BD0-40A4-9A38-2C32477831DA}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
FirewallRules: [{2F288AEC-36A5-410F-845A-FDBC12DB8DE1}] => (Allow) LPort=5454
FirewallRules: [{81821348-98D7-44C8-BA48-72A6A06ED2EA}] => (Allow) LPort=5454
FirewallRules: [{A4A4AE44-7EC8-455B-A560-BD6C2CB6DA66}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2018\on1sandbox.exe No File
FirewallRules: [{51D22DDC-5C82-4E23-8274-257254BF729E}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2018\on1sandbox.exe No File
FirewallRules: [{35F70A29-BE37-4140-977B-FA4726385DF0}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2018\on1capture.exe No File
FirewallRules: [{63EFCE3B-EFFE-4686-BD84-4E8318A16A87}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2018\on1capture.exe No File
FirewallRules: [{1051BA62-C267-4506-8C21-30088E14074C}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2018\on1 photo raw 2018.exe No File
FirewallRules: [{F614331A-D0D5-4542-B9A9-DA557EE0D6C6}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2018\on1 photo raw 2018.exe No File
FirewallRules: [{F0295F0F-85D4-4554-B3AF-893FB77414B1}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [{8A1B1CB5-E93D-4CE5-BD55-93384AAD9EF1}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [TCP Query User{68FD5875-AB16-4B73-866E-0FDAA21B88F4}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe (Digiarty, Inc. -> DearMob)
FirewallRules: [UDP Query User{F5A1BA6C-C456-4E11-9357-B01CF09840BC}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe (Digiarty, Inc. -> DearMob)
FirewallRules: [{306B9756-D585-4046-85CB-5779A0470EC4}] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe (Digiarty, Inc. -> DearMob)
FirewallRules: [{A710A770-E3F8-422A-87D7-2BADDBB83176}] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe (Digiarty, Inc. -> DearMob)
FirewallRules: [TCP Query User{E0311600-CFE6-4EE0-9FE4-5F080D548139}C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe] => (Block) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe No File
FirewallRules: [UDP Query User{7372B4B5-E4B1-40DF-AAAB-591E3BED6389}C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe] => (Block) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe No File
FirewallRules: [{12C793FA-308C-483E-A837-D55A23A9B9E0}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{C74F49EA-15F3-4ACA-8D9D-E1F65FF23CE5}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{7DC66632-EE26-4ACB-BF46-A41F6ED806C2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DBC7321D-2567-4F07-BBDF-C0EED41F366B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CE1E5A85-3049-4129-842C-D4925CB80336}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
 
==================== Restore Points =========================
 
11-02-2019 12:58:33 Scheduled Checkpoint
15-02-2019 17:31:33 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/20/2019 03:10:44 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (02/20/2019 03:09:59 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {49e97ba9-3808-4cbc-a5c7-6ec85a0be7e4}
 
Error: (02/19/2019 06:34:54 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: Event-ID 3
 
Error: (02/19/2019 06:34:54 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: Event-ID 3
 
Error: (02/19/2019 06:34:54 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: Event-ID 3
 
Error: (02/19/2019 06:34:54 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: Event-ID 3
 
Error: (02/19/2019 06:34:54 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: Event-ID 3
 
Error: (02/19/2019 06:34:54 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: Event-ID 3
 
 
System errors:
=============
Error: (02/20/2019 03:33:02 PM) (Source: DCOM) (EventID: 10016) (User: HALPC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user HalPC\Rick SID (S-1-5-21-1630993411-145381888-747447847-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/20/2019 03:31:55 PM) (Source: DCOM) (EventID: 10016) (User: HALPC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user HalPC\Rick SID (S-1-5-21-1630993411-145381888-747447847-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/20/2019 03:19:36 PM) (Source: DCOM) (EventID: 10016) (User: HALPC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user HalPC\Rick SID (S-1-5-21-1630993411-145381888-747447847-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/20/2019 03:14:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscBrokerManager
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/20/2019 03:13:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/20/2019 03:13:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/20/2019 03:12:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Media Player Network Sharing Service service terminated with the following error: 
An attempt was made to reference a token that does not exist.
 
