Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pop up message


  • Please log in to reply

#1
Rickles

Rickles

    Member

  • Member
  • PipPipPip
  • 532 posts

Hi

 

I keep getting this message and it is driving me nuts.

 

Is it harmful and can I stop it popping up.

 

Regards


Edited by Joeicam, 14 February 2019 - 07:39 PM.
Removed attachment

  • 0

Advertisements


#2
Joeicam

Joeicam

    Malware Removal

  • Malware Removal
  • 1,282 posts
Hello Rickles, and welcome to logo.png
 
My name is Joeicam :), you can call me Joe, and I will be assisting you every step of the way.
 
Please Note: I am still in training and my fixes have to be approved by my instructor, so there may be a slight delay in my replies. Look at it as a good thing though, since you have two people looking at your problem. 
 
If you have any questions or comments, or aren't quite sure about what to do, STOP AND ASK.
 
Before we begin, please familiarize yourself with the following:
  • Back up your files and folders, as sometimes malware infections can be severe. It's a good habit to plan for the worst.
  • Please follow my instructions exactly, and do not repeat any steps more than once, unless instructed.
  • Copy/Paste entire contents of your logs, and submit inside your post, instead of submitting as an attachment, unless told otherwise.
  • If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
 
Finally
  • As malware removal can be a complicated, multistep process, you should stick with me until I declare your system to be clean of all threats. It may seem like your system is running properly, but that does not mean that the infection is completely gone.
  • You must reply to this post within four days, if you do not, then the topic will be closed.
  • However, if you need more time to run the tools and fixes, or would like your topic to be reopened, please PM me or any Moderator to reactivate your topic.
 
If I have not responded to your post within 24 hours, then send me a private message (PM).
Otherwise, all communication is done in the forums.
 
Let's get to work! :)
 
____________________________________________________________________________________________________
 
The fixes presented are specific to your problem and should only be used for the issue on this machine!
____________________________________________________________________________________________________
 

Step 1 of 1: FRST Download/Scan
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Note: If your browser warns you about FRST not being safe, you can rest assured, as FRST is 100% safe.
  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce logs called FRST.txt and Addition.txt in the same directory the tool is run from.
  • Please copy and paste the logs back here.
===============================================
 
When you reply to me, I need to see:
  • Any questions/concerns you might have, or if you were not able to complete any of the steps above
  • The copied and pasted results of the FRST.txt and Addition.txt
 
 

  • 0

#3
Rickles

Rickles

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 532 posts

 Hi Joeicam,

 

Welcome to the Geeks!

 

There may be a slight delay in my replies as well because I live in Australia.

 

Over the years I have had a few hiccups with the computer but you guys soon fixed the problem.

 

So to work: I downloaded FRST64 but I had to switch off the Anti-virus program first to get it to run.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.02.2019 01

Ran by Rick (administrator) on HALPC (11-02-2019 14:08:52)
Running from C:\Users\Rick\Desktop
Loaded Profiles: Rick (Available Profiles: Rick & Administrator)
Platform: Windows 10 Home Version 1803 17134.523 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.3.21\NortonSecurity.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.3.21\nsWscSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.3.21\NortonSecurity.exe
() C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\YunDetectService.exe
() C:\Program Files (x86)\X-Rite\ColorMunki Smile\application\ColorMunki Smile Tray.exe
() C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-21] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [mylbx] => C:\Program Files\My Lockbox\mylbx.exe [2143552 2012-03-21] (FSPro Labs -> FSPro Labs)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [2309008 2017-09-19] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [UPSmart2000R] => C:\Program Files (x86)\UPSmart2000R\UPSmart2000R.exe [1721856 2011-06-21] () [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Winlogon: [Userinit] C:\WINDOWS\system32\userinit.exe, [27136 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [1769312 2015-11-23] (Acer Incorporated -> )
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1104384 2014-01-07] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [Avanquest Message] => C:\Users\Rick\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497640 2017-02-20] (AVANQUEST S.A. -> Avanquest Software)
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [5KPlayer] => C:\Program Files (x86)\DearMob\5KPlayer\5KPlayer.exe [29318088 2018-06-20] (Digiarty, Inc. -> DearMob)
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [Bonus.SSR.FR14] => "C:\Program Files (x86)\ABBYY FineReader 14\ScreenshotReader.exe" /autorun
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [BaiduYunGuanjia] => "C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\BaiduNetdisk.exe" AutoRun
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [BaiduYunDetect] => C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\YunDetectService.exe [1127448 2018-08-06] (Beijing Baidu Netcom Science and Technology Co.,Ltd -> )
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [SurfEasy] => C:\Program Files (x86)\Norton WiFi Privacy\client\Norton WiFi Privacy.exe startup
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [Deskpecker] => C:\Program Files (x86)\Zamaan's Software\Deskpecker 1.0\deskpecker.exe
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [UPSmart] => C:\Program Files (x86)\IDBK\UPSmart\UPSmart.exe [4472320 2015-04-10] ()
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1587680 2018-12-12] (Google Inc -> Google Inc.)
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\MountPoints2: {07374292-edfb-11e3-825e-40f02f1b2390} - "G:\HPLauncher.exe" 
HKU\S-1-5-21-1630993411-145381888-747447847-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\DOLPHI~1.SCR [275931 2005-05-16] ()
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [175392 2012-10-26] (Logitech Inc.)
HKLM\...\Drivers32: [vidc.rscc] => C:\Windows\system32\rscc.dll [836096 2013-02-21] (RSUPPORT)
HKLM\...\Drivers32: [MSVideo] => C:\Windows\system32\vfwwdm32.dll [67072 2018-04-12] (Microsoft Corporation)
HKLM\...\Drivers32-x32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech Inc.)
HKLM\...\Drivers32-x32: [vidc.MPG4] => C:\Windows\SysWOW64\MPG4C32.dll [413760 2010-03-15] (Microsoft Corporation)
HKLM\...\Drivers32-x32: [vidc.MP42] => C:\Windows\SysWOW64\MPG4C32.dll [413760 2010-03-15] (Microsoft Corporation)
HKLM\...\Drivers32-x32: [vidc.MP43] => C:\Windows\SysWOW64\MPG4C32.dll [413760 2010-03-15] (Microsoft Corporation)
HKLM\...\Drivers32-x32: [vidc.rscc] => C:\Windows\SysWOW64\rscc.dll [671744 2013-02-21] (RSUPPORT)
HKLM\...\Drivers32-x32: [vidc.n264] => C:\Windows\SysWOW64\n264.dll [12888576 2014-10-20] (RSUPPORT)
HKLM\...\Drivers32-x32: [vidc.mp4v] => C:\Windows\SysWOW64\n264.dll [12888576 2014-10-20] (RSUPPORT)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-17] (Google Inc -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2013-09-25] (Qualcomm Atheros -> Qualcomm®Atheros®)
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2013-09-25] (Qualcomm Atheros -> Qualcomm®Atheros®)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ColorMunki Smile Tray.lnk [2017-02-17]
ShortcutTarget: ColorMunki Smile Tray.lnk -> C:\Program Files (x86)\X-Rite\ColorMunki Smile\application\ColorMunki Smile Tray.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Finder.lnk [2017-10-04]
ShortcutTarget: Scanner Finder.lnk -> C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe ()
Startup: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2018-07-31]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{700625b6-a397-4ec9-928e-f5e2582bcb2a}: [DhcpNameServer] 10.0.0.138
 
Internet Explorer:
==================
HKU\S-1-5-21-1630993411-145381888-747447847-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://au.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1630993411-145381888-747447847-1001 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=oem&geo=AU&ver=22.16.3.21&locale=en_AU&guid=F113AF33-50B6-4FC4-9B92-A61EDF325BE2&doi=2016-09-01&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-1630993411-145381888-747447847-1001 -> {2EE8CAB0-3292-4D28-A7B7-2A77AFAA1ACE} URL = 
SearchScopes: HKU\S-1-5-21-1630993411-145381888-747447847-1001 -> {6BF85770-390E-4771-8FDF-86EA5796A242} URL = hxxps://www.google.com.au/search?hl=en&q={searchTerms}&meta=cr%3DcountryAU
SearchScopes: HKU\S-1-5-21-1630993411-145381888-747447847-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=oem&geo=AU&ver=22.16.3.21&locale=en_AU&guid=F113AF33-50B6-4FC4-9B92-A61EDF325BE2&doi=2016-09-01&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-1630993411-145381888-747447847-1001 -> {C7C07245-7FB2-48A9-85DE-F1A2B330DC1D} URL = hxxps://www.google.com.au/search?hl=en&q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.)
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.16.3.21\coIEPlg.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_201\bin\ssv.dll [2019-01-19] (Oracle America, Inc. -> Oracle Corporation)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-01-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.16.3.21\coIEPlg.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.16.3.21\coIEPlg.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.16.3.21\coIEPlg.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
DPF: HKLM-x32 {CB927D12-4FF7-4A9E-A169-56E4B8A75598} hxxps://qtinstall.apple.com/qtactivex/qtplugin.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
 
FireFox:
========
FF DefaultProfile: zv9a8e0y.default
FF ProfilePath: C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\zv9a8e0y.default [2019-02-11]
FF Homepage: Mozilla\Firefox\Profiles\zv9a8e0y.default -> hxxps://www.google.com.au/?gws_rd=ssl|hxxps://www.google.com.au/?gws_rd=ssl|about:preferences
FF Extension: (Norton Password Manager) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\zv9a8e0y.default\Extensions\[email protected] [2019-01-05]
FF Extension: (Norton Safe Search) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\zv9a8e0y.default\Extensions\[email protected] [2018-11-22]
FF Extension: (Norton Safe Search) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\zv9a8e0y.default\Extensions\nortonsafesearch_ul[email protected] [2018-11-22]
FF Extension: (Norton Safe Web) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\zv9a8e0y.default\Extensions\[email protected] [2019-01-05]
FF Extension: (Safe Preview) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\zv9a8e0y.default\Extensions\[email protected] [2016-06-08] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_114.dll [2019-01-09] ()
FF Plugin: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-01-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-01-19] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_114.dll [2019-01-09] ()
FF Plugin-x32: @baidu.com/YunWebDetectPlugin -> C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\npYunWebDetect.dll [No File]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2016-04-14] (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-12-27] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-12-27] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-12-27] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-12-27] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-20] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\Program Files (x86)\Common Files\Nero\BrowserPlugin\npBrowserPlugin.dll [2014-08-29] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2018-05-01] ()
FF Plugin HKU\S-1-5-21-1630993411-145381888-747447847-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Rick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-19] (Unity Technologies ApS)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxps://www.google.com.au/webhp?cr=countryAU&tbs=ctr:countryAU"
CHR NewTab: Default ->  Not-active:"chrome-extension://mhffmephdchhhbfjmdpoaldedhhdanbn/homePageRedirect.html"
CHR Profile: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default [2019-02-11]
CHR Extension: (Google Slides) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-27]
CHR Extension: (Logitech Unifying for Chrome) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\agpmgihmmmfkbhckmciedmhincdggomo [2015-10-27]
CHR Extension: (Google Docs) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-27]
CHR Extension: (Google Drive) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]
CHR Extension: (YouTube) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-27]
CHR Extension: (Norton Security Toolbar) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-12-07]
CHR Extension: (Google Search) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-12-06]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2015-12-07]
CHR Extension: (Google Sheets) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (AdBlock) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-04]
CHR Extension: (Norton Identity Safe) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-12-06]
CHR Extension: (Norton Safe) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2015-10-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-27]
CHR Extension: (Norton Security Toolbar) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2015-10-27]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2015-11-16]
CHR Extension: (Gmail) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-27]
CHR Profile: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default [2019-02-11]
CHR Extension: (Slides) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Norton Password Manager) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\admmjipmmciaobhojoghlmleefbicajg [2019-02-02]
CHR Extension: (Docs) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-07]
CHR Extension: (YouTube) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-07]
CHR Extension: (Flash Player) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmimdmkleccdoghpgdhaahkelfhjfhgm [2018-10-30]
CHR Extension: (Google Search) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-07]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2016-09-26]
CHR Extension: (Norton Safe Search) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogpedgkejfmehnklhahflpmplhiceal [2018-11-16]
CHR Extension: (Sheets) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Norton Safe Web) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpbeacklnhmkkilekogeiekaglbmmka [2019-01-24]
CHR Extension: (Google Docs Offline) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-15]
CHR Extension: (AdBlock) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-02-08]
CHR Extension: (Skype) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-26]
CHR Extension: (Norton Home Page) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhffmephdchhhbfjmdpoaldedhhdanbn [2018-12-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-07]
CHR Extension: (Chrome Media Router) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-17]
CHR Profile: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-02-11]
CHR Profile: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\System Profile [2019-02-11]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.3.21\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1630993411-145381888-747447847-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.3.21\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc. -> Apple Inc.)
S4 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2860760 2016-01-14] (Acer Incorporated -> Acer Incorporated)
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] (Canon Inc. -> )
S4 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Trusted Connect Service -> Intel® Corporation)
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-20] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-20] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-31] (Logitech -> Logitech, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-01] (Symantec Corporation -> Symantec Corporation)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.16.3.21\NortonSecurity.exe [328648 2018-12-13] (Symantec Corporation -> Symantec Corporation)
S2 NortonWiFiPrivacy; C:\Program Files (x86)\Norton Secure VPN\client\NSVService.exe [6236176 2018-11-22] (Symantec Corporation -> Symantec Corporation)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.16.3.21\nsWscSvc.exe [915712 2018-12-13] (Symantec Corporation -> Symantec Corporation)
S4 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3476432 2015-10-12] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
S2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [355184 2017-09-19] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-21] (Microsoft Corporation -> Microsoft Corporation)
R2 xrdd.exe; C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe [83312 2015-09-18] (X-Rite Incorporated -> X-Rite Inc.)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 378634B9; C:\WINDOWS\System32\drivers\378634B9.sys [478392 2016-09-13] (Kaspersky Lab -> Kaspersky Lab ZAO)
R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2018-04-12] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.12.0.104\Definitions\BASHDefs\20190206.001\BHDrvx64.sys [1925104 2018-09-20] (Symantec Corporation -> Symantec Corporation)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [610336 2016-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\ccSetx64.sys [189152 2018-12-12] (Symantec Corporation -> Symantec Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515792 2018-12-05] (Symantec Corporation -> Symantec Corporation)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation -> EldoS Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153296 2018-12-07] (Symantec Corporation -> Symantec Corporation)
S3 EyeOneDisplay; C:\WINDOWS\System32\Drivers\i1display_x64.sys [15016 2013-01-07] (X-Rite Incorporated -> GretagMacbeth LLC)
R0 FSProFilter; C:\WINDOWS\System32\Drivers\FSPFltd.sys [54848 2010-07-22] (FSPro Labs -> FSPro Labs)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.12.0.104\Definitions\IPSDefs\20190208.061\IDSvia64.sys [1424904 2019-01-23] (Symantec Corporation -> Symantec Corporation)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-20] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
U5 NortonSecureVPN; C:\Program Files (x86)\Norton Secure VPN\client\NSVService.exe [6236176 2018-11-22] (Symantec Corporation -> Symantec Corporation)
S3 npf; C:\WINDOWS\system32\drivers\npf.sys [35344 2018-07-17] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvaewu.inf_amd64_8baa9d083edacf87\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation -> NVIDIA Corporation)
R2 RtkIOAC60; C:\WINDOWS\system32\DRIVERS\RtkIOAC60.sys [29912 2013-07-19] (Realtek Semiconductor Corp -> Realtek semiconductor corp)
R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SRTSP64.SYS [855256 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SRTSPX64.SYS [49880 2018-12-12] (Symantec Corporation -> Symantec Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SYMEFASI64.SYS [1969328 2018-12-12] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SymELAM.sys [25744 2018-12-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-06-15] (Symantec Corporation -> Symantec Corporation)
S4 SymEvnt; C:\Program Files\Norton Security\NortonData\22.12.0.104\SymPlatform\SymEvnt.sys [678616 2019-02-02] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\Ironx64.SYS [308416 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\symnets.sys [567024 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R3 SymTAP; C:\WINDOWS\System32\drivers\SymTAP.sys [52512 2018-10-13] (Symantec Corporation -> The OpenVPN Project)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2018-05-05] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\wpCtrlDrv.sys [1011056 2018-12-12] (Symantec Corporation -> Symantec Corporation)
U3 aswbdisk; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-11 14:08 - 2019-02-11 14:10 - 000037878 _____ C:\Users\Rick\Desktop\FRST.txt
2019-02-11 14:08 - 2019-02-11 14:08 - 000000000 ____D C:\FRST
2019-02-11 14:06 - 2019-02-11 14:06 - 002434048 _____ (Farbar) C:\Users\Rick\Desktop\FRST64.exe
2019-02-11 03:21 - 2019-02-11 03:21 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2019-02-09 12:08 - 2019-02-09 12:08 - 000000000 ____D C:\Users\Rick\AppData\Local\AOP SDK
2019-02-09 02:12 - 2019-02-09 02:19 - 000000000 ____D C:\Users\Rick\AppData\Local\Adobe
2019-02-04 21:38 - 2019-02-09 18:26 - 000000000 ____D C:\Users\Rick\AppData\Local\Canon Easy-PhotoPrint EX
2019-02-04 21:38 - 2019-02-04 21:38 - 000000000 ___HD C:\ProgramData\CanonIJEPPEX2
2019-02-04 21:38 - 2019-02-04 21:38 - 000000000 ___HD C:\ProgramData\CanonIJEPPEX
2019-02-04 21:38 - 2019-02-04 21:38 - 000000000 ___HD C:\ProgramData\CanonEPP
2019-01-31 21:54 - 2019-01-31 22:03 - 000000000 ____D C:\Program Files\PortraitPro 18 Trial
2019-01-29 14:15 - 2019-01-29 14:15 - 000001237 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disketch Disc Label Software.lnk
2019-01-29 14:15 - 2019-01-29 14:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2019-01-29 14:15 - 2019-01-29 14:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graphics Related Programs
2019-01-29 14:15 - 2019-01-29 14:15 - 000000000 ____D C:\Program Files (x86)\NCH Software
2019-01-27 22:32 - 2017-03-02 02:47 - 000000055 _____ C:\Users\Rick\Desktop\Ann and Les Gunn (2).txt
2019-01-21 18:35 - 2019-01-21 18:35 - 000000000 ____D C:\Users\Rick\AppData\Roaming\CDROLLER
2019-01-19 16:40 - 2019-01-19 16:40 - 000000000 ____D C:\Users\Rick\AppData\LocalLow\Oracle
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-11 14:04 - 2018-04-12 10:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-11 13:24 - 2018-05-16 17:55 - 000004144 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9FED51AC-BB0D-4BEE-9687-B54D279E2473}
2019-02-11 13:10 - 2018-05-16 17:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-02-11 12:57 - 2018-10-10 22:23 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security with Backup
2019-02-11 03:02 - 2018-05-16 17:55 - 000003352 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1630993411-145381888-747447847-1001
2019-02-11 03:02 - 2018-05-16 17:45 - 000002364 _____ C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-11 03:02 - 2014-07-26 03:23 - 000000000 __RDO C:\Users\Rick\OneDrive
2019-02-10 22:21 - 2018-04-12 10:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-02-10 22:20 - 2018-04-12 20:18 - 000000000 ____D C:\WINDOWS\OCR
2019-02-10 21:07 - 2017-12-19 09:52 - 000000000 ____D C:\Users\Rick\AppData\LocalLow\Mozilla
2019-02-10 19:16 - 2016-09-26 02:11 - 000000000 ____D C:\Users\Rick\AppData\Local\File Viewer Plus
2019-02-10 18:03 - 2015-10-27 11:17 - 000000000 ____D C:\Users\Rick\AppData\Roaming\Adobe
2019-02-10 15:29 - 2018-04-12 10:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-10 15:29 - 2018-04-12 10:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-02-09 19:00 - 2015-11-04 15:07 - 000000000 ____D C:\ProgramData\CanonIJPLM
2019-02-09 18:46 - 2018-04-12 10:38 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2019-02-08 17:52 - 2018-07-11 14:28 - 000000000 ____D C:\ProgramData\Packages
2019-02-08 17:44 - 2018-04-12 08:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-02-08 17:43 - 2018-05-16 17:55 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-02-08 17:43 - 2016-10-02 22:04 - 000000000 ____D C:\ProgramData\NVIDIA
2019-02-08 17:42 - 2018-12-07 22:24 - 000000000 ____D C:\Program Files\CCleaner
2019-02-08 17:42 - 2018-04-12 08:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-02-08 05:02 - 2018-07-06 22:18 - 000000000 ____D C:\Users\Rick\AppData\Roaming\5KPlayer
2019-02-07 22:29 - 2017-01-03 14:17 - 000000000 ___RD C:\Users\Rick\Downloads\DeviceDoctor.Opener_mkdtfchztkfbm!App
2019-02-07 01:15 - 2018-09-25 22:11 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-02-06 21:23 - 2018-04-12 10:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-02-06 21:23 - 2015-10-28 00:56 - 000000000 ____D C:\Users\Rick\AppData\Local\CrashDumps
2019-02-06 21:22 - 2018-05-20 20:36 - 000000000 ____D C:\Users\Rick\AppData\Local\D3DSCache
2019-02-05 15:02 - 2018-08-12 03:15 - 000000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2019-02-04 21:38 - 2015-11-04 15:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2019-02-04 21:37 - 2015-11-04 15:09 - 000000000 ____D C:\Program Files\Canon
2019-01-30 21:24 - 2015-10-27 12:04 - 000000000 ____D C:\ProgramData\FLEXnet
2019-01-29 14:16 - 2015-12-03 14:38 - 000000000 ____D C:\Users\Rick\AppData\Roaming\NCH Software
2019-01-28 15:06 - 2015-12-24 01:02 - 000000000 ____D C:\Users\Rick\AppData\Local\ElevatedDiagnostics
2019-01-24 22:01 - 2017-10-21 20:06 - 000000000 ____D C:\ProgramData\Corel
2019-01-24 19:55 - 2015-10-28 00:25 - 000000000 ____D C:\ProgramData\Package Cache
2019-01-23 19:13 - 2014-01-07 06:27 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-01-21 18:47 - 2018-07-05 15:29 - 000000000 ____D C:\Users\Rick\AppData\Roaming\dvdcss
2019-01-20 04:46 - 2018-05-16 17:45 - 000000000 ____D C:\Users\Rick
2019-01-19 16:41 - 2018-11-10 15:29 - 000110968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2019-01-19 16:41 - 2018-11-10 15:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-01-19 16:41 - 2018-11-10 15:28 - 000000000 ____D C:\Program Files\Java
2019-01-18 15:51 - 2017-09-29 19:08 - 000000000 ____D C:\Program Files\rempl
2019-01-15 17:23 - 2017-12-12 03:40 - 000000000 ____D C:\Users\Rick\AppData\Local\PlaceholderTileLogoFolder
 