Error: (02/20/2019 03:12:20 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
 
CodeIntegrity:
===================================
 
Date: 2019-01-23 05:22:38.485
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Acer\shellext\x64\shellext_win.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-01-23 05:22:38.458
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Acer\shellext\x64\shellext_win.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-01-23 05:22:38.432
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Acer\shellext\x64\shellext_win.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-01-23 05:22:38.405
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.16.3.21\BuShell.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-01-23 05:22:38.392
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.16.3.21\BuShell.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-01-23 05:22:38.379
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.16.3.21\BuShell.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-01-23 05:22:38.297
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Acer\shellext\x64\shellext_win.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-01-23 05:22:38.269
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Acer\shellext\x64\shellext_win.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4440 CPU @ 3.10GHz
Percentage of memory in use: 36%
Total physical RAM: 8125.09 MB
Available physical RAM: 5183.94 MB
Total Virtual: 16317.09 MB
Available Virtual: 13499.52 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:457.31 GB) (Free:382.22 GB) NTFS
Drive d: (DATA) (Fixed) (Total:457.31 GB) (Free:457.12 GB) NTFS
 
\\?\Volume{b096842d-7d80-4c4a-8eb4-e5827b8055db}\ (Recovery) (Fixed) (Total:0.39 GB) (Free:0.15 GB) NTFS
\\?\Volume{f6bcedad-eb04-46fa-b9ae-76917f8a3f45}\ (Push Button Reset) (Fixed) (Total:16.08 GB) (Free:1.17 GB) NTFS
\\?\Volume{dab56a16-f60a-48f0-ab2f-c837a014a40d}\ (ESP) (Fixed) (Total:0.29 GB) (Free:0.24 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 3456572E)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 

  • 0

#25
Joeicam
Posted 20 February 2019 - 10:29 PM

Joeicam

    Malware Removal

  • Malware Removal
  • 1,289 posts

Hi Rickles,

 

I have noticed that when I right click a folder the Chinese script no longer appears.
That's great news! Looks like the fixes did a good job :)
 
Step 1 of 1: ESET Online Scanner
You will need to disable your current installed Anti-Virus for the duration of the online scan, how to do so can be read here.
 
NOTE: Right-click on your web browse icon and select Run as Administrator from the context menu.
  • Please go here to run the scan by clicking "SCAN NOW" under ESET Online Scanner
  • Then in the lower left-hand corner of the browser window click on esetonlinescanner.exe
  • In the new window that appears select "Run", and then the option Get Started, and if it asks, accept the Terms of Use (if you get a prompt asking if you want this program to make changes to your computer, select Yes)
  • In the new window that appears select the option Get Started
  • Click on "Computer scan", if asked if you want it to make changes, select "Yes"
  • Click on "Full Scan"
  • Now select "Enable ESET to detect and quarantine potentially unwanted applications"
  • The Module updates... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. 
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall. 
  • The scan will finish, now click on "View detailed results", and click on "Save scan log". Save the log to the Desktop
  • Go back to the application window and click on "Continue" until you get to the page with "CLOSE" on it, and ensure the box with "Delete application data on closing" is checked, then click on "Close".
  • Copy/paste the log you saved to your Desktop in your next reply
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
 
===============================================
 
When you reply to me, I need to see:
  • Any questions/concerns you might have, or if you were not able to complete any of the steps above
  • The copied and pasted results of the log.txt log, generated by the ESET scan.
 
 

  • 0

Advertisements

#26
Rickles
Posted 22 February 2019 - 09:44 AM

Rickles

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 629 posts

Hi Joe,

 

I followed your instructions and the Log is added below.

 

I only had one minor problem:

 

To get the browser, Chrome , to Run as Administrator,  I had to go to it to  C:\Program Files (x86)\Google\Chrome\Application and I Right clicked the Icon there and then clicked on Run as Administrator.

 

It did take some time to run but that I expected. Regards.