==================== Files in the root of some directories =======
 
2016-05-21 15:20 - 2018-09-18 18:43 - 000013531 _____ () C:\Users\Rick\AppData\Roaming\event.log
2015-12-05 02:17 - 2019-01-10 12:46 - 000025088 _____ () C:\Users\Rick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-09-22 18:55 - 2018-09-22 18:55 - 000000000 _____ () C:\Users\Rick\AppData\Local\oobelibMkey.log
2015-11-17 17:18 - 2015-11-17 17:18 - 000000000 _____ () C:\Users\Rick\AppData\Local\{33487DA2-1ED6-4DAD-A40C-AB6B7AA40B7E}
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-16 17:40
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.02.2019 01
Ran by Rick (11-02-2019 14:10:37)
Running from C:\Users\Rick\Desktop
Windows 10 Home Version 1803 17134.523 (X64) (2018-05-16 07:16:50)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1630993411-145381888-747447847-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1630993411-145381888-747447847-503 - Limited - Disabled)
Guest (S-1-5-21-1630993411-145381888-747447847-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1630993411-145381888-747447847-1003 - Limited - Enabled)
Rick (S-1-5-21-1630993411-145381888-747447847-1001 - Administrator - Enabled) => C:\Users\Rick
WDAGUtilityAccount (S-1-5-21-1630993411-145381888-747447847-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security (Disabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
3D Shadow 2.0 (HKLM\...\3D Shadow_is1) (Version: 2.0 - Lokas Software)
5KPlayer (HKLM-x32\...\5KPlayer) (Version: 5.1 - DearMob, Inc.)
7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version:  - )
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.09.2001 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.09.2003.0 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.06.2000.22 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3019 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.09.2002 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8100 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
ADAudit Plus (HKLM-x32\...\{B4E87CC6-F195-4CFE-92A2-8439FC3716C9}) (Version: 4.6.0 - ZOHO Corp)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe CMaps x64 CS4 (HKLM\...\{90BA8112-80B3-4617-A3C1-BD2771B60F74}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated)
Adobe Fonts All x64 (HKLM\...\{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe PDF Library Files x64 CS4 (HKLM\...\{DFFABE78-8173-4E97-9C5C-22FB26192FC5}) (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Type Support x64 CS4 (HKLM\...\{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}) (Version: 9.0 - Adobe Systems Incorporated) Hidden
AnalogX NetStat Live (HKLM-x32\...\AnalogX NetStat Live) (Version:  - AnalogX)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.15.2000.1 - Acer Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Ashampoo Cover Studio 2017 (HKLM-x32\...\{91B33C97-6D7D-102A-7711-56C011AFB81B}_is1) (Version: 3.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo MyAutoplay Menu v.1.0.5 (HKLM-x32\...\{91B33C97-FD41-09C7-0F51-78F94C35D772}_is1) (Version: 1.0.5 - Ashampoo GmbH & Co. KG)
Avanquest Message (HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.06.0 - Avanquest Software)
Awesome Duplicate Photo Finder v. 1.0.1 (HKLM-x32\...\Awesome Duplicate Photo Finder_is1) (Version:  - Duplicate-Finder.com)
BenVista PhotoZoom Classic 6.1 (HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\PhotoZoom Classic 6) (Version: 6.1 - BenVista Ltd.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.7.0 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon MX920 series On-screen Manual (HKLM-x32\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.52 - Piriform)
ClipGrab 3.7.1 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
CODIJY Pro version 3.6.1 (HKLM\...\{26339FAF-FA88-4C47-9E68-D4D3E8C512D9}_is1) (Version: 3.6.1 - CODIJY)
CoffeeCup Free Zip Wizard (HKLM-x32\...\CoffeeCup Free Zip Wizard) (Version:  - CoffeeCup Software)
ColorMunki Smile (HKLM-x32\...\ColorMunki Smile_is1) (Version:  - X-Rite)
Data Lifeguard Diagnostic for Windows 1.31 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform)
Disketch Disc Label Software (HKLM-x32\...\Disketch) (Version: 3.39 - NCH Software)
Dolphin Pod 0.3 (HKLM-x32\...\Dolphin Pod_is1) (Version:  - )
DVD-Cloner V9.60 Build 1114 (HKLM-x32\...\DVD-Cloner 9_is1) (Version: 9.60.0.1114 - OpenCloner Inc.)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
File Identifier (HKLM-x32\...\{C257E434-E8F1-4E06-A616-598E4933553E}_is1) (Version: 1.0.11 - Sharpened Productions)
File Viewer Plus (HKLM-x32\...\{C8B24B83-920A-446E-B027-38F72C9D8898}_is1) (Version: 2.2.1 - Sharpened Productions)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.4.0.16811 - Foxit Software Inc.)
Free FreeCell Solitaire 2015 v3.0 (HKLM-x32\...\Free FreeCell Solitaire_is1) (Version:  - TreeCardGames)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.22) (Version: 9.22 - Artifex Software Inc.)
Grant Digital (HKLM-x32\...\{ED4830CC-FB1B-4E51-9ED3-0FCC97758D1D}) (Version:  - )
HAL 9000 [Console] Basic Screen Saver (HKLM-x32\...\HAL 9000 [Console] Basic) (Version:  - )
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.8101 - Acer Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Image Resizer for Windows (64 bit) (HKLM\...\{2A1F3759-5792-469B-B895-7E29680F02F1}) (Version: 3.1.1.0 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{92916BDF-74CB-479C-B69E-32EACB074FFE}) (Version: 3.1.1.0 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{c624f5da-779e-4ccb-9ce1-34bc5ef0a6b9}) (Version: 3.1.1.0 - Brice Lambson)
ImageMixer VCD2 for FinePix (HKLM-x32\...\{934E9442-D305-4ACF-AD87-A6C11D677CB9}) (Version:  - )
InCD EasyWrite Reader (HKLM-x32\...\MRW!UninstallKey) (Version:  - )
InPixio Photo (HKLM-x32\...\{5F0C0CD8-77B1-4C3E-9F01-5AF10D85DBB4}) (Version: 6.09.0 - Avanquest Software)
InPixio Photo Maximizer (HKLM-x32\...\{33DB8C17-40C9-4629-B6D4-05A4C7E8AA86}) (Version: 2.03.25799 - Avanquest Software)
InstaCards (HKLM-x32\...\{58259C24-7B5E-4977-93B0-E9EEA1B884CE}) (Version: 1.6.1 - Avanquest Software)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Java 8 Update 201 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
LicenseCrawler version 1.25 build-298 (HKLM-x32\...\{12151216-3E3F-4118-AE95-49C39F1D7EA2}_is1) (Version: 1.25 build-298 - Martin Klinzmann)
liteCam HD (HKLM-x32\...\{4926737D-839C-430F-805F-28C7EF86A432}) (Version: 4.95.0000 - RSUPPORT)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Macrium Reflect Free Edition (HKLM\...\{08B0BEF7-A098-4A77-B132-8702E9F43682}) (Version: 6.1.1225 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Mahjong Champ (HKLM-x32\...\MahjongChamp) (Version:  - )
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
McAfee Safe Connect (HKLM-x32\...\{54EB2499-4B4F-4AE5-9D1E-CCAE9D6ED880}) (Version: 1.3.1.128 - McAfee, Inc)
Microsoft LifeCam (HKLM\...\{8EC9E7BB-2443-49B1-8476-490EBF932C2E}) (Version: 4.25.512.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{386881cc-7635-4ec3-aaf3-e28904b27a28}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movavi Photo Noir (HKLM-x32\...\Movavi Photo Noir) (Version: 1.0.1 - Movavi)
Mozilla Firefox 63.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.3 (x64 en-US)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 63.0.3.6892 - Mozilla)
My Lockbox 2.8.2 (HKLM\...\My Lockbox_is1) (Version: 2.8.2 - )
Nero 11 InfoTool (HKLM-x32\...\{64BEF779-5053-48AF-A3D8-B70EBC1C70E7}) (Version: 11.0.00500 - Nero AG)
Nero 2015 (HKLM-x32\...\{E6626251-ED62-469C-821F-D75C50154C48}) (Version: 16.0.02800 - Nero AG)
Nero CoverDesigner 2017 (HKLM-x32\...\{29102D23-A61D-48BC-876D-449BF9937B62}) (Version: 18.0.00900 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 20.0.1011 - Nero AG)
Nero Prerequisite Installer 7.0 (HKLM-x32\...\{20A619F0-E309-4434-A7ED-C270759803AA}) (Version: 19.0.00000 - Nero AG)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Secure VPN (HKLM-x32\...\Norton Secure VPN) (Version: 1.6.0.280 - Symantec Corporation)
Norton Security (HKLM-x32\...\NGC) (Version: 22.16.3.21 - Symantec Corporation)
Norton WiFi Privacy (HKLM-x32\...\Norton WiFi Privacy) (Version: 1.4.9 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 326.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 326.01 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
PcCloneEX (HKLM-x32\...\PcCloneEX) (Version:  - )
PDF Settings CS4 (HKLM-x32\...\{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}) (Version: 9.0 - Adobe Systems Incorporated) Hidden
PicaView32 (HKLM-x32\...\PicaView32) (Version:  - )
Plantraco FMS Model Installer (HKLM-x32\...\{002D2C86-303B-4146-A3F6-8F0BA5A93F11}) (Version: 1.0.5 - Plantraco)
PowerPoint CD-ROM Wizard (HKLM-x32\...\PowerPoint CD-ROM Wizard) (Version:  - )
Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0010 - Nero AG) Hidden
Prerequisite installer (HKLM-x32\...\{5F284483-EE8D-447E-BEBE-2BF13B08C4BF}) (Version: 17.0.0002 - Nero AG) Hidden
Prerequisite installer (HKLM-x32\...\{799AFA36-4EA5-4323-8689-74C06645A26B}) (Version: 16.0.0000 - Nero AG) Hidden
Prerequisite installer (HKLM-x32\...\{AD240F1A-3102-492E-B657-17969A9D5E9A}) (Version: 19.0.0003 - Nero AG) Hidden
Prerequisite installer (HKLM-x32\...\{EB511CD1-C87C-490D-A7B1-D6C47F57820F}) (Version: 18.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.11 - Qualcomm Atheros)
RAW FILE CONVERTER LE (HKLM-x32\...\{D680C913-5955-469D-9D88-C1940F7506D6}) (Version:  - )
Rays (HKLM\...\Digital Film Tools-Rays 1.0) (Version: 1.0 - Digital Film Tools)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
RMP4 (HKLM-x32\...\{F78FC958-7354-43EA-BF26-AFCBFE7B9C18}) (Version: 1.05.0000 - RSUPPORT)
RSCC (HKLM-x32\...\{562CBD30-CA59-4640-862C-99C0ECED4B4C}) (Version: 2.02.0000 - RSUPPORT)
ScanWizard 5 (HKLM-x32\...\{B08D262E-D902-11D5-9C28-0080C85A0C2D}) (Version:  - )
Serif WebPlus X7 (HKLM\...\{DDC54AEA-0ED0-4F2F-9C3C-7C382D80B5FB}) (Version: 15.0.4.38 - Serif (Europe) Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SlimDX Runtime .NET 2.0 (January 2012) (HKLM-x32\...\{014A2868-BE56-4888-A16C-693989B8F153}) (Version: 2.0.13.43 - SlimDX Group)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
stashimi (HKLM-x32\...\{9E0284FD-B627-42AC-B17A-99930793A9E5}) (Version: 12.1.9800.0 - Audials AG)
SureThing Decal Maker (HKLM-x32\...\MVApplication1) (Version:  - )
Unity Web Player (HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
UPSmart version 1.5 (HKLM-x32\...\UPSmart_is1) (Version: 1.5 - Guangdong IDBK software technology Inc)
UPSmart2000R 1.9( Build 110621 ) (HKLM-x32\...\UPSmart2000R_is1) (Version: 1.9 - )
Video Booth (HKLM-x32\...\VideoBooth) (Version: 2.8.1.8 - )
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WD Drive Utilities (HKLM-x32\...\{27c7215d-df19-4095-8f6a-eba55cab35be}) (Version: 2.0.0.25 - Western Digital Technologies, Inc.)
WD Drive Utilities (HKLM-x32\...\{F413FB4C-7CFF-4737-BCC3-5EE43BFB3721}) (Version: 2.0.0.25 - Western Digital Technologies, Inc.) Hidden
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames) (Version: 4.1.1.40 - WildTangent)
WildTangent ShortcutProvider (HKLM-x32\...\{80831F60-19D7-43B3-A60C-5CAF8C478DF6}) (Version: 1.0.0.60 - WildTangent) Hidden
Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com)
Windows 7 Games for Windows 8 and 10 (HKLM-x32\...\MicrosoftGamesForWin8) (Version: 1.1.0.10 - )
X-Rite Device Services Manager (HKLM-x32\...\{1E18A923-CDF1-4D1C-93B2-AD4CC5BD33EA}) (Version: 2.4.1 - X-Rite)
Zipware (HKLM-x32\...\{978B4C17-660C-4521-A024-0E4311DF0192}) (Version: 1.2.0 - Bazwise)
百度网盘 (HKLM-x32\...\百度云管家) (Version: 6.2.4 - 百度在线网络技术(北京)有限公司)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\ChromeHTML: ->  <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1630993411-145381888-747447847-1001_Classes\CLSID\{F692AFB9-21F4-EE57-7255-CA9A52655345}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Windows -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-15] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-15] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-15] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2009-02-03] (Igor Pavlov)
ContextMenuHandlers1-x32: [ASZipF] -> {e13d3e68-0f44-3d45-b15f-bcfd8a8b4c7e} =>  -> No File
ContextMenuHandlers1-x32: [ASZipF64] -> {e13d3e78-0f44-3d45-b15f-bcfd8a8b4c7e} =>  -> No File
ContextMenuHandlers1-x32: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1-x32-x32: [ccZipWizDll] -> {FFEAB400-3031-11D5-B653-0050BAD1A371} => C:\Program Files (x86)\CoffeeCup Software\FreeZip\cczipdll.dll [2001-04-14] (CoffeeCup Software)
ContextMenuHandlers1-x32-x32: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2018-05-03] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers1-x32-x32: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2018-12-25] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1-x32-x32: [Image Resizer] -> {51B4D7E5-7568-4234-B4BB-47FB3C016A69} => C:\Program Files\Image Resizer for Windows\ShellExtensions.dll [2018-05-26] (Open Source Developer, Brice Lambson -> Brice Lambson)
ContextMenuHandlers1-x32-x32-x32: [PicaView32] -> {68f32140-2ca3-11d0-acc1-444553540000} => C:\Program Files (x86)\PICAVI~1\PicaView.dll -> No File
ContextMenuHandlers1-x32-x32-x32: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers1-x32-x32-x32: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.3.21\NavShExt.dll [2018-12-13] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1-x32-x32-x32: [YunShellExt] -> {6D85624F-305A-491d-8848-C1927AA0D790} => C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\YunShellExt64.dll [2018-08-06] (Beijing Baidu Netcom Science and Technology Co.,Ltd -> )
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.3.21\NavShExt.dll [2018-12-13] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2009-02-03] (Igor Pavlov)
ContextMenuHandlers4-x32: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers4-x32: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-07] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers4-x32: [YunShellExt] -> {6D85624F-305A-491d-8848-C1927AA0D790} => C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\YunShellExt64.dll [2018-08-06] (Beijing Baidu Netcom Science and Technology Co.,Ltd -> )
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-30] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [ASZipF] -> {e13d3e68-0f44-3d45-b15f-bcfd8a8b4c7e} =>  -> No File
ContextMenuHandlers6: [ASZipF64] -> {e13d3e78-0f44-3d45-b15f-bcfd8a8b4c7e} =>  -> No File
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2018-05-03] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2018-12-25] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-07] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.3.21\NavShExt.dll [2018-12-13] (Symantec Corporation -> Symantec Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0AA0B89D-FC57-489F-96C8-1B2409FEE784} - System32\Tasks\GoogleUpdateTaskMachineUA1d1b3309bb50295 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {0D21BBCE-5FF6-4613-B62C-48148CA6EAA1} - \Microsoft\Windows\RAC\RacTask -> No File <==== ATTENTION
Task: {1004BC71-023A-42EE-B7E3-2266D4C30E22} - System32\Tasks\Norton Security with Backup\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.16.3.21\SymErr.exe (Symantec Corporation -> Symantec Corporation)
Task: {1274DA7F-2FBA-4D3E-A882-AF48B5656580} - \Microsoft\Windows\WindowsUpdate\AUSessionConnect -> No File <==== ATTENTION
Task: {13B5D5A4-347E-4D4E-AB1D-67C4A32EBB1F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {13D7D0D3-7FED-4971-BBE4-4AF7BD021B98} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {1448C784-DB46-403C-A11D-0E79A6CC2105} - \Microsoft\Windows\WindowsUpdate\Scheduled Start With Network -> No File <==== ATTENTION
Task: {1A4230A2-E136-4936-9B22-DDF624BB8332} - \Microsoft\Windows\IME\SQM data sender -> No File <==== ATTENTION
Task: {1C55D11E-8A76-4D12-822E-7C861E4EAFEE} - \Hotkey Utility -> No File <==== ATTENTION
Task: {1D532D68-EBDA-4AB1-A9B8-87CA793A7517} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {26713E7F-B464-4683-A4FB-10B835C96136} - \Microsoft\Windows\Customer Experience Improvement Program\Uploader -> No File <==== ATTENTION
Task: {2D578C79-C768-4973-B599-3C6085E828CF} - System32\Tasks\CareCenter\Spotify Web Helper_Reg_HKCURun_S-1-5-21-1630993411-145381888-747447847-1001 => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe (Spotify AB -> Spotify Ltd)
Task: {2F1171C8-8F99-40CC-85F0-6C02351FE0A6} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {32DD3A34-10B3-4BBF-A519-BEB19B897897} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {3500B893-3C7E-4252-9CD6-F225D8995FCF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - \Microsoft\Windows\Workplace Join\Automatic-Workplace-Join -> No File <==== ATTENTION
Task: {370F6C50-64B5-428F-A436-57E4DD545668} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3A27DA1C-9502-425F-85F1-5749FA57DD1B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3A961E74-2BF9-45F3-9E92-026C423F7D5F} - \Remediation\AntimalwareMigrationTask -> No File <==== ATTENTION
Task: {3E2EDD5F-A40C-4301-975D-B0EB9CA9878D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {42F19B06-23B5-4258-97F9-B82DE655E4B4} - System32\Tasks\Abelssoft\Abelssoft Abelssoft File Organizer_117 => C:\Program Files (x86)\Abelssoft File Organizer\AbLauncher.exe
Task: {43D3296B-AFF6-4CEA-8929-E06F9706C0E7} - System32\Tasks\Norton Security with Backup\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.16.3.21\SymErr.exe (Symantec Corporation -> Symantec Corporation)
Task: {462F4A96-D696-4D76-BF02-12C975E6FA0A} - \Microsoft\Windows\WindowsUpdate\AUFirmwareInstall -> No File <==== ATTENTION
Task: {4733B00B-CD56-4474-A8DE-87A80D8827A1} - System32\Tasks\Norton Security with Backup\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.16.3.21\SymErr.exe (Symantec Corporation -> Symantec Corporation)
Task: {4B03C7D4-4B11-44CA-A80A-B5B346229A13} - System32\Tasks\{6C49A8F2-4C8C-449C-BBB9-6F0A12CEE1BC} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Rick\Desktop\Navy\New folder\freezip.exe" -d "C:\Users\Rick\Desktop\Navy\New folder"
Task: {4FC8428F-A07A-49DE-9BEC-2A26C04F5344} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {51BB7444-0E84-4A99-82D0-B4AC2B2C19EC} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_Plugin.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {54B7604B-B5C0-4B3E-9BDD-295C48DDE9CA} - \Norton WSC Integration -> No File <==== ATTENTION
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - \Microsoft\Windows\Customer Experience Improvement Program\BthSQM -> No File <==== ATTENTION
Task: {5BE3E582-4091-410F-8E3D-677FD34DE55D} - \ALUAgent -> No File <==== ATTENTION
Task: {5DDA4DFC-3179-4CFB-BF12-D63DB742015B} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe (Acer Incorporated -> )
Task: {6159673D-56B7-476E-B9E4-460156BE868C} - \Microsoft\Windows\Shell\FamilySafetyUpload -> No File <==== ATTENTION
Task: {64619CE8-14F0-4C09-9997-DFCC99EC659C} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {674997DC-07F8-4B9B-B01B-5E2BBD94FD74} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe (Acer Incorporated -> Acer Incorporated)
Task: {67DDF01E-9BE3-4F75-BAF1-E7E0C253CA0E} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_pepper.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {6B389CA6-7EFA-4A08-8506-3AB5ACAF066D} - \Apple\AppleSoftwareUpdate -> No File <==== ATTENTION
Task: {6D727AAB-CD0C-46F6-B520-A3EF4CB701A9} - System32\Tasks\X-Rite Device Services Software Updater => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe (X-Rite Incorporated -> X-Rite Inc.)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - \Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task -> No File <==== ATTENTION
Task: {6F83278E-0757-4266-A13E-BE4996F1E4DB} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe (Nero AG -> Nero AG)
Task: {71589EBE-D442-4E36-A068-48662F695D54} - \WPD\SqmUpload_S-1-5-21-1630993411-145381888-747447847-1001 -> No File <==== ATTENTION
Task: {722CE314-92CF-4984-90E1-AC3CC69FDD81} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {729A2C47-8797-48E8-B494-6C733C3442A5} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe (Acer Incorporated -> )
Task: {7A383737-2EC7-41EF-8D24-E7E745A1D810} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {7B82CDFE-352E-4F8B-ADF4-9FCA7EA75CA1} - \Microsoft\Windows\RemovalTools\MRT_HB -> No File <==== ATTENTION
Task: {7D0B6B5E-862D-4708-9F10-00EEC5698842} - System32\Tasks\CareCenter\BCSSync_Reg_HKLMWow6432Run => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {8258A44C-AF33-4AF8-BB6E-4FB3D00F296A} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {84C002CA-5E28-4EE0-BF3C-0991CD937084} - \ALU -> No File <==== ATTENTION
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - \Microsoft\Windows\SkyDrive\Routine Maintenance Task -> No File <==== ATTENTION
Task: {891D978B-CC83-4DC0-8B35-E6BF65228EEA} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe (Acer Incorporated -> )
Task: {89892198-957D-4B61-8B9D-397905C7C660} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {92FDDE66-F4A2-4C1D-9E81-9028EE1540B2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {949C0124-8938-4990-9356-411FC7F134E9} - \BacKGroundAgent -> No File <==== ATTENTION
Task: {9B105C31-0357-42F9-BDDC-186EC8E2E656} - \Recovery Management\Notification -> No File <==== ATTENTION
Task: {9B26160C-F01F-4C19-9616-5B3CCC4E284F} - \AcerCloud -> No File <==== ATTENTION
Task: {9C8AE078-0A5D-4479-960A-4AFD6D3495B9} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {A013865A-AD81-4F74-9E3E-E25657CBFC26} - \Microsoft\Windows\WindowsUpdate\AUScheduledInstall -> No File <==== ATTENTION
Task: {A1B092F4-BB88-4842-B834-A63F5135FFF8} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\inPixio\InPixio Photo Clip 8 Demo\InPixioPhotoClip8.exe
Task: {A906909E-1638-427D-9571-0BAF4C968473} - System32\Tasks\CareCenter\ABBYY Screenshot Reader Bonus_Reg_HKCURun_S-1-5-21-1630993411-145381888-747447847-1001 => C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint\Bonus.ScreenshotReader.exe
Task: {B06FF82D-8BE6-4633-8D8D-C82D3162FB4B} - System32\Tasks\CareCenter\OneNote 2010 Screen Clipper and Launcher.lnk_FolderAppdata_S-1-5-21-1630993411-145381888-747447847-1001 => C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Task: {B59C37AA-5BDE-49D7-A3F6-2683D4B25389} - System32\Tasks\CareCenter\CanonQuickMenu_Reg_HKLMWow6432Run => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (Canon Inc. -> CANON INC.)
Task: {C4AE3C3E-C327-4689-B6FD-C11FB31AE88B} - \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler -> No File <==== ATTENTION
Task: {C4DFC916-0969-4D6A-8805-B55074477456} - \Optimize Start Menu Cache Files-S-1-5-21-1630993411-145381888-747447847-1001 -> No File <==== ATTENTION
Task: {C7F54203-607F-41C8-9FD0-B0DF4DF5B24A} - System32\Tasks\GoogleUpdateTaskMachineCore1d1b3309b3906f6 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor -> No File <==== ATTENTION
Task: {D38EC564-F96E-4085-816F-B705DF66F33C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D4621B97-A45F-4AAC-9F03-6C647A4BA2D7} - \abDocsDllLoader -> No File <==== ATTENTION
Task: {D7569C8C-3763-4460-923B-DECB9FBC73A2} - System32\Tasks\S-1-5-21-1630993411-145381888-747447847-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe (Microsoft Windows -> Microsoft Corporation)
Task: {DE3A41A4-911E-4C19-AE00-4F388118FD61} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E40ADF7D-7684-4045-B8D5-D8F1E9BA6796} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E7033540-5C8A-436C-AB80-99BC82C93CFA} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {EE99E117-6A18-404B-B6C3-2F135E2F4BDB} - \Optimize Start Menu Cache Files-S-1-5-21-1630993411-145381888-747447847-500 -> No File <==== ATTENTION
Task: {F17E0D40-D4EB-4086-B5DE-B7650AA84A4C} - System32\Tasks\CareCenter\OfficeSyncProcess_Reg_HKCURun_S-1-5-21-1630993411-145381888-747447847-1001 => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation -> Microsoft Corporation)
Task: {F89E8CF7-22D1-4BFC-8312-96F0FF6CA68A} - System32\Tasks\CareCenter\RTHDVCPL_Reg_HKLMRun => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {FF799876-C3F5-48FE-A9B3-80081BD75B37} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\X-Rite Device Services Software Updater.job => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Rick\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-04-12 10:34 - 2018-04-12 10:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-12 10:34 - 2018-04-12 10:34 - 000444416 _____ () c:\windows\system32\SSDM.dll
2016-10-02 22:04 - 2016-12-30 00:16 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-11-20 04:46 - 2018-11-20 04:46 - 004310296 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2018-04-12 10:34 - 2018-04-12 10:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-12 13:26 - 2018-11-09 13:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2014-01-07 06:48 - 2013-07-30 18:11 - 000110152 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2018-08-06 19:33 - 2018-08-06 19:33 - 000291864 _____ () C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\YunShellExt64.dll
2019-01-09 16:22 - 2019-01-01 17:42 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-10-04 16:35 - 2018-10-04 16:36 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-01-30 19:07 - 2019-01-30 19:07 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2019-01-30 19:07 - 2019-01-30 19:07 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2019-01-30 19:07 - 2019-01-30 19:07 - 011029504 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2019-01-30 19:07 - 2019-01-30 19:07 - 002923520 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\skypert.dll
2019-01-30 19:07 - 2019-01-30 19:07 - 000688128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-12-14 21:03 - 2018-12-14 21:03 - 002384384 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\Processing.NDI.Lib.UWP.x64.dll
2019-01-30 19:07 - 2019-01-30 19:07 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-08-06 19:35 - 2018-08-06 19:35 - 001127448 _____ () C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\YunDetectService.exe
2016-12-22 13:55 - 2016-08-18 07:50 - 002365920 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Smile\application\ColorMunki Smile Tray.exe
2017-10-04 14:06 - 2009-06-26 15:25 - 000356352 _____ () C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe
2019-01-02 21:28 - 2019-01-02 21:28 - 000059376 _____ () C:\Program Files\CCleaner\branding.dll
2019-02-02 19:50 - 2019-02-02 21:19 - 000481280 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2019-02-02 19:50 - 2019-02-02 21:19 - 080636416 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-12-11 05:06 - 2017-12-11 05:08 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2019-01-13 17:07 - 2019-01-13 17:08 - 000012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2019-02-02 19:50 - 2019-02-02 21:19 - 003824640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2019-02-02 19:50 - 2019-02-02 21:19 - 014225408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2019-02-02 19:50 - 2019-02-02 21:19 - 002871296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-08-31 23:26 - 2018-08-31 23:26 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-26 20:33 - 2018-07-26 20:34 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-02-02 19:50 - 2019-02-02 21:19 - 000146432 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\SKU.dll
2019-01-30 19:07 - 2019-01-30 19:07 - 000282624 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-11-06 14:56 - 2018-11-06 14:56 - 002538056 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-01-30 19:07 - 2019-01-30 19:07 - 001757696 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.dll
2018-12-17 04:41 - 2018-12-12 16:12 - 002682336 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\swiftshader\libglesv2.dll
2018-12-17 04:41 - 2018-12-12 16:12 - 000156640 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\swiftshader\libegl.dll
2015-07-13 10:33 - 2015-07-13 10:33 - 001592832 _____ () C:\Program Files (x86)\X-Rite\Devices\rm200\GoldenEye.dll
2013-06-21 14:03 - 2013-06-21 14:03 - 002633728 _____ () C:\Program Files (x86)\X-Rite\Devices\colormunki\colormunki.dll
2016-12-22 13:55 - 2016-08-19 00:16 - 044202496 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Smile\application\Prism.dll
2016-12-22 13:55 - 2016-08-19 00:16 - 000898560 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Smile\application\libxml2.dll
2016-12-22 13:55 - 2016-08-19 00:16 - 003449344 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Smile\application\CxF2_VC90MD_2.1.dll
2016-12-22 13:55 - 2016-08-19 00:16 - 000073728 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Smile\application\zlib1.dll
2017-10-04 14:06 - 2009-07-22 16:58 - 000258048 _____ () C:\Program Files (x86)\ScanWizard 5\SFRes.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:763FFD2C [268]
AlternateDataStreams: C:\ProgramData\Temp:810B9F0D [286]
AlternateDataStreams: C:\ProgramData\Temp:972E3A44 [127]
AlternateDataStreams: C:\Users\Public\Documents\Digital Film Tools:a157055e-3415-4c7f-9222-94a5d1883e57 [816]
AlternateDataStreams: C:\Users\Rick\AppData\Local\Temp:com.affinity.photo [241]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-23 00:25 - 2016-08-08 15:27 - 000000855 ____N C:\WINDOWS\system32\drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Acer\Remote Files\;C:\Program Files (x86)\Common Files\ACD Systems\EN\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1630993411-145381888-747447847-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rick\Documents\My Documents\Spare Icons\1\Photos 2\Wallpaper\BingWallpaper-2018-06-18.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
MSCONFIG\Services: ABBYY.Licensing.FineReader.Sprint.9.0 => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CCDMonitorService => 2
MSCONFIG\Services: CodeMeter.exe => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: GamesAppIntegrationService => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IJPLMSVC => 2
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: Intel® ME Service => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: L4301_Solar => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: NOBU => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: ReflectService.exe => 2
MSCONFIG\Services: Stereo Service => 2
HKLM\...\StartupApproved\StartupFolder: => "PC Clone EX.LNK"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "mylbx"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "LifeCam"
HKLM\...\StartupApproved\Run32: => "Malwarebytes Anti-Exploit"
HKLM\...\StartupApproved\Run32: => "ShaPlus Bandwidth Meter"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\Run: => "abDocsDllLoader"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\Run: => "OfficeSyncProcess"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\Run: => "ABBYY Screenshot Reader Bonus"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\Run: => "Avanquest Message"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\Run: => "5KPlayer"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\Run: => "Bonus.SSR.FR14"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\Run: => "UPSmart"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{0955A86A-2ED8-4E39-9329-0F2A2ABC8744}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe No File
FirewallRules: [{50143828-261D-4073-AE7B-F625BD9012A6}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe No File
FirewallRules: [{484F38D2-32FC-4FDC-9DC2-4DDEC02F66AA}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe No File
FirewallRules: [{7DC0C804-70DF-424D-BD87-6AD435A39C3E}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe No File
FirewallRules: [{EE5AF3DE-39B7-4032-8B82-A7DAC76C73CA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{8A6A80A5-8488-4639-AC02-0D10F3BA96E2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{2D90616E-620B-4704-9FE2-188396CD332B}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{897B1F29-60CF-4AFC-BA04-3BE54DA11E35}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FAE71AF6-7F25-4423-B1CA-E5D4C25A24BE}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{61F70EAE-A460-45BD-AC7D-542ED2A34FE7}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B1B8424F-3F40-4F51-AAE7-B0433B25D790}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{4C4AC1DC-3879-41DD-8E1A-9C8709745E01}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{E006BC02-43B3-41A1-BA28-2D78FAC1E58C}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe (Acer Incorporated -> acer)
FirewallRules: [{AC8334EF-1EBF-46D6-942D-E6645FDF3A02}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe (Acer Incorporated -> acer)
FirewallRules: [{6F2575DD-8B74-452A-A869-F3220637BA29}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{AA1F52B4-5D29-4263-983C-F171A36DD445}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{59A244B5-FD13-4CE9-B7BB-434E9B1CCB5C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{D0C095EF-62FB-4836-AF9E-09BBCCEDD3B1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{15937FE9-6B7C-4F06-A3AA-09E4142B19F6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{BC6340C9-1AAA-4B4A-884F-33EE6946AD08}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{710A0316-D030-4762-A753-884D9F048C01}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{0A791055-516F-4ABF-9CC0-7C60F8E04AE3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{7F9D5A5D-3277-4778-8DB6-43DE68F0F1F9}] => (Allow) C:\Program Files (x86)\stashimi\stashimi 12\Audials.exe (Audials AG -> Audials AG)
FirewallRules: [{3FCCCE94-DC9B-4961-990D-F763B5CDF777}] => (Allow) LPort=12972
FirewallRules: [{A5D845CB-23BA-4445-A24C-FE60495D37E4}] => (Allow) LPort=14714
FirewallRules: [{8007E4CA-A8D1-4C1F-9DEF-791B533C01DD}] => (Allow) LPort=31931
FirewallRules: [{49A38E7F-03A1-41A9-A70D-136BE1A71605}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe (Nero AG -> Nero AG)
FirewallRules: [{C9CC69B5-59D1-4B62-96C1-F3C853B80215}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe (Nero AG -> Nero AG)
FirewallRules: [{07755194-8ABB-4D57-8FE9-F2D7E9E1CE0C}] => (Allow) C:\Program Files (x86)\Nero\Nero 2015\Nero Burning ROM\StartNBR.exe (Nero AG -> Nero AG)
FirewallRules: [{3753B8A7-C901-420F-B35E-E695CFA30C26}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe (Nero AG -> Nero AG)
FirewallRules: [{C61BECE5-79BF-4348-A2BC-E705831F4572}] => (Allow) C:\Program Files (x86)\Nero\Nero 2015\Nero Burning ROM\nero.exe (Nero AG -> Nero AG)
FirewallRules: [{4AAF9233-4763-4545-9569-3A432271E7DE}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (Acer Incorporated -> Acer Cloud Technology)
FirewallRules: [{6D3F7FC8-EAB4-47B8-B745-80245527CD1D}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (Acer Incorporated -> Acer Cloud Technology)
FirewallRules: [{09FF3557-254C-4CA3-8034-4F22E5DEFF4E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FED014A0-63EE-45F5-8B26-CD012D2DDCA2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{52A5CACB-9FCD-4682-92EB-655F401BE9AA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{6B512EC7-1C9A-4DD0-B90B-F3260D3426ED}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{11764031-4EC4-46FD-BF07-045402D5F92D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{1033ED95-03C5-49BE-AED3-8A0CACCA4B07}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{E6B331CE-C73A-4EF3-8F2D-4E023D1C4A1F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{F5BB788E-DF73-4CCF-A918-C717FFBEFB6C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{32469169-AA4A-45EB-ACB1-CE527B05773B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{38363DE5-0DF2-4D82-91E0-FA87882BB990}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{BFA0A2B0-62A9-40BA-B6EB-36ED5C0698EF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3503228D-7DAD-4A19-8D18-181F6D555EB2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{33E3A89D-8087-4EE4-B24A-8A9AD592F383}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0EEFCB46-7766-49B8-8658-0795DC9BFDF2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CB345A0B-5CFD-4DA3-8DF8-533AF5BBCAC2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BD99BF21-82FD-4F96-8C8E-9C395773199D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{32DA455E-E9CB-46B6-A5BA-4D85A2D09E33}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
FirewallRules: [{BF17EB2F-6735-44B1-B7B8-DF2AF8D34021}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
FirewallRules: [{E25F5355-6388-4598-B2A9-B2C64F9CFE62}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
FirewallRules: [{20E6D3A9-4BD0-40A4-9A38-2C32477831DA}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
FirewallRules: [{2F288AEC-36A5-410F-845A-FDBC12DB8DE1}] => (Allow) LPort=5454
FirewallRules: [{81821348-98D7-44C8-BA48-72A6A06ED2EA}] => (Allow) LPort=5454
FirewallRules: [{A4A4AE44-7EC8-455B-A560-BD6C2CB6DA66}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2018\on1sandbox.exe No File
FirewallRules: [{51D22DDC-5C82-4E23-8274-257254BF729E}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2018\on1sandbox.exe No File
FirewallRules: [{35F70A29-BE37-4140-977B-FA4726385DF0}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2018\on1capture.exe No File
FirewallRules: [{63EFCE3B-EFFE-4686-BD84-4E8318A16A87}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2018\on1capture.exe No File
FirewallRules: [{1051BA62-C267-4506-8C21-30088E14074C}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2018\on1 photo raw 2018.exe No File
FirewallRules: [{F614331A-D0D5-4542-B9A9-DA557EE0D6C6}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2018\on1 photo raw 2018.exe No File
FirewallRules: [{F0295F0F-85D4-4554-B3AF-893FB77414B1}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [{8A1B1CB5-E93D-4CE5-BD55-93384AAD9EF1}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [TCP Query User{68FD5875-AB16-4B73-866E-0FDAA21B88F4}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe (Digiarty, Inc. -> DearMob)
FirewallRules: [UDP Query User{F5A1BA6C-C456-4E11-9357-B01CF09840BC}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe (Digiarty, Inc. -> DearMob)
FirewallRules: [{306B9756-D585-4046-85CB-5779A0470EC4}] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe (Digiarty, Inc. -> DearMob)
FirewallRules: [{A710A770-E3F8-422A-87D7-2BADDBB83176}] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe (Digiarty, Inc. -> DearMob)
FirewallRules: [TCP Query User{E0311600-CFE6-4EE0-9FE4-5F080D548139}C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe] => (Block) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe No File
FirewallRules: [UDP Query User{7372B4B5-E4B1-40DF-AAAB-591E3BED6389}C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe] => (Block) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe No File
FirewallRules: [{12C793FA-308C-483E-A837-D55A23A9B9E0}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{C74F49EA-15F3-4ACA-8D9D-E1F65FF23CE5}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{7DC66632-EE26-4ACB-BF46-A41F6ED806C2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DBC7321D-2567-4F07-BBDF-C0EED41F366B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{598BCAC5-24BA-4A8F-B292-723951BB6926}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
 
==================== Restore Points =========================
 
11-02-2019 12:58:33 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/10/2019 09:59:12 PM) (Source: ESENT) (EventID: 455) (User: )
Description: SettingSyncHost (9544,R,98) {1F735C0B-7CE3-4BB7-9751-89F984CF42EA}: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\Rick\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\edb00063.log.
 
Error: (02/10/2019 05:25:46 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: Event-ID 3
 
Error: (02/10/2019 05:25:46 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: Event-ID 3
 
Error: (02/10/2019 05:25:46 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: Event-ID 3
 
Error: (02/10/2019 05:25:46 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: Event-ID 3
 
Error: (02/10/2019 05:25:46 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: Event-ID 3
 
Error: (02/10/2019 05:25:46 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: Event-ID 3
 
Error: (02/10/2019 05:25:46 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: Event-ID 3
 
 
System errors:
=============
Error: (02/11/2019 01:24:47 PM) (Source: DCOM) (EventID: 10016) (User: HALPC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user HalPC\Rick SID (S-1-5-21-1630993411-145381888-747447847-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/11/2019 12:45:49 PM) (Source: DCOM) (EventID: 10016) (User: HALPC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user HalPC\Rick SID (S-1-5-21-1630993411-145381888-747447847-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/11/2019 12:45:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/11/2019 12:45:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/11/2019 02:52:37 AM) (Source: DCOM) (EventID: 10016) (User: HALPC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user HalPC\Rick SID (S-1-5-21-1630993411-145381888-747447847-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/11/2019 02:52:30 AM) (Source: DCOM) (EventID: 10016) (User: HALPC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user HalPC\Rick SID (S-1-5-21-1630993411-145381888-747447847-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/11/2019 12:25:16 AM) (Source: Disk) (EventID: 154) (User: )
Description: The IO operation at logical block address 0x6f97e040 for Disk 2 (PDO name: \Device\000000c5) failed due to a hardware error.
 
Error: (02/11/2019 12:25:13 AM) (Source: Disk) (EventID: 154) (User: )
Description: The IO operation at logical block address 0x6f97e040 for Disk 2 (PDO name: \Device\000000c5) failed due to a hardware error.
 
 
CodeIntegrity:
===================================
 
Date: 2019-01-23 05:22:38.485
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Acer\shellext\x64\shellext_win.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-01-23 05:22:38.458
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Acer\shellext\x64\shellext_win.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-01-23 05:22:38.432
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Acer\shellext\x64\shellext_win.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-01-23 05:22:38.405
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.16.3.21\BuShell.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-01-23 05:22:38.392
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.16.3.21\BuShell.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-01-23 05:22:38.379
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.16.3.21\BuShell.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-01-23 05:22:38.297
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Acer\shellext\x64\shellext_win.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-01-23 05:22:38.269
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Acer\shellext\x64\shellext_win.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4440 CPU @ 3.10GHz
Percentage of memory in use: 48%
Total physical RAM: 8125.09 MB
Available physical RAM: 4154.83 MB
Total Virtual: 16317.09 MB
Available Virtual: 11587.66 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:457.31 GB) (Free:388.08 GB) NTFS
Drive d: (DATA) (Fixed) (Total:457.31 GB) (Free:457.12 GB) NTFS
 
\\?\Volume{b096842d-7d80-4c4a-8eb4-e5827b8055db}\ (Recovery) (Fixed) (Total:0.39 GB) (Free:0.15 GB) NTFS
\\?\Volume{f6bcedad-eb04-46fa-b9ae-76917f8a3f45}\ (Push Button Reset) (Fixed) (Total:16.08 GB) (Free:1.17 GB) NTFS
\\?\Volume{dab56a16-f60a-48f0-ab2f-c837a014a40d}\ (ESP) (Fixed) (Total:0.29 GB) (Free:0.24 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 3456572E)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
Regards

  • 0

#4
Joeicam

Joeicam

    Malware Removal

  • Malware Removal
  • 1,282 posts

Thanks for providing those logs! I will take a look at them when I get back home from work today :).

 

Hi Joeicam

Call me Joe :)

 

There may be a slight delay in my replies as well because I live in Australia.

No problem at all, I will keep that in mind as we continue. 

 

So to work: I downloaded FRST64 but I had to switch off the Anti-virus program first to get it to run.

 

Please ensure that you have turned your antivirus program back on :). We may have to deactivate/reactiviate it each time we use FRST.

 

 


  • 0

#5
Joeicam

Joeicam

    Malware Removal

  • Malware Removal
  • 1,282 posts
Hi Rickles,
 
***Multiple Antivirus Warning***
I do not recommend that you have more than one anti-virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti-virus software tells you that your PC has a virus when it actually doesn't. 
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
 
The particular antivirus programs that you have installed consist of:
  • Windows Defender
  • Norton
I see that they are both up to date, so I'm not sure which one you are currently using, but if you are paying for Norton I recommend to use that one :).
 
***Registry Cleaner Warning***
You have following Registry Cleaners installed: CCleaner
 
This kind of program can be good for your PC, but take caution with the registry cleaner portion of the application. A registry cleaner will not increase your system's speed or performance, but it can damage your Registry, which can lead to an unbootable machine.
 
Please read this article for more information.
 
 
Step 1 of 1: Uninstalling Programs
 
Please uninstall the following programs. You can do so by right-clicking the Start button > selecting Apps & Features > finding, double-clicking, and uninstalling > the programs below:
 These  include: 
  • 百度网盘 (HKLM-x32\...\百度云管家) (Version: 6.2.4 - 百度在线网络技术(北京)有限公司)
 
Note: During the uninstall process, some of these programs will attempt to scare you into keeping the program installed. However, know that these are indeed malware related. If you do not understand a certain message, please contact me about it. 
 
===============================================
 
When you reply to me, I need to see:
  • Any questions/concerns you might have, or if you were not able to complete any of the steps above
 
 

  • 0

#6
Rickles

Rickles

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 532 posts

Hi Joe,

 

I followed the instructions but I could not find 百度网盘 

 

So I searched C Drive and the result of this search:

 

See Photo 1

 

I then used Cortana and this time I got this pop up:

 

See Photo 2.

 

I pressed ok to delete it.

 

​How do I switch off Windows Defender?

 

Regards

Attached Thumbnails

  • 1.jpg
  • 2.jpg

  • 0

#7
Joeicam

Joeicam

    Malware Removal

  • Malware Removal
  • 1,282 posts
Hi Rickles,

How do I switch off Windows Defender?

It's automatically disabled in the presence of another antivirus :).
 

I followed the instructions but I could not find it

Alright, let's try option 2 by using Revo Uninstaller. Please continue with the instructions below.
 
Step 1 of 3: Download and Run Revo Uninstaller
 
Please download and install Revo Uninstaller (Freeware) from here.
  • Run Revo Uninstaller and follow the on screen prompts to install the application
  • When installed, run the program, and select the programs from the list: 百度网盘
  • Click the Uninstall icon, next the Refresh icon, and follow the prompts (System Restore Point will be created, etc.)
  • If for some reason, it says that an uninstaller could not be found, continue with the steps below. These steps will scan for leftover files and remove them from your machine.
  • When finished, leave scanning mode as Moderate, and choose Scan. This scans for leftover files. If it finds anything...
  • Delete all the highlighted Registry items by clicking "Select All" then "Delete", "Yes"
  • Click Next
  • Select all the folders and files listed by clicking "Select All" then "Delete", "Yes"
Reboot the computer when Revo is finished.
 
Step 2 of 3: Fix with FRST
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Open FRST. Please copy the entire contents of the code box below, excluding the word "Quote". (To do this highlight the contents of the box, right click on it and select copy. NOTE: It is not necessary to paste the copied text anywhere. The FRST tool is designed to work with fixes that are copied directly to the clipboard. 
  • Navigate back to FRST and click on Fix
Start::
CreateRestorePoint:
EmptyTemp:
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\ChromeHTML: ->  <==== ATTENTION
Task: {0D21BBCE-5FF6-4613-B62C-48148CA6EAA1} - \Microsoft\Windows\RAC\RacTask -> No File <==== ATTENTION
Task: {1274DA7F-2FBA-4D3E-A882-AF48B5656580} - \Microsoft\Windows\WindowsUpdate\AUSessionConnect -> No File <==== ATTENTION
Task: {13B5D5A4-347E-4D4E-AB1D-67C4A32EBB1F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {13D7D0D3-7FED-4971-BBE4-4AF7BD021B98} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {1448C784-DB46-403C-A11D-0E79A6CC2105} - \Microsoft\Windows\WindowsUpdate\Scheduled Start With Network -> No File <==== ATTENTION
Task: {1A4230A2-E136-4936-9B22-DDF624BB8332} - \Microsoft\Windows\IME\SQM data sender -> No File <==== ATTENTION
Task: {1C55D11E-8A76-4D12-822E-7C861E4EAFEE} - \Hotkey Utility -> No File <==== ATTENTION
Task: {1D532D68-EBDA-4AB1-A9B8-87CA793A7517} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {26713E7F-B464-4683-A4FB-10B835C96136} - \Microsoft\Windows\Customer Experience Improvement Program\Uploader -> No File <==== ATTENTION
Task: {3500B893-3C7E-4252-9CD6-F225D8995FCF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - \Microsoft\Windows\Workplace Join\Automatic-Workplace-Join -> No File <==== ATTENTION
Task: {370F6C50-64B5-428F-A436-57E4DD545668} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3A27DA1C-9502-425F-85F1-5749FA57DD1B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3A961E74-2BF9-45F3-9E92-026C423F7D5F} - \Remediation\AntimalwareMigrationTask -> No File <==== ATTENTION
Task: {3E2EDD5F-A40C-4301-975D-B0EB9CA9878D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {462F4A96-D696-4D76-BF02-12C975E6FA0A} - \Microsoft\Windows\WindowsUpdate\AUFirmwareInstall -> No File <==== ATTENTION
Task: {54B7604B-B5C0-4B3E-9BDD-295C48DDE9CA} - \Norton WSC Integration -> No File <==== ATTENTION
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - \Microsoft\Windows\Customer Experience Improvement Program\BthSQM -> No File <==== ATTENTION
Task: {5BE3E582-4091-410F-8E3D-677FD34DE55D} - \ALUAgent -> No File <==== ATTENTION
Task: {6159673D-56B7-476E-B9E4-460156BE868C} - \Microsoft\Windows\Shell\FamilySafetyUpload -> No File <==== ATTENTION
Task: {64619CE8-14F0-4C09-9997-DFCC99EC659C} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {6B389CA6-7EFA-4A08-8506-3AB5ACAF066D} - \Apple\AppleSoftwareUpdate -> No File <==== ATTENTION
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - \Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task -> No File <==== ATTENTION
Task: {71589EBE-D442-4E36-A068-48662F695D54} - \WPD\SqmUpload_S-1-5-21-1630993411-145381888-747447847-1001 -> No File <==== ATTENTION
Task: {722CE314-92CF-4984-90E1-AC3CC69FDD81} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7B82CDFE-352E-4F8B-ADF4-9FCA7EA75CA1} - \Microsoft\Windows\RemovalTools\MRT_HB -> No File <==== ATTENTION
Task: {84C002CA-5E28-4EE0-BF3C-0991CD937084} - \ALU -> No File <==== ATTENTION
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - \Microsoft\Windows\SkyDrive\Routine Maintenance Task -> No File <==== ATTENTION
Task: {89892198-957D-4B61-8B9D-397905C7C660} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {92FDDE66-F4A2-4C1D-9E81-9028EE1540B2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {949C0124-8938-4990-9356-411FC7F134E9} - \BacKGroundAgent -> No File <==== ATTENTION
Task: {9B105C31-0357-42F9-BDDC-186EC8E2E656} - \Recovery Management\Notification -> No File <==== ATTENTION
Task: {9B26160C-F01F-4C19-9616-5B3CCC4E284F} - \AcerCloud -> No File <==== ATTENTION
Task: {9C8AE078-0A5D-4479-960A-4AFD6D3495B9} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {A013865A-AD81-4F74-9E3E-E25657CBFC26} - \Microsoft\Windows\WindowsUpdate\AUScheduledInstall -> No File <==== ATTENTION
Task: {C4AE3C3E-C327-4689-B6FD-C11FB31AE88B} - \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler -> No File <==== ATTENTION
Task: {C4DFC916-0969-4D6A-8805-B55074477456} - \Optimize Start Menu Cache Files-S-1-5-21-1630993411-145381888-747447847-1001 -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor -> No File <==== ATTENTION
Task: {D38EC564-F96E-4085-816F-B705DF66F33C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D4621B97-A45F-4AAC-9F03-6C647A4BA2D7} - \abDocsDllLoader -> No File <==== ATTENTION
Task: {DE3A41A4-911E-4C19-AE00-4F388118FD61} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E40ADF7D-7684-4045-B8D5-D8F1E9BA6796} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E7033540-5C8A-436C-AB80-99BC82C93CFA} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {EE99E117-6A18-404B-B6C3-2F135E2F4BDB} - \Optimize Start Menu Cache Files-S-1-5-21-1630993411-145381888-747447847-500 -> No File <==== ATTENTION
Task: {FF799876-C3F5-48FE-A9B3-80081BD75B37} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:763FFD2C [268]
AlternateDataStreams: C:\ProgramData\Temp:810B9F0D [286]
AlternateDataStreams: C:\ProgramData\Temp:972E3A44 [127]
AlternateDataStreams: C:\Users\Public\Documents\Digital Film Tools:a157055e-3415-4c7f-9222-94a5d1883e57 [816]
AlternateDataStreams: C:\Users\Rick\AppData\Local\Temp:com.affinity.photo [241]
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\MountPoints2: {07374292-edfb-11e3-825e-40f02f1b2390} - "G:\HPLauncher.exe" 
End::

 

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
Step 3 of 3:Re-Scan with FRST
  • Right-click the FRST application and select run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce logs called FRST.txt and Addition.txt in the same directory the tool is run from.
  • Please copy and paste the logs back here.
===============================================
 
When you reply to me, I need to see:
  • Any questions/concerns you might have, or if you were not able to complete any of the steps above
  • If you were able to remove the Chinese program using Revo Uninstaller
  • The copied and pasted results of the Fixlist.txt log
  • The copied and pasted results of the FRST.txt and Addition.txt log files
 
 

  • 0

#8
Rickles

Rickles

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 532 posts

Hi Joe,

 

I followed the instructions as instructed and had no problems or pop ups that were not in the text and rebooted when asked to.

 

Logs requested:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 13.02.2019
Ran by Rick (14-02-2019 14:16:37) Run:1
Running from C:\Users\Rick\Desktop\Downloads\Geeks 11 01 19
Loaded Profiles: Rick (Available Profiles: Rick & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\ChromeHTML: ->  <==== ATTENTION
Task: {0D21BBCE-5FF6-4613-B62C-48148CA6EAA1} - \Microsoft\Windows\RAC\RacTask -> No File <==== ATTENTION
Task: {1274DA7F-2FBA-4D3E-A882-AF48B5656580} - \Microsoft\Windows\WindowsUpdate\AUSessionConnect -> No File <==== ATTENTION
Task: {13B5D5A4-347E-4D4E-AB1D-67C4A32EBB1F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {13D7D0D3-7FED-4971-BBE4-4AF7BD021B98} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {1448C784-DB46-403C-A11D-0E79A6CC2105} - \Microsoft\Windows\WindowsUpdate\Scheduled Start With Network -> No File <==== ATTENTION
Task: {1A4230A2-E136-4936-9B22-DDF624BB8332} - \Microsoft\Windows\IME\SQM data sender -> No File <==== ATTENTION
Task: {1C55D11E-8A76-4D12-822E-7C861E4EAFEE} - \Hotkey Utility -> No File <==== ATTENTION
Task: {1D532D68-EBDA-4AB1-A9B8-87CA793A7517} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {26713E7F-B464-4683-A4FB-10B835C96136} - \Microsoft\Windows\Customer Experience Improvement Program\Uploader -> No File <==== ATTENTION
Task: {3500B893-3C7E-4252-9CD6-F225D8995FCF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - \Microsoft\Windows\Workplace Join\Automatic-Workplace-Join -> No File <==== ATTENTION
Task: {370F6C50-64B5-428F-A436-57E4DD545668} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3A27DA1C-9502-425F-85F1-5749FA57DD1B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3A961E74-2BF9-45F3-9E92-026C423F7D5F} - \Remediation\AntimalwareMigrationTask -> No File <==== ATTENTION
Task: {3E2EDD5F-A40C-4301-975D-B0EB9CA9878D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {462F4A96-D696-4D76-BF02-12C975E6FA0A} - \Microsoft\Windows\WindowsUpdate\AUFirmwareInstall -> No File <==== ATTENTION
Task: {54B7604B-B5C0-4B3E-9BDD-295C48DDE9CA} - \Norton WSC Integration -> No File <==== ATTENTION
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - \Microsoft\Windows\Customer Experience Improvement Program\BthSQM -> No File <==== ATTENTION
Task: {5BE3E582-4091-410F-8E3D-677FD34DE55D} - \ALUAgent -> No File <==== ATTENTION
Task: {6159673D-56B7-476E-B9E4-460156BE868C} - \Microsoft\Windows\Shell\FamilySafetyUpload -> No File <==== ATTENTION
Task: {64619CE8-14F0-4C09-9997-DFCC99EC659C} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {6B389CA6-7EFA-4A08-8506-3AB5ACAF066D} - \Apple\AppleSoftwareUpdate -> No File <==== ATTENTION
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - \Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task -> No File <==== ATTENTION
Task: {71589EBE-D442-4E36-A068-48662F695D54} - \WPD\SqmUpload_S-1-5-21-1630993411-145381888-747447847-1001 -> No File <==== ATTENTION
Task: {722CE314-92CF-4984-90E1-AC3CC69FDD81} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7B82CDFE-352E-4F8B-ADF4-9FCA7EA75CA1} - \Microsoft\Windows\RemovalTools\MRT_HB -> No File <==== ATTENTION
Task: {84C002CA-5E28-4EE0-BF3C-0991CD937084} - \ALU -> No File <==== ATTENTION
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - \Microsoft\Windows\SkyDrive\Routine Maintenance Task -> No File <==== ATTENTION
Task: {89892198-957D-4B61-8B9D-397905C7C660} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {92FDDE66-F4A2-4C1D-9E81-9028EE1540B2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {949C0124-8938-4990-9356-411FC7F134E9} - \BacKGroundAgent -> No File <==== ATTENTION
Task: {9B105C31-0357-42F9-BDDC-186EC8E2E656} - \Recovery Management\Notification -> No File <==== ATTENTION
Task: {9B26160C-F01F-4C19-9616-5B3CCC4E284F} - \AcerCloud -> No File <==== ATTENTION
Task: {9C8AE078-0A5D-4479-960A-4AFD6D3495B9} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {A013865A-AD81-4F74-9E3E-E25657CBFC26} - \Microsoft\Windows\WindowsUpdate\AUScheduledInstall -> No File <==== ATTENTION
Task: {C4AE3C3E-C327-4689-B6FD-C11FB31AE88B} - \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler -> No File <==== ATTENTION
Task: {C4DFC916-0969-4D6A-8805-B55074477456} - \Optimize Start Menu Cache Files-S-1-5-21-1630993411-145381888-747447847-1001 -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor -> No File <==== ATTENTION
Task: {D38EC564-F96E-4085-816F-B705DF66F33C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D4621B97-A45F-4AAC-9F03-6C647A4BA2D7} - \abDocsDllLoader -> No File <==== ATTENTION
Task: {DE3A41A4-911E-4C19-AE00-4F388118FD61} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E40ADF7D-7684-4045-B8D5-D8F1E9BA6796} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E7033540-5C8A-436C-AB80-99BC82C93CFA} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {EE99E117-6A18-404B-B6C3-2F135E2F4BDB} - \Optimize Start Menu Cache Files-S-1-5-21-1630993411-145381888-747447847-500 -> No File <==== ATTENTION
Task: {FF799876-C3F5-48FE-A9B3-80081BD75B37} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:763FFD2C [268]
AlternateDataStreams: C:\ProgramData\Temp:810B9F0D [286]
AlternateDataStreams: C:\ProgramData\Temp:972E3A44 [127]
AlternateDataStreams: C:\Users\Public\Documents\Digital Film Tools:a157055e-3415-4c7f-9222-94a5d1883e57 [816]
AlternateDataStreams: C:\Users\Rick\AppData\Local\Temp:com.affinity.photo [241]
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\MountPoints2: {07374292-edfb-11e3-825e-40f02f1b2390} - "G:\HPLauncher.exe" 
 
*****************
 
Restore point was successfully created.
HKU\S-1-5-21-1630993411-145381888-747447847-1001_Classes\ChromeHTML => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{0D21BBCE-5FF6-4613-B62C-48148CA6EAA1} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D21BBCE-5FF6-4613-B62C-48148CA6EAA1} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RAC\RacTask => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1274DA7F-2FBA-4D3E-A882-AF48B5656580} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1274DA7F-2FBA-4D3E-A882-AF48B5656580} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsUpdate\AUSessionConnect => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{13B5D5A4-347E-4D4E-AB1D-67C4A32EBB1F} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13B5D5A4-347E-4D4E-AB1D-67C4A32EBB1F} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{13D7D0D3-7FED-4971-BBE4-4AF7BD021B98} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13D7D0D3-7FED-4971-BBE4-4AF7BD021B98} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1448C784-DB46-403C-A11D-0E79A6CC2105} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1448C784-DB46-403C-A11D-0E79A6CC2105} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1A4230A2-E136-4936-9B22-DDF624BB8332} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A4230A2-E136-4936-9B22-DDF624BB8332} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\IME\SQM data sender => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1C55D11E-8A76-4D12-822E-7C861E4EAFEE} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C55D11E-8A76-4D12-822E-7C861E4EAFEE} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hotkey Utility => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D532D68-EBDA-4AB1-A9B8-87CA793A7517}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D532D68-EBDA-4AB1-A9B8-87CA793A7517}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{26713E7F-B464-4683-A4FB-10B835C96136} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26713E7F-B464-4683-A4FB-10B835C96136} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\Uploader => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3500B893-3C7E-4252-9CD6-F225D8995FCF} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3500B893-3C7E-4252-9CD6-F225D8995FCF} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{352E6CA0-7314-4DF4-89C4-682368D80D57} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{352E6CA0-7314-4DF4-89C4-682368D80D57} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{370F6C50-64B5-428F-A436-57E4DD545668} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{370F6C50-64B5-428F-A436-57E4DD545668} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3A27DA1C-9502-425F-85F1-5749FA57DD1B} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A27DA1C-9502-425F-85F1-5749FA57DD1B} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3A961E74-2BF9-45F3-9E92-026C423F7D5F} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A961E74-2BF9-45F3-9E92-026C423F7D5F} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Remediation\AntimalwareMigrationTask => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E2EDD5F-A40C-4301-975D-B0EB9CA9878D} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E2EDD5F-A40C-4301-975D-B0EB9CA9878D} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{462F4A96-D696-4D76-BF02-12C975E6FA0A} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{462F4A96-D696-4D76-BF02-12C975E6FA0A} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54B7604B-B5C0-4B3E-9BDD-295C48DDE9CA} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54B7604B-B5C0-4B3E-9BDD-295C48DDE9CA} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton WSC Integration => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A3FB241-0B11-4EA5-BC66-0D9F1B406040} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A3FB241-0B11-4EA5-BC66-0D9F1B406040} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5BE3E582-4091-410F-8E3D-677FD34DE55D} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BE3E582-4091-410F-8E3D-677FD34DE55D} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ALUAgent => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6159673D-56B7-476E-B9E4-460156BE868C} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6159673D-56B7-476E-B9E4-460156BE868C} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\FamilySafetyUpload => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{64619CE8-14F0-4C09-9997-DFCC99EC659C} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64619CE8-14F0-4C09-9997-DFCC99EC659C} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B389CA6-7EFA-4A08-8506-3AB5ACAF066D} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B389CA6-7EFA-4A08-8506-3AB5ACAF066D} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6DFCB649-0769-4F83-BB10-F60F235F6D3D} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DFCB649-0769-4F83-BB10-F60F235F6D3D} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71589EBE-D442-4E36-A068-48662F695D54} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71589EBE-D442-4E36-A068-48662F695D54} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1630993411-145381888-747447847-1001 => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{722CE314-92CF-4984-90E1-AC3CC69FDD81} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{722CE314-92CF-4984-90E1-AC3CC69FDD81} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B82CDFE-352E-4F8B-ADF4-9FCA7EA75CA1} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B82CDFE-352E-4F8B-ADF4-9FCA7EA75CA1} => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RemovalTools\MRT_HB" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{84C002CA-5E28-4EE0-BF3C-0991CD937084} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84C002CA-5E28-4EE0-BF3C-0991CD937084} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ALU => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{872D0E53-FD2E-41E3-B431-698AF82882CE} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{872D0E53-FD2E-41E3-B431-698AF82882CE} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SkyDrive\Routine Maintenance Task => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89892198-957D-4B61-8B9D-397905C7C660} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89892198-957D-4B61-8B9D-397905C7C660} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92FDDE66-F4A2-4C1D-9E81-9028EE1540B2} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92FDDE66-F4A2-4C1D-9E81-9028EE1540B2} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{949C0124-8938-4990-9356-411FC7F134E9} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{949C0124-8938-4990-9356-411FC7F134E9} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BacKGroundAgent => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9B105C31-0357-42F9-BDDC-186EC8E2E656} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B105C31-0357-42F9-BDDC-186EC8E2E656} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Recovery Management\Notification => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9B26160C-F01F-4C19-9616-5B3CCC4E284F} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B26160C-F01F-4C19-9616-5B3CCC4E284F} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AcerCloud => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C8AE078-0A5D-4479-960A-4AFD6D3495B9} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C8AE078-0A5D-4479-960A-4AFD6D3495B9} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A013865A-AD81-4F74-9E3E-E25657CBFC26} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A013865A-AD81-4F74-9E3E-E25657CBFC26} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsUpdate\AUScheduledInstall => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{C4AE3C3E-C327-4689-B6FD-C11FB31AE88B} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4AE3C3E-C327-4689-B6FD-C11FB31AE88B} => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4DFC916-0969-4D6A-8805-B55074477456} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4DFC916-0969-4D6A-8805-B55074477456} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-1630993411-145381888-747447847-1001 => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE2DE968-E342-40D7-9566-427D45E4A886} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE2DE968-E342-40D7-9566-427D45E4A886} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D38EC564-F96E-4085-816F-B705DF66F33C} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D38EC564-F96E-4085-816F-B705DF66F33C} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D4621B97-A45F-4AAC-9F03-6C647A4BA2D7} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4621B97-A45F-4AAC-9F03-6C647A4BA2D7} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\abDocsDllLoader => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DE3A41A4-911E-4C19-AE00-4F388118FD61} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE3A41A4-911E-4C19-AE00-4F388118FD61} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E40ADF7D-7684-4045-B8D5-D8F1E9BA6796} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E40ADF7D-7684-4045-B8D5-D8F1E9BA6796} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E7033540-5C8A-436C-AB80-99BC82C93CFA} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7033540-5C8A-436C-AB80-99BC82C93CFA} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE99E117-6A18-404B-B6C3-2F135E2F4BDB} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE99E117-6A18-404B-B6C3-2F135E2F4BDB} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-1630993411-145381888-747447847-500 => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF799876-C3F5-48FE-A9B3-80081BD75B37} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF799876-C3F5-48FE-A9B3-80081BD75B37} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => removed successfully
C:\ProgramData\Temp => ":763FFD2C" ADS removed successfully
C:\ProgramData\Temp => ":810B9F0D" ADS removed successfully
C:\ProgramData\Temp => ":972E3A44" ADS removed successfully
C:\Users\Public\Documents\Digital Film Tools => ":a157055e-3415-4c7f-9222-94a5d1883e57" ADS removed successfully
C:\Users\Rick\AppData\Local\Temp => ":com.affinity.photo" ADS removed successfully
HKU\S-1-5-21-1630993411-145381888-747447847-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07374292-edfb-11e3-825e-40f02f1b2390} => removed successfully
HKLM\Software\Classes\CLSID\{07374292-edfb-11e3-825e-40f02f1b2390} => not found
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 925861078 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 544301 B
Edge => 242760 B
Chrome => 2373304 B
Firefox => 230914 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
Rick => 10974889 B
Administrator => 12245 B
 
RecycleBin => 15023 B
EmptyTemp: => 907 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 14:17:22 ====
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13.02.2019
Ran by Rick (administrator) on HALPC (14-02-2019 14:26:18)
Running from C:\Users\Rick\Desktop\Downloads\Geeks 11 01 19
Loaded Profiles: Rick (Available Profiles: Rick & Administrator)
Platform: Windows 10 Home Version 1803 17134.590 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.3.21\NortonSecurity.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.3.21\nsWscSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Secure VPN\client\NSVService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.3.21\NortonSecurity.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\YunDetectService.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files (x86)\X-Rite\ColorMunki Smile\application\ColorMunki Smile Tray.exe
() C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\Creator\FoxitProxyServer_Socket_RD.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-21] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [mylbx] => C:\Program Files\My Lockbox\mylbx.exe [2143552 2012-03-21] (FSPro Labs -> FSPro Labs)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [2309008 2017-09-19] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [UPSmart2000R] => C:\Program Files (x86)\UPSmart2000R\UPSmart2000R.exe [1721856 2011-06-21] () [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Winlogon: [Userinit] C:\WINDOWS\system32\userinit.exe, [27136 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [1769312 2015-11-23] (Acer Incorporated -> )
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1104384 2014-01-07] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [Avanquest Message] => C:\Users\Rick\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497640 2017-02-20] (AVANQUEST S.A. -> Avanquest Software)
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [5KPlayer] => C:\Program Files (x86)\DearMob\5KPlayer\5KPlayer.exe [29318088 2018-06-20] (Digiarty, Inc. -> DearMob)
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [Bonus.SSR.FR14] => "C:\Program Files (x86)\ABBYY FineReader 14\ScreenshotReader.exe" /autorun
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [BaiduYunGuanjia] => "C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\BaiduNetdisk.exe" AutoRun
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [BaiduYunDetect] => C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\YunDetectService.exe [1127448 2018-08-06] (Beijing Baidu Netcom Science and Technology Co.,Ltd -> )
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [SurfEasy] => C:\Program Files (x86)\Norton WiFi Privacy\client\Norton WiFi Privacy.exe startup
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [Deskpecker] => C:\Program Files (x86)\Zamaan's Software\Deskpecker 1.0\deskpecker.exe
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Run: [UPSmart] => C:\Program Files (x86)\IDBK\UPSmart\UPSmart.exe [4472320 2015-04-10] ()
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1587680 2018-12-12] (Google Inc -> Google Inc.)
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-1630993411-145381888-747447847-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\DOLPHI~1.SCR [275931 2005-05-16] ()
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [175392 2012-10-26] (Logitech Inc.)
HKLM\...\Drivers32: [vidc.rscc] => C:\Windows\system32\rscc.dll [836096 2013-02-21] (RSUPPORT)
HKLM\...\Drivers32: [MSVideo] => C:\Windows\system32\vfwwdm32.dll [67072 2018-04-12] (Microsoft Corporation)
HKLM\...\Drivers32-x32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech Inc.)
HKLM\...\Drivers32-x32: [vidc.MPG4] => C:\Windows\SysWOW64\MPG4C32.dll [413760 2010-03-15] (Microsoft Corporation)
HKLM\...\Drivers32-x32: [vidc.MP42] => C:\Windows\SysWOW64\MPG4C32.dll [413760 2010-03-15] (Microsoft Corporation)
HKLM\...\Drivers32-x32: [vidc.MP43] => C:\Windows\SysWOW64\MPG4C32.dll [413760 2010-03-15] (Microsoft Corporation)
HKLM\...\Drivers32-x32: [vidc.rscc] => C:\Windows\SysWOW64\rscc.dll [671744 2013-02-21] (RSUPPORT)
HKLM\...\Drivers32-x32: [vidc.n264] => C:\Windows\SysWOW64\n264.dll [12888576 2014-10-20] (RSUPPORT)
HKLM\...\Drivers32-x32: [vidc.mp4v] => C:\Windows\SysWOW64\n264.dll [12888576 2014-10-20] (RSUPPORT)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-17] (Google Inc -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2013-09-25] (Qualcomm Atheros -> Qualcomm®Atheros®)
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2013-09-25] (Qualcomm Atheros -> Qualcomm®Atheros®)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ColorMunki Smile Tray.lnk [2017-02-17]
ShortcutTarget: ColorMunki Smile Tray.lnk -> C:\Program Files (x86)\X-Rite\ColorMunki Smile\application\ColorMunki Smile Tray.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Finder.lnk [2017-10-04]
ShortcutTarget: Scanner Finder.lnk -> C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe ()
Startup: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2018-07-31]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{700625b6-a397-4ec9-928e-f5e2582bcb2a}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{dc9ebe64-8951-4d4c-8f4e-7a22cf7a6f01}: [DhcpNameServer] 10.0.0.138
 
Internet Explorer:
==================
HKU\S-1-5-21-1630993411-145381888-747447847-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://au.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1630993411-145381888-747447847-1001 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=oem&geo=AU&ver=22.16.3.21&locale=en_AU&guid=F113AF33-50B6-4FC4-9B92-A61EDF325BE2&doi=2016-09-01&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-1630993411-145381888-747447847-1001 -> {2EE8CAB0-3292-4D28-A7B7-2A77AFAA1ACE} URL = 
SearchScopes: HKU\S-1-5-21-1630993411-145381888-747447847-1001 -> {6BF85770-390E-4771-8FDF-86EA5796A242} URL = hxxps://www.google.com.au/search?hl=en&q={searchTerms}&meta=cr%3DcountryAU
SearchScopes: HKU\S-1-5-21-1630993411-145381888-747447847-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=oem&geo=AU&ver=22.16.3.21&locale=en_AU&guid=F113AF33-50B6-4FC4-9B92-A61EDF325BE2&doi=2016-09-01&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-1630993411-145381888-747447847-1001 -> {C7C07245-7FB2-48A9-85DE-F1A2B330DC1D} URL = hxxps://www.google.com.au/search?hl=en&q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.)
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.16.3.21\coIEPlg.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_201\bin\ssv.dll [2019-01-19] ()
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-01-19] ()
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.16.3.21\coIEPlg.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.16.3.21\coIEPlg.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.16.3.21\coIEPlg.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
DPF: HKLM-x32 {CB927D12-4FF7-4A9E-A169-56E4B8A75598} hxxps://qtinstall.apple.com/qtactivex/qtplugin.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
 
FireFox:
========
FF DefaultProfile: zv9a8e0y.default
FF ProfilePath: C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\zv9a8e0y.default [2019-02-14]
FF Homepage: Mozilla\Firefox\Profiles\zv9a8e0y.default -> hxxps://www.google.com.au/?gws_rd=ssl|hxxps://www.google.com.au/?gws_rd=ssl|about:preferences
FF Extension: (Norton Password Manager) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\zv9a8e0y.default\Extensions\[email protected] [2019-01-05]
FF Extension: (Norton Safe Search) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\zv9a8e0y.default\Extensions\[email protected] [2018-11-22]
FF Extension: (Norton Safe Search) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\zv9a8e0y.default\Extensions\[email protected] [2018-11-22]
FF Extension: (Norton Safe Web) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\zv9a8e0y.default\Extensions\[email protected] [2019-01-05]
FF Extension: (Safe Preview) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\zv9a8e0y.default\Extensions\[email protected] [2016-06-08] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_142.dll [2019-02-13] ()
FF Plugin: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-01-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-01-19] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_142.dll [2019-02-13] ()
FF Plugin-x32: @baidu.com/YunWebDetectPlugin -> C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\npYunWebDetect.dll [No File]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2016-04-14] (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-12-27] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-12-27] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-12-27] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-12-27] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-20] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\Program Files (x86)\Common Files\Nero\BrowserPlugin\npBrowserPlugin.dll [2014-08-29] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2018-05-01] ()
FF Plugin HKU\S-1-5-21-1630993411-145381888-747447847-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Rick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-19] (Unity Technologies ApS)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxps://www.google.com.au/webhp?cr=countryAU&tbs=ctr:countryAU"
CHR NewTab: Default -> "active": false,
            "entry": "chrome-extension://mhffmephdchhhbfjmdpoaldedhhdanbn/homePageRedirect.html"
          
CHR Profile: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default [2019-02-14]
CHR Extension: (Google Slides) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-27]
CHR Extension: (Logitech Unifying for Chrome) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\agpmgihmmmfkbhckmciedmhincdggomo [2015-10-27]
CHR Extension: (Google Docs) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-27]
CHR Extension: (Google Drive) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]
CHR Extension: (YouTube) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-27]
CHR Extension: (Norton Security Toolbar) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-12-07]
CHR Extension: (Google Search) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-12-06]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2015-12-07]
CHR Extension: (Google Sheets) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (AdBlock) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-04]
CHR Extension: (Norton Identity Safe) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-12-06]
CHR Extension: (Norton Safe) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2015-10-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-27]
CHR Extension: (Norton Security Toolbar) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2015-10-27]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2015-11-16]
CHR Extension: (Gmail) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-27]
CHR Profile: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default [2019-02-14]
CHR Extension: (Slides) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Norton Password Manager) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\admmjipmmciaobhojoghlmleefbicajg [2019-02-02]
CHR Extension: (Docs) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-07]
CHR Extension: (YouTube) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-07]
CHR Extension: (Flash Player) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmimdmkleccdoghpgdhaahkelfhjfhgm [2018-10-30]
CHR Extension: (Google Search) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-07]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2016-09-26]
CHR Extension: (Norton Safe Search) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogpedgkejfmehnklhahflpmplhiceal [2018-11-16]
CHR Extension: (Sheets) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Norton Safe Web) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpbeacklnhmkkilekogeiekaglbmmka [2019-01-24]
CHR Extension: (Google Docs Offline) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-15]
CHR Extension: (AdBlock) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-02-08]
CHR Extension: (Skype) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-26]
CHR Extension: (Norton Home Page) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhffmephdchhhbfjmdpoaldedhhdanbn [2018-12-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-07]
CHR Extension: (Chrome Media Router) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-17]
CHR Profile: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-02-14]
CHR Profile: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\System Profile [2019-02-14]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.3.21\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1630993411-145381888-747447847-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.3.21\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc. -> Apple Inc.)
S4 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2860760 2016-01-14] (Acer Incorporated -> Acer Incorporated)
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] (Canon Inc. -> )
S4 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Trusted Connect Service -> Intel® Corporation)
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-20] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-20] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-31] (Logitech -> Logitech, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-01] (Symantec Corporation -> Symantec Corporation)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.16.3.21\NortonSecurity.exe [328648 2018-12-13] (Symantec Corporation -> Symantec Corporation)
R2 NortonWiFiPrivacy; C:\Program Files (x86)\Norton Secure VPN\client\NSVService.exe [6236176 2018-11-22] (Symantec Corporation -> Symantec Corporation)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.16.3.21\nsWscSvc.exe [915712 2018-12-13] (Symantec Corporation -> Symantec Corporation)
S4 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3476432 2015-10-12] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [355184 2017-09-19] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4403496 2019-01-09] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-21] (Microsoft Corporation -> Microsoft Corporation)
R2 xrdd.exe; C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe [83312 2015-09-18] (X-Rite Incorporated -> X-Rite Inc.)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 378634B9; C:\WINDOWS\System32\drivers\378634B9.sys [478392 2016-09-13] (Kaspersky Lab -> Kaspersky Lab ZAO)
R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2018-04-12] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.12.0.104\Definitions\BASHDefs\20190212.002\BHDrvx64.sys [1934048 2019-02-12] (Symantec Corporation -> Symantec Corporation)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [610336 2016-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\ccSetx64.sys [189152 2018-12-12] (Symantec Corporation -> Symantec Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515792 2018-12-05] (Symantec Corporation -> Symantec Corporation)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation -> EldoS Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153296 2018-12-07] (Symantec Corporation -> Symantec Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2019-02-07] (Malwarebytes Corporation -> Malwarebytes)
S3 EyeOneDisplay; C:\WINDOWS\System32\Drivers\i1display_x64.sys [15016 2013-01-07] (X-Rite Incorporated -> GretagMacbeth LLC)
R0 FSProFilter; C:\WINDOWS\System32\Drivers\FSPFltd.sys [54848 2010-07-22] (FSPro Labs -> FSPro Labs)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.12.0.104\Definitions\IPSDefs\20190213.061\IDSvia64.sys [1424904 2019-01-23] (Symantec Corporation -> Symantec Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-02-14] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [126624 2019-02-14] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [72536 2019-02-14] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [261032 2019-02-14] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [113016 2019-02-14] (Malwarebytes Corporation -> Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-20] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
U5 NortonSecureVPN; C:\Program Files (x86)\Norton Secure VPN\client\NSVService.exe [6236176 2018-11-22] (Symantec Corporation -> Symantec Corporation)
S3 npf; C:\WINDOWS\system32\drivers\npf.sys [35344 2018-07-17] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvaewu.inf_amd64_8baa9d083edacf87\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation -> NVIDIA Corporation)
R2 RtkIOAC60; C:\WINDOWS\system32\DRIVERS\RtkIOAC60.sys [29912 2013-07-19] (Realtek Semiconductor Corp -> Realtek semiconductor corp)
R1 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SRTSP64.SYS [855256 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SRTSPX64.SYS [49880 2018-12-12] (Symantec Corporation -> Symantec Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SYMEFASI64.SYS [1969328 2018-12-12] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SymELAM.sys [25744 2018-12-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-06-15] (Symantec Corporation -> Symantec Corporation)
S4 SymEvnt; C:\Program Files\Norton Security\NortonData\22.12.0.104\SymPlatform\SymEvnt.sys [678616 2019-02-02] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\Ironx64.SYS [308416 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\symnets.sys [567024 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R3 SymTAP; C:\WINDOWS\System32\drivers\SymTAP.sys [52512 2018-10-13] (Symantec Corporation -> The OpenVPN Project)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2018-05-05] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\wpCtrlDrv.sys [1011056 2018-12-12] (Symantec Corporation -> Symantec Corporation)
U3 aswbdisk; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-14 14:23 - 2019-02-14 14:17 - 000026825 _____ C:\Users\Rick\Desktop\Fixlog.txt
2019-02-14 14:21 - 2019-02-14 14:21 - 000003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2019-02-14 14:20 - 2019-02-14 14:20 - 000072536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-02-14 14:19 - 2019-02-14 14:19 - 000261032 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-02-14 14:19 - 2019-02-14 14:19 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-02-14 14:19 - 2019-02-14 14:19 - 000126624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-02-14 14:19 - 2019-02-14 14:19 - 000113016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-02-14 14:10 - 2019-02-14 14:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2019-02-14 14:10 - 2019-02-14 14:10 - 000000000 ____D C:\Program Files\VS Revo Group
2019-02-14 01:13 - 2019-02-14 01:13 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2019-02-13 17:42 - 2019-02-06 18:54 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-02-13 17:42 - 2019-02-06 18:32 - 003648512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-02-13 17:42 - 2019-02-06 17:52 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-02-13 17:42 - 2019-02-06 14:01 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-02-13 17:42 - 2019-02-06 14:01 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-02-13 17:42 - 2019-02-06 14:00 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-02-13 17:42 - 2019-02-06 14:00 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-02-13 17:42 - 2019-02-06 14:00 - 006572416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-13 17:42 - 2019-02-06 14:00 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-02-13 17:42 - 2019-02-06 13:52 - 022014464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-02-13 17:42 - 2019-02-06 13:45 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-02-13 17:42 - 2019-02-06 13:42 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-02-13 17:42 - 2019-02-06 13:41 - 025853952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-02-13 17:42 - 2019-02-06 13:40 - 005792256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-02-13 17:42 - 2019-02-06 13:37 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-02-13 17:42 - 2019-02-06 13:33 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-02-13 17:42 - 2019-02-06 13:29 - 004865536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-02-13 17:42 - 2019-02-06 13:26 - 007599616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-02-13 17:42 - 2019-02-06 13:24 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-02-13 17:42 - 2019-01-10 04:42 - 004716032 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-02-13 17:42 - 2019-01-10 04:41 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-02-13 17:42 - 2019-01-10 04:35 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-02-13 17:42 - 2019-01-09 20:55 - 011919872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-02-13 17:42 - 2019-01-09 16:43 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-02-13 17:42 - 2019-01-09 16:43 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-02-13 17:42 - 2019-01-09 16:43 - 002253480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-02-13 17:42 - 2019-01-09 16:42 - 001035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-02-13 17:42 - 2019-01-09 16:40 - 002765336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-02-13 17:42 - 2019-01-09 16:39 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-02-13 17:42 - 2019-01-09 16:39 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-02-13 17:42 - 2019-01-09 16:39 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-02-13 17:42 - 2019-01-09 16:33 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-02-13 17:42 - 2019-01-09 16:32 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-02-13 17:42 - 2019-01-09 16:29 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-02-13 17:42 - 2019-01-09 16:29 - 002500096 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-02-13 17:42 - 2019-01-09 16:27 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-02-13 17:42 - 2019-01-09 16:27 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-02-13 17:42 - 2019-01-09 16:26 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-02-13 17:42 - 2019-01-09 16:26 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-02-13 17:42 - 2019-01-09 16:23 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-02-13 17:41 - 2019-02-06 18:53 - 001634704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-02-13 17:41 - 2019-02-06 18:35 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-02-13 17:41 - 2019-02-06 18:30 - 004052992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-02-13 17:41 - 2019-02-06 18:30 - 001662464 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-02-13 17:41 - 2019-02-06 18:30 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-02-13 17:41 - 2019-02-06 18:11 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-02-13 17:41 - 2019-02-06 17:57 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-02-13 17:41 - 2019-02-06 17:52 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-02-13 17:41 - 2019-02-06 17:52 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-02-13 17:41 - 2019-02-06 14:01 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-02-13 17:41 - 2019-02-06 14:01 - 000720480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-02-13 17:41 - 2019-02-06 14:01 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-02-13 17:41 - 2019-02-06 14:01 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-02-13 17:41 - 2019-02-06 14:01 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-02-13 17:41 - 2019-02-06 14:01 - 000033576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-02-13 17:41 - 2019-02-06 14:00 - 002719760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-02-13 17:41 - 2019-02-06 14:00 - 002421264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-02-13 17:41 - 2019-02-06 14:00 - 001257904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-02-13 17:41 - 2019-02-06 14:00 - 001140680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-02-13 17:41 - 2019-02-06 14:00 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-02-13 17:41 - 2019-02-06 14:00 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-02-13 17:41 - 2019-02-06 14:00 - 000945680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-02-13 17:41 - 2019-02-06 14:00 - 000899728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-02-13 17:41 - 2019-02-06 14:00 - 000466960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-02-13 17:41 - 2019-02-06 14:00 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-02-13 17:41 - 2019-02-06 14:00 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-13 17:41 - 2019-02-06 14:00 - 000038792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-02-13 17:41 - 2019-02-06 13:59 - 001922064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-02-13 17:41 - 2019-02-06 13:59 - 001457248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-02-13 17:41 - 2019-02-06 13:59 - 000983128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-02-13 17:41 - 2019-02-06 13:59 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-02-13 17:41 - 2019-02-06 13:41 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-02-13 17:41 - 2019-02-06 13:40 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2019-02-13 17:41 - 2019-02-06 13:38 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-02-13 17:41 - 2019-02-06 13:38 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-02-13 17:41 - 2019-02-06 13:37 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-02-13 17:41 - 2019-02-06 13:28 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-02-13 17:41 - 2019-02-06 13:28 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2019-02-13 17:41 - 2019-02-06 13:27 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-02-13 17:41 - 2019-02-06 13:27 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-02-13 17:41 - 2019-02-06 13:27 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-02-13 17:41 - 2019-02-06 13:27 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-02-13 17:41 - 2019-02-06 13:26 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-02-13 17:41 - 2019-02-06 13:26 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-02-13 17:41 - 2019-02-06 13:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-02-13 17:41 - 2019-02-06 13:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-02-13 17:41 - 2019-02-06 13:25 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-02-13 17:41 - 2019-02-06 13:25 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-02-13 17:41 - 2019-02-06 13:24 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-02-13 17:41 - 2019-02-06 13:23 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2019-02-13 17:41 - 2019-02-06 13:22 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-02-13 17:41 - 2019-02-06 13:22 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-02-13 17:41 - 2019-02-06 13:21 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-02-13 17:41 - 2019-02-06 12:04 - 000001314 _____ C:\WINDOWS\system32\tcbres.wim
2019-02-13 17:41 - 2019-01-12 19:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-02-13 17:41 - 2019-01-12 13:28 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-13 17:41 - 2019-01-10 05:08 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-02-13 17:41 - 2019-01-10 04:57 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-02-13 17:41 - 2019-01-10 04:41 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-02-13 17:41 - 2019-01-10 04:40 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2019-02-13 17:41 - 2019-01-10 04:36 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-02-13 17:41 - 2019-01-09 21:14 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-02-13 17:41 - 2019-01-09 20:55 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2019-02-13 17:41 - 2019-01-09 19:55 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-02-13 17:41 - 2019-01-09 19:48 - 000527368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-02-13 17:41 - 2019-01-09 16:59 - 000611848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-02-13 17:41 - 2019-01-09 16:44 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-02-13 17:41 - 2019-01-09 16:43 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-02-13 17:41 - 2019-01-09 16:43 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-02-13 17:41 - 2019-01-09 16:43 - 000607376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-02-13 17:41 - 2019-01-09 16:43 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-02-13 17:41 - 2019-01-09 16:43 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-02-13 17:41 - 2019-01-09 16:43 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-02-13 17:41 - 2019-01-09 16:43 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-02-13 17:41 - 2019-01-09 16:43 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
2019-02-13 17:41 - 2019-01-09 16:42 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-02-13 17:41 - 2019-01-09 16:40 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-02-13 17:41 - 2019-01-09 16:40 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-02-13 17:41 - 2019-01-09 16:40 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-02-13 17:41 - 2019-01-09 16:40 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-02-13 17:41 - 2019-01-09 16:39 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-02-13 17:41 - 2019-01-09 16:39 - 000789696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-02-13 17:41 - 2019-01-09 16:39 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-02-13 17:41 - 2019-01-09 16:39 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-02-13 17:41 - 2019-01-09 16:39 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-02-13 17:41 - 2019-01-09 16:39 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-02-13 17:41 - 2019-01-09 16:39 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-02-13 17:41 - 2019-01-09 16:39 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-02-13 17:41 - 2019-01-09 16:39 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2019-02-13 17:41 - 2019-01-09 16:27 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-02-13 17:41 - 2019-01-09 16:26 - 002966016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-02-13 17:41 - 2019-01-09 16:25 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-02-13 17:41 - 2019-01-09 16:24 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-02-13 17:41 - 2019-01-09 16:24 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-13 17:41 - 2019-01-09 16:24 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-02-13 17:41 - 2019-01-09 16:23 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-02-13 17:41 - 2019-01-09 16:23 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-02-13 17:41 - 2019-01-09 16:23 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-02-13 17:41 - 2019-01-09 16:23 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-02-13 17:41 - 2019-01-09 16:23 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-02-13 17:41 - 2019-01-09 16:23 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-02-13 17:41 - 2019-01-09 16:23 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2019-02-13 17:41 - 2019-01-09 16:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-02-13 17:41 - 2019-01-09 16:22 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-02-13 17:41 - 2019-01-09 16:22 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-02-13 17:41 - 2019-01-09 16:22 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-02-13 17:41 - 2019-01-09 16:22 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-02-13 17:41 - 2019-01-09 16:22 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-02-13 17:41 - 2019-01-09 16:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 17:41 - 2019-01-09 16:22 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-02-13 17:41 - 2019-01-09 16:21 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-02-13 17:41 - 2019-01-09 16:21 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-02-13 17:41 - 2019-01-09 16:21 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 17:41 - 2019-01-09 16:20 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-02-13 17:41 - 2019-01-09 16:20 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-13 17:41 - 2019-01-09 16:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-02-13 17:41 - 2019-01-09 16:20 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-02-13 17:41 - 2019-01-09 16:19 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-13 17:41 - 2019-01-09 16:19 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-02-13 17:41 - 2019-01-09 16:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2019-02-13 17:41 - 2019-01-09 16:19 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-02-13 17:41 - 2019-01-09 16:18 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2019-02-13 17:41 - 2019-01-09 15:34 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-02-13 17:41 - 2019-01-09 15:34 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2019-02-13 17:41 - 2019-01-08 20:08 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-02-13 17:41 - 2019-01-08 14:06 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-02-13 17:41 - 2019-01-08 14:06 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-02-13 17:41 - 2019-01-08 14:06 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2019-02-11 14:08 - 2019-02-14 14:26 - 000000000 ____D C:\FRST
2019-02-09 12:08 - 2019-02-09 12:08 - 000000000 ____D C:\Users\Rick\AppData\Local\AOP SDK
2019-02-09 02:12 - 2019-02-09 02:19 - 000000000 ____D C:\Users\Rick\AppData\Local\Adobe
2019-02-04 21:38 - 2019-02-09 18:26 - 000000000 ____D C:\Users\Rick\AppData\Local\Canon Easy-PhotoPrint EX
2019-02-04 21:38 - 2019-02-04 21:38 - 000000000 ___HD C:\ProgramData\CanonIJEPPEX2
2019-02-04 21:38 - 2019-02-04 21:38 - 000000000 ___HD C:\ProgramData\CanonIJEPPEX
2019-02-04 21:38 - 2019-02-04 21:38 - 000000000 ___HD C:\ProgramData\CanonEPP
2019-01-31 21:54 - 2019-01-31 22:03 - 000000000 ____D C:\Program Files\PortraitPro 18 Trial
2019-01-29 14:15 - 2019-01-29 14:15 - 000001237 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disketch Disc Label Software.lnk
2019-01-29 14:15 - 2019-01-29 14:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2019-01-29 14:15 - 2019-01-29 14:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graphics Related Programs
2019-01-29 14:15 - 2019-01-29 14:15 - 000000000 ____D C:\Program Files (x86)\NCH Software
2019-01-27 22:32 - 2017-03-02 02:47 - 000000055 _____ C:\Users\Rick\Desktop\Ann and Les Gunn (2).txt
2019-01-21 18:35 - 2019-01-21 18:35 - 000000000 ____D C:\Users\Rick\AppData\Roaming\CDROLLER
2019-01-19 16:40 - 2019-01-19 16:40 - 000000000 ____D C:\Users\Rick\AppData\LocalLow\Oracle
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-14 14:25 - 2018-05-16 18:00 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-02-14 14:25 - 2018-04-12 10:36 - 000000000 ____D C:\WINDOWS\INF
2019-02-14 14:24 - 2018-10-10 22:23 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security with Backup
2019-02-14 14:24 - 2018-05-16 17:55 - 000000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2019-02-14 14:20 - 2018-04-12 10:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-14 14:19 - 2018-05-16 17:55 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-02-14 14:19 - 2016-10-02 22:04 - 000000000 ____D C:\ProgramData\NVIDIA
2019-02-14 14:18 - 2018-04-12 08:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-02-14 14:16 - 2014-06-14 15:50 - 000000000 ____D C:\Users\Rick\AppData\LocalLow\Temp
2019-02-14 14:05 - 2018-05-16 17:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-02-14 11:48 - 2018-05-20 20:36 - 000000000 ____D C:\Users\Rick\AppData\Local\D3DSCache
2019-02-14 00:20 - 2018-04-12 10:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-02-14 00:15 - 2018-05-16 17:40 - 005435112 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-02-14 00:10 - 2018-04-12 10:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-02-14 00:10 - 2018-04-12 10:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-02-14 00:10 - 2018-04-12 10:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-02-14 00:10 - 2018-04-12 10:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-02-14 00:10 - 2018-04-12 10:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-02-14 00:10 - 2018-04-12 10:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-02-13 22:40 - 2015-10-27 11:17 - 000000000 ____D C:\Users\Rick\AppData\Roaming\Adobe
2019-02-13 20:56 - 2018-07-06 22:18 - 000000000 ____D C:\Users\Rick\AppData\Roaming\5KPlayer
2019-02-13 17:48 - 2018-04-12 10:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-02-13 17:41 - 2015-10-27 12:48 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-02-13 17:38 - 2015-10-27 12:47 - 129330784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-02-13 16:30 - 2018-04-12 10:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-13 15:56 - 2018-07-05 15:29 - 000000000 ____D C:\Users\Rick\AppData\Roaming\dvdcss
2019-02-13 15:49 - 2014-11-10 23:43 - 000000000 ____D C:\Users\Rick\Documents\liteCam
2019-02-13 15:48 - 2015-12-05 02:17 - 000025088 _____ C:\Users\Rick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-02-13 05:16 - 2018-05-16 17:55 - 000004578 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-02-13 05:16 - 2018-04-12 10:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-02-13 05:16 - 2018-04-12 10:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-02-13 04:24 - 2018-05-16 17:55 - 000004566 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-02-13 03:58 - 2018-09-08 04:26 - 000000000 ____D C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\百度网盘
2019-02-11 13:24 - 2018-05-16 17:55 - 000004144 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9FED51AC-BB0D-4BEE-9687-B54D279E2473}
2019-02-11 03:02 - 2018-05-16 17:55 - 000003352 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1630993411-145381888-747447847-1001
2019-02-11 03:02 - 2018-05-16 17:45 - 000002364 _____ C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-11 03:02 - 2014-07-26 03:23 - 000000000 __RDO C:\Users\Rick\OneDrive
2019-02-10 22:20 - 2018-04-12 20:18 - 000000000 ____D C:\WINDOWS\OCR
2019-02-10 21:07 - 2017-12-19 09:52 - 000000000 ____D C:\Users\Rick\AppData\LocalLow\Mozilla
2019-02-10 19:16 - 2016-09-26 02:11 - 000000000 ____D C:\Users\Rick\AppData\Local\File Viewer Plus
2019-02-09 19:00 - 2015-11-04 15:07 - 000000000 ____D C:\ProgramData\CanonIJPLM
2019-02-09 18:46 - 2018-04-12 10:38 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2019-02-08 17:52 - 2018-07-11 14:28 - 000000000 ____D C:\ProgramData\Packages
2019-02-08 17:44 - 2018-04-12 08:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-02-08 17:42 - 2018-12-07 22:24 - 000000000 ____D C:\Program Files\CCleaner
2019-02-07 22:29 - 2017-01-03 14:17 - 000000000 ___RD C:\Users\Rick\Downloads\DeviceDoctor.Opener_mkdtfchztkfbm!App
2019-02-07 01:15 - 2018-09-25 22:11 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-02-06 21:23 - 2018-04-12 10:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-02-06 21:23 - 2015-10-28 00:56 - 000000000 ____D C:\Users\Rick\AppData\Local\CrashDumps
2019-02-05 15:02 - 2018-08-12 03:15 - 000000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2019-02-04 21:38 - 2015-11-04 15:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2019-02-04 21:37 - 2015-11-04 15:09 - 000000000 ____D C:\Program Files\Canon
2019-02-03 09:53 - 2018-11-14 23:17 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-02-03 09:53 - 2018-11-14 23:17 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-30 21:24 - 2015-10-27 12:04 - 000000000 ____D C:\ProgramData\FLEXnet
2019-01-29 14:16 - 2015-12-03 14:38 - 000000000 ____D C:\Users\Rick\AppData\Roaming\NCH Software
2019-01-28 15:06 - 2015-12-24 01:02 - 000000000 ____D C:\Users\Rick\AppData\Local\ElevatedDiagnostics
2019-01-24 22:01 - 2017-10-21 20:06 - 000000000 ____D C:\ProgramData\Corel
2019-01-24 19:55 - 2015-10-28 00:25 - 000000000 ____D C:\ProgramData\Package Cache
2019-01-23 19:13 - 2014-01-07 06:27 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-01-20 04:46 - 2018-05-16 17:45 - 000000000 ____D C:\Users\Rick
2019-01-19 16:41 - 2018-11-10 15:29 - 000110968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2019-01-19 16:41 - 2018-11-10 15:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-01-19 16:41 - 2018-11-10 15:28 - 000000000 ____D C:\Program Files\Java
2019-01-18 15:51 - 2017-09-29 19:08 - 000000000 ____D C:\Program Files\rempl
2019-01-15 17:23 - 2017-12-12 03:40 - 000000000 ____D C:\Users\Rick\AppData\Local\PlaceholderTileLogoFolder
 
==================== Files in the root of some directories =======
 
2016-05-21 15:20 - 2018-09-18 18:43 - 000013531 _____ () C:\Users\Rick\AppData\Roaming\event.log
2015-12-05 02:17 - 2019-02-13 15:48 - 000025088 _____ () C:\Users\Rick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-09-22 18:55 - 2018-09-22 18:55 - 000000000 _____ () C:\Users\Rick\AppData\Local\oobelibMkey.log
2015-11-17 17:18 - 2015-11-17 17:18 - 000000000 _____ () C:\Users\Rick\AppData\Local\{33487DA2-1ED6-4DAD-A40C-AB6B7AA40B7E}
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-16 17:40
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13.02.2019
Ran by Rick (14-02-2019 14:28:12)
Running from C:\Users\Rick\Desktop\Downloads\Geeks 11 01 19
Windows 10 Home Version 1803 17134.590 (X64) (2018-05-16 07:16:50)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1630993411-145381888-747447847-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1630993411-145381888-747447847-503 - Limited - Disabled)
Guest (S-1-5-21-1630993411-145381888-747447847-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1630993411-145381888-747447847-1003 - Limited - Enabled)
Rick (S-1-5-21-1630993411-145381888-747447847-1001 - Administrator - Enabled) => C:\Users\Rick
WDAGUtilityAccount (S-1-5-21-1630993411-145381888-747447847-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
3D Shadow 2.0 (HKLM\...\3D Shadow_is1) (Version: 2.0 - Lokas Software)
5KPlayer (HKLM-x32\...\5KPlayer) (Version: 5.1 - DearMob, Inc.)
7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version:  - )
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.09.2001 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.09.2003.0 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.06.2000.22 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3019 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.09.2002 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8100 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
ADAudit Plus (HKLM-x32\...\{B4E87CC6-F195-4CFE-92A2-8439FC3716C9}) (Version: 4.6.0 - ZOHO Corp)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe CMaps x64 CS4 (HKLM\...\{90BA8112-80B3-4617-A3C1-BD2771B60F74}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.142 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.142 - Adobe Systems Incorporated)
Adobe Fonts All x64 (HKLM\...\{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe PDF Library Files x64 CS4 (HKLM\...\{DFFABE78-8173-4E97-9C5C-22FB26192FC5}) (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Type Support x64 CS4 (HKLM\...\{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}) (Version: 9.0 - Adobe Systems Incorporated) Hidden
AnalogX NetStat Live (HKLM-x32\...\AnalogX NetStat Live) (Version:  - AnalogX)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.15.2000.1 - Acer Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Ashampoo Cover Studio 2017 (HKLM-x32\...\{91B33C97-6D7D-102A-7711-56C011AFB81B}_is1) (Version: 3.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo MyAutoplay Menu v.1.0.5 (HKLM-x32\...\{91B33C97-FD41-09C7-0F51-78F94C35D772}_is1) (Version: 1.0.5 - Ashampoo GmbH & Co. KG)
Avanquest Message (HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.06.0 - Avanquest Software)
Awesome Duplicate Photo Finder v. 1.0.1 (HKLM-x32\...\Awesome Duplicate Photo Finder_is1) (Version:  - Duplicate-Finder.com)
BenVista PhotoZoom Classic 6.1 (HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\PhotoZoom Classic 6) (Version: 6.1 - BenVista Ltd.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.7.0 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon MX920 series On-screen Manual (HKLM-x32\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.52 - Piriform)
ClipGrab 3.7.1 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
CODIJY Pro version 3.6.1 (HKLM\...\{26339FAF-FA88-4C47-9E68-D4D3E8C512D9}_is1) (Version: 3.6.1 - CODIJY)
CoffeeCup Free Zip Wizard (HKLM-x32\...\CoffeeCup Free Zip Wizard) (Version:  - CoffeeCup Software)
ColorMunki Smile (HKLM-x32\...\ColorMunki Smile_is1) (Version:  - X-Rite)
Data Lifeguard Diagnostic for Windows 1.31 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform)
Disketch Disc Label Software (HKLM-x32\...\Disketch) (Version: 3.39 - NCH Software)
Dolphin Pod 0.3 (HKLM-x32\...\Dolphin Pod_is1) (Version:  - )
DVD-Cloner V9.60 Build 1114 (HKLM-x32\...\DVD-Cloner 9_is1) (Version: 9.60.0.1114 - OpenCloner Inc.)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
File Identifier (HKLM-x32\...\{C257E434-E8F1-4E06-A616-598E4933553E}_is1) (Version: 1.0.11 - Sharpened Productions)
File Viewer Plus (HKLM-x32\...\{C8B24B83-920A-446E-B027-38F72C9D8898}_is1) (Version: 2.2.1 - Sharpened Productions)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.4.0.16811 - Foxit Software Inc.)
Free FreeCell Solitaire 2015 v3.0 (HKLM-x32\...\Free FreeCell Solitaire_is1) (Version:  - TreeCardGames)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.22) (Version: 9.22 - Artifex Software Inc.)
Grant Digital (HKLM-x32\...\{ED4830CC-FB1B-4E51-9ED3-0FCC97758D1D}) (Version:  - )
HAL 9000 [Console] Basic Screen Saver (HKLM-x32\...\HAL 9000 [Console] Basic) (Version:  - )
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.8101 - Acer Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Image Resizer for Windows (64 bit) (HKLM\...\{2A1F3759-5792-469B-B895-7E29680F02F1}) (Version: 3.1.1.0 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{92916BDF-74CB-479C-B69E-32EACB074FFE}) (Version: 3.1.1.0 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{c624f5da-779e-4ccb-9ce1-34bc5ef0a6b9}) (Version: 3.1.1.0 - Brice Lambson)
ImageMixer VCD2 for FinePix (HKLM-x32\...\{934E9442-D305-4ACF-AD87-A6C11D677CB9}) (Version:  - )
InCD EasyWrite Reader (HKLM-x32\...\MRW!UninstallKey) (Version:  - )
InPixio Photo (HKLM-x32\...\{5F0C0CD8-77B1-4C3E-9F01-5AF10D85DBB4}) (Version: 6.09.0 - Avanquest Software)
InPixio Photo Maximizer (HKLM-x32\...\{33DB8C17-40C9-4629-B6D4-05A4C7E8AA86}) (Version: 2.03.25799 - Avanquest Software)
InstaCards (HKLM-x32\...\{58259C24-7B5E-4977-93B0-E9EEA1B884CE}) (Version: 1.6.1 - Avanquest Software)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Java 8 Update 201 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
LicenseCrawler version 1.25 build-298 (HKLM-x32\...\{12151216-3E3F-4118-AE95-49C39F1D7EA2}_is1) (Version: 1.25 build-298 - Martin Klinzmann)
liteCam HD (HKLM-x32\...\{4926737D-839C-430F-805F-28C7EF86A432}) (Version: 4.95.0000 - RSUPPORT)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Macrium Reflect Free Edition (HKLM\...\{08B0BEF7-A098-4A77-B132-8702E9F43682}) (Version: 6.1.1225 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Mahjong Champ (HKLM-x32\...\MahjongChamp) (Version:  - )
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
McAfee Safe Connect (HKLM-x32\...\{54EB2499-4B4F-4AE5-9D1E-CCAE9D6ED880}) (Version: 1.3.1.128 - McAfee, Inc)
Microsoft LifeCam (HKLM\...\{8EC9E7BB-2443-49B1-8476-490EBF932C2E}) (Version: 4.25.512.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{386881cc-7635-4ec3-aaf3-e28904b27a28}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movavi Photo Noir (HKLM-x32\...\Movavi Photo Noir) (Version: 1.0.1 - Movavi)
Mozilla Firefox 63.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.3 (x64 en-US)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 63.0.3.6892 - Mozilla)
My Lockbox 2.8.2 (HKLM\...\My Lockbox_is1) (Version: 2.8.2 - )
Nero 11 InfoTool (HKLM-x32\...\{64BEF779-5053-48AF-A3D8-B70EBC1C70E7}) (Version: 11.0.00500 - Nero AG)
Nero 2015 (HKLM-x32\...\{E6626251-ED62-469C-821F-D75C50154C48}) (Version: 16.0.02800 - Nero AG)
Nero CoverDesigner 2017 (HKLM-x32\...\{29102D23-A61D-48BC-876D-449BF9937B62}) (Version: 18.0.00900 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 20.0.1011 - Nero AG)
Nero Prerequisite Installer 7.0 (HKLM-x32\...\{20A619F0-E309-4434-A7ED-C270759803AA}) (Version: 19.0.00000 - Nero AG)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Secure VPN (HKLM-x32\...\Norton Secure VPN) (Version: 1.6.0.280 - Symantec Corporation)
Norton Security (HKLM-x32\...\NGC) (Version: 22.16.3.21 - Symantec Corporation)
Norton WiFi Privacy (HKLM-x32\...\Norton WiFi Privacy) (Version: 1.4.9 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 326.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 326.01 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
PcCloneEX (HKLM-x32\...\PcCloneEX) (Version:  - )
PDF Settings CS4 (HKLM-x32\...\{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}) (Version: 9.0 - Adobe Systems Incorporated) Hidden
PicaView32 (HKLM-x32\...\PicaView32) (Version:  - )
Plantraco FMS Model Installer (HKLM-x32\...\{002D2C86-303B-4146-A3F6-8F0BA5A93F11}) (Version: 1.0.5 - Plantraco)
PowerPoint CD-ROM Wizard (HKLM-x32\...\PowerPoint CD-ROM Wizard) (Version:  - )
Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0010 - Nero AG) Hidden
Prerequisite installer (HKLM-x32\...\{5F284483-EE8D-447E-BEBE-2BF13B08C4BF}) (Version: 17.0.0002 - Nero AG) Hidden
Prerequisite installer (HKLM-x32\...\{799AFA36-4EA5-4323-8689-74C06645A26B}) (Version: 16.0.0000 - Nero AG) Hidden
Prerequisite installer (HKLM-x32\...\{AD240F1A-3102-492E-B657-17969A9D5E9A}) (Version: 19.0.0003 - Nero AG) Hidden
Prerequisite installer (HKLM-x32\...\{EB511CD1-C87C-490D-A7B1-D6C47F57820F}) (Version: 18.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.11 - Qualcomm Atheros)
RAW FILE CONVERTER LE (HKLM-x32\...\{D680C913-5955-469D-9D88-C1940F7506D6}) (Version:  - )
Rays (HKLM\...\Digital Film Tools-Rays 1.0) (Version: 1.0 - Digital Film Tools)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller 2.0.6 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.6 - VS Revo Group, Ltd.)
RMP4 (HKLM-x32\...\{F78FC958-7354-43EA-BF26-AFCBFE7B9C18}) (Version: 1.05.0000 - RSUPPORT)
RSCC (HKLM-x32\...\{562CBD30-CA59-4640-862C-99C0ECED4B4C}) (Version: 2.02.0000 - RSUPPORT)
ScanWizard 5 (HKLM-x32\...\{B08D262E-D902-11D5-9C28-0080C85A0C2D}) (Version:  - )
Serif WebPlus X7 (HKLM\...\{DDC54AEA-0ED0-4F2F-9C3C-7C382D80B5FB}) (Version: 15.0.4.38 - Serif (Europe) Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SlimDX Runtime .NET 2.0 (January 2012) (HKLM-x32\...\{014A2868-BE56-4888-A16C-693989B8F153}) (Version: 2.0.13.43 - SlimDX Group)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
stashimi (HKLM-x32\...\{9E0284FD-B627-42AC-B17A-99930793A9E5}) (Version: 12.1.9800.0 - Audials AG)
SureThing Decal Maker (HKLM-x32\...\MVApplication1) (Version:  - )
Unity Web Player (HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
UPSmart version 1.5 (HKLM-x32\...\UPSmart_is1) (Version: 1.5 - Guangdong IDBK software technology Inc)
UPSmart2000R 1.9( Build 110621 ) (HKLM-x32\...\UPSmart2000R_is1) (Version: 1.9 - )
Video Booth (HKLM-x32\...\VideoBooth) (Version: 2.8.1.8 - )
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WD Drive Utilities (HKLM-x32\...\{27c7215d-df19-4095-8f6a-eba55cab35be}) (Version: 2.0.0.25 - Western Digital Technologies, Inc.)
WD Drive Utilities (HKLM-x32\...\{F413FB4C-7CFF-4737-BCC3-5EE43BFB3721}) (Version: 2.0.0.25 - Western Digital Technologies, Inc.) Hidden
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames) (Version: 4.1.1.40 - WildTangent)
WildTangent ShortcutProvider (HKLM-x32\...\{80831F60-19D7-43B3-A60C-5CAF8C478DF6}) (Version: 1.0.0.60 - WildTangent) Hidden
Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com)
Windows 7 Games for Windows 8 and 10 (HKLM-x32\...\MicrosoftGamesForWin8) (Version: 1.1.0.10 - )
X-Rite Device Services Manager (HKLM-x32\...\{1E18A923-CDF1-4D1C-93B2-AD4CC5BD33EA}) (Version: 2.4.1 - X-Rite)
Zipware (HKLM-x32\...\{978B4C17-660C-4521-A024-0E4311DF0192}) (Version: 1.2.0 - Bazwise)
百度网盘 (HKLM-x32\...\百度云管家) (Version: 6.2.4 - 百度在线网络技术(北京)有限公司)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1630993411-145381888-747447847-1001_Classes\CLSID\{F692AFB9-21F4-EE57-7255-CA9A52655345}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Windows -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-15] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-15] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-15] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2009-02-03] (Igor Pavlov)
ContextMenuHandlers1-x32: [ASZipF] -> {e13d3e68-0f44-3d45-b15f-bcfd8a8b4c7e} =>  -> No File
ContextMenuHandlers1-x32: [ASZipF64] -> {e13d3e78-0f44-3d45-b15f-bcfd8a8b4c7e} =>  -> No File
ContextMenuHandlers1-x32: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1-x32-x32: [ccZipWizDll] -> {FFEAB400-3031-11D5-B653-0050BAD1A371} => C:\Program Files (x86)\CoffeeCup Software\FreeZip\cczipdll.dll [2001-04-14] (CoffeeCup Software)
ContextMenuHandlers1-x32-x32: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2018-05-03] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers1-x32-x32: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2018-12-25] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1-x32-x32: [Image Resizer] -> {51B4D7E5-7568-4234-B4BB-47FB3C016A69} => C:\Program Files\Image Resizer for Windows\ShellExtensions.dll [2018-05-26] (Open Source Developer, Brice Lambson -> Brice Lambson)
ContextMenuHandlers1-x32-x32-x32: [PicaView32] -> {68f32140-2ca3-11d0-acc1-444553540000} => C:\Program Files (x86)\PICAVI~1\PicaView.dll -> No File
ContextMenuHandlers1-x32-x32-x32: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers1-x32-x32-x32: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.3.21\NavShExt.dll [2018-12-13] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1-x32-x32-x32: [YunShellExt] -> {6D85624F-305A-491d-8848-C1927AA0D790} => C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\YunShellExt64.dll [2018-08-06] (Beijing Baidu Netcom Science and Technology Co.,Ltd -> )
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.3.21\NavShExt.dll [2018-12-13] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2009-02-03] (Igor Pavlov)
ContextMenuHandlers4-x32: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers4-x32: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-07] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers4-x32: [YunShellExt] -> {6D85624F-305A-491d-8848-C1927AA0D790} => C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\YunShellExt64.dll [2018-08-06] (Beijing Baidu Netcom Science and Technology Co.,Ltd -> )
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-30] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [ASZipF] -> {e13d3e68-0f44-3d45-b15f-bcfd8a8b4c7e} =>  -> No File
ContextMenuHandlers6: [ASZipF64] -> {e13d3e78-0f44-3d45-b15f-bcfd8a8b4c7e} =>  -> No File
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.16.3.21\buShell.dll [2018-12-12] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2018-05-03] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2018-12-25] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-07] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.3.21\NavShExt.dll [2018-12-13] (Symantec Corporation -> Symantec Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0AA0B89D-FC57-489F-96C8-1B2409FEE784} - System32\Tasks\GoogleUpdateTaskMachineUA1d1b3309bb50295 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {2D578C79-C768-4973-B599-3C6085E828CF} - System32\Tasks\CareCenter\Spotify Web Helper_Reg_HKCURun_S-1-5-21-1630993411-145381888-747447847-1001 => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe (Spotify AB -> Spotify Ltd)
Task: {2F1171C8-8F99-40CC-85F0-6C02351FE0A6} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {32DD3A34-10B3-4BBF-A519-BEB19B897897} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {42F19B06-23B5-4258-97F9-B82DE655E4B4} - System32\Tasks\Abelssoft\Abelssoft Abelssoft File Organizer_117 => C:\Program Files (x86)\Abelssoft File Organizer\AbLauncher.exe
Task: {43D3296B-AFF6-4CEA-8929-E06F9706C0E7} - System32\Tasks\Norton Security with Backup\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.16.3.21\SymErr.exe (Symantec Corporation -> Symantec Corporation)
Task: {4733B00B-CD56-4474-A8DE-87A80D8827A1} - System32\Tasks\Norton Security with Backup\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.16.3.21\SymErr.exe (Symantec Corporation -> Symantec Corporation)
Task: {4B03C7D4-4B11-44CA-A80A-B5B346229A13} - System32\Tasks\{6C49A8F2-4C8C-449C-BBB9-6F0A12CEE1BC} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Rick\Desktop\Navy\New folder\freezip.exe" -d "C:\Users\Rick\Desktop\Navy\New folder"
Task: {4FC8428F-A07A-49DE-9BEC-2A26C04F5344} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {51BB7444-0E84-4A99-82D0-B4AC2B2C19EC} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_Plugin.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {5DDA4DFC-3179-4CFB-BF12-D63DB742015B} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe (Acer Incorporated -> )
Task: {674997DC-07F8-4B9B-B01B-5E2BBD94FD74} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe (Acer Incorporated -> Acer Incorporated)
Task: {67DDF01E-9BE3-4F75-BAF1-E7E0C253CA0E} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_pepper.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {6A6745C1-3B55-430B-8821-1A00BBD3E284} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.16.3.21\WSCStub.exe (Symantec Corporation -> Symantec Corporation)
Task: {6D727AAB-CD0C-46F6-B520-A3EF4CB701A9} - System32\Tasks\X-Rite Device Services Software Updater => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe (X-Rite Incorporated -> X-Rite Inc.)
Task: {6F83278E-0757-4266-A13E-BE4996F1E4DB} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe (Nero AG -> Nero AG)
Task: {729A2C47-8797-48E8-B494-6C733C3442A5} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe (Acer Incorporated -> )
Task: {7A383737-2EC7-41EF-8D24-E7E745A1D810} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {7D0B6B5E-862D-4708-9F10-00EEC5698842} - System32\Tasks\CareCenter\BCSSync_Reg_HKLMWow6432Run => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {7FA5671E-29C0-41D9-A278-E48EB3AE3FFD} - System32\Tasks\Norton Security with Backup\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.16.3.21\SymErr.exe (Symantec Corporation -> Symantec Corporation)
Task: {8258A44C-AF33-4AF8-BB6E-4FB3D00F296A} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {891D978B-CC83-4DC0-8B35-E6BF65228EEA} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe (Acer Incorporated -> )
Task: {A1B092F4-BB88-4842-B834-A63F5135FFF8} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\inPixio\InPixio Photo Clip 8 Demo\InPixioPhotoClip8.exe
Task: {A906909E-1638-427D-9571-0BAF4C968473} - System32\Tasks\CareCenter\ABBYY Screenshot Reader Bonus_Reg_HKCURun_S-1-5-21-1630993411-145381888-747447847-1001 => C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint\Bonus.ScreenshotReader.exe
Task: {B06FF82D-8BE6-4633-8D8D-C82D3162FB4B} - System32\Tasks\CareCenter\OneNote 2010 Screen Clipper and Launcher.lnk_FolderAppdata_S-1-5-21-1630993411-145381888-747447847-1001 => C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Task: {B59C37AA-5BDE-49D7-A3F6-2683D4B25389} - System32\Tasks\CareCenter\CanonQuickMenu_Reg_HKLMWow6432Run => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (Canon Inc. -> CANON INC.)
Task: {C7F54203-607F-41C8-9FD0-B0DF4DF5B24A} - System32\Tasks\GoogleUpdateTaskMachineCore1d1b3309b3906f6 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {D7569C8C-3763-4460-923B-DECB9FBC73A2} - System32\Tasks\S-1-5-21-1630993411-145381888-747447847-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe (Microsoft Windows -> Microsoft Corporation)
Task: {F17E0D40-D4EB-4086-B5DE-B7650AA84A4C} - System32\Tasks\CareCenter\OfficeSyncProcess_Reg_HKCURun_S-1-5-21-1630993411-145381888-747447847-1001 => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation -> Microsoft Corporation)
Task: {F89E8CF7-22D1-4BFC-8312-96F0FF6CA68A} - System32\Tasks\CareCenter\RTHDVCPL_Reg_HKLMRun => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\X-Rite Device Services Software Updater.job => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Rick\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-04-12 10:34 - 2018-04-12 10:34 - 000444416 _____ () c:\windows\system32\SSDM.dll
2018-04-12 10:34 - 2018-04-12 10:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-09-25 22:11 - 2019-02-07 01:15 - 002842608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-09-25 22:11 - 2019-02-07 01:15 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-10-02 22:04 - 2016-12-30 00:16 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-11-20 04:46 - 2018-11-20 04:46 - 004310296 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2018-04-12 10:34 - 2018-04-12 10:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-12 13:26 - 2018-11-09 13:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-02-13 17:42 - 2019-02-06 13:25 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-10-04 16:35 - 2018-10-04 16:36 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-01-30 19:07 - 2019-01-30 19:07 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2019-01-30 19:07 - 2019-01-30 19:07 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2019-01-30 19:07 - 2019-01-30 19:07 - 011029504 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2019-01-30 19:07 - 2019-01-30 19:07 - 002923520 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\skypert.dll
2019-01-30 19:07 - 2019-01-30 19:07 - 000688128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-12-14 21:03 - 2018-12-14 21:03 - 002384384 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\Processing.NDI.Lib.UWP.x64.dll
2019-01-30 19:07 - 2019-01-30 19:07 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-08-06 19:35 - 2018-08-06 19:35 - 001127448 _____ () C:\Users\Rick\AppData\Roaming\baidu\BaiduNetdisk\YunDetectService.exe
2019-02-08 17:50 - 2019-02-08 17:51 - 028028416 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe
2019-02-08 17:50 - 2019-02-08 17:50 - 000305152 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-10-09 15:33 - 2018-10-09 15:33 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2018-11-29 18:36 - 2018-11-29 18:36 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-02-08 17:50 - 2019-02-08 17:50 - 006033408 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\EntCommon.dll
2019-02-08 17:50 - 2019-02-08 17:50 - 009338368 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\EntPlat.dll
2016-12-22 13:55 - 2016-08-18 07:50 - 002365920 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Smile\application\ColorMunki Smile Tray.exe
2017-10-04 14:06 - 2009-06-26 15:25 - 000356352 _____ () C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe
2019-01-02 21:28 - 2019-01-02 21:28 - 000059376 _____ () C:\Program Files\CCleaner\branding.dll
2019-02-12 15:24 - 2019-02-12 15:24 - 008562688 _____ () C:\Program Files\WindowsApps\Microsoft.OneConnect_5.1901.311.0_x64__8wekyb3d8bbwe\OneConnect.dll
2015-07-13 10:33 - 2015-07-13 10:33 - 001592832 _____ () C:\Program Files (x86)\X-Rite\Devices\rm200\GoldenEye.dll
2013-06-21 14:03 - 2013-06-21 14:03 - 002633728 _____ () C:\Program Files (x86)\X-Rite\Devices\colormunki\colormunki.dll
2016-12-22 13:55 - 2016-08-19 00:16 - 044202496 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Smile\application\Prism.dll
2016-12-22 13:55 - 2016-08-19 00:16 - 000898560 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Smile\application\libxml2.dll
2016-12-22 13:55 - 2016-08-19 00:16 - 003449344 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Smile\application\CxF2_VC90MD_2.1.dll
2016-12-22 13:55 - 2016-08-19 00:16 - 000073728 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Smile\application\zlib1.dll
2017-10-04 14:06 - 2009-07-22 16:58 - 000258048 _____ () C:\Program Files (x86)\ScanWizard 5\SFRes.dll
2018-11-20 02:11 - 2018-11-20 02:11 - 004310088 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-11-04 18:36 - 2015-11-04 18:36 - 000149720 _____ () C:\Program Files (x86)\Acer\abDocs Office AddIn\AcerWordAddin.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-23 00:25 - 2016-08-08 15:27 - 000000855 ____N C:\WINDOWS\system32\drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Acer\Remote Files