 

23/02/2019 2:26:32 AM

Files scanned: 425028
Infected files: 0
Cleaned threats: 0
Total scan time: 02:16:02
Scan status: Finished

  • 0

#27
Joeicam
Posted 22 February 2019 - 07:27 PM

Joeicam

    Malware Removal

  • Malware Removal
  • 1,289 posts
Hi Rickles, yep that's to be expected. ESET is a very thorough tool. Before we start cleaning things up, how is your machine performing?
  • 0

#28
Rickles
Posted 22 February 2019 - 11:07 PM

Rickles

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 629 posts

Hi Joe,

 

The computer is working very well and it is better now that those pop up messages have gone.

 

Regards


  • 0

#29
Joeicam
Posted 24 February 2019 - 10:00 PM

Joeicam

    Malware Removal

  • Malware Removal
  • 1,289 posts
Hi Rickles,
 
The computer is working very well and it is better now that those pop up messages have gone.
That's great! Let's clean up :). And I apologize for the delay. I was in a ski race yesterday! Whoop. 
 
Well done!  :thumbsup:. Your computer is clean and is ready to be used again :). All of the bad guys have been removed, but please take the time to follow these last steps to clean up the tools we've used throughout the process. It was my pleasure helping you
 
Now that we are at the end of the disinfection process, the tools that we utilized can now be removed from your machine, since they won't be used again (we hope!). If they need to be, then the most updated versions should be downloaded at that time.
 
Step 1 of 4: Removing Disinfection Tools with Delfix
 
This step cleans up the tools we were utilizing and creates a new restore point. 
 
1. Download Delfix by Xplode from here
2. Ensure Remove disinfection tools is ticked
Also tick:
  • Create registry backup
  • Purge system restore
delfix.jpg
3. Click Run
 
The program will run for a few moments and then notepad will open with a log. Please copy and paste the log in your next reply.
 
Step 2 of 4: Malwarebytes
 
As you have installed Malwarebytes, I recommend that you keep this program and use it to help you stay clean.
 
The free version will scan your computer and fix the problems it finds but will not provide real-time protection. You must scan regularly to find any threats. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.
Consider purchasing the full version for active threat monitoring.
 
Step 3 of 4: Filehippo Updatechecker (Optional)
 
Another weapon against malicious programs and viruses is to keeping other programs updated. There are several programs out there that can check for out of date programs on your computer. One is Filehippo. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them. 
 
Keep Applications Updated using FileHippo
1. Navigate to this website
2. Click on the green "Download This Version" on the right
3. Click on the downloaded file entitled, "AppManagerSetup_1.47"
4. Follow the on-screen instructions
Once installed, FileHippo will prompt you if any updates are available for the applications you currently have installed.
 
Step 4 of 4: Installation of Unchecky (Optional)
 
This is a good program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.
  • Click here to be taken to Unchecky.com
  • Click the Download button in the middle of the screen
  • Click Save
  • Once downloaded, right-click the program and select "Run as Administrator"
  • Once open, click the Install button
  • Then click on Finish
  • Unchecky is now installed and will help you keep unwanted check boxes unchecked
 
===============================================
 
When you reply to me, I need to see:
  • Any questions/concerns you might have, or if you were not able to complete any of the steps above
  • The copied and pasted results of the Delfix log file
 
 
 

  • 0

#30
Rickles
Posted 26 February 2019 - 04:39 AM

Rickles

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 629 posts

Hi Joe,

 

Instructions followed and Log included.

 

Filehippo and  Unchecky downloaded and will be installed.

 

Malwarebytes has been installed for some time now. It was recommended the last time I had to call for help, it is a fully paid up current version.

 

I thank you for your help and time, you guys do a good job and it is a comfort to know that you are out there. Regards

 

 

# DelFix v1.013 - Logfile created 26/02/2019 at 21:26:55
# Updated 17/04/2016 by Xplode
# Username : Rick - HALPC
# Operating System : Windows 10 Home  (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #63 [Windows Update | 02/15/2019 06:31:33]
Deleted : RP #66 [Scheduled Checkpoint | 02/23/2019 12:35:46]
 
New restore point created !
 
########## - EOF - ##########

 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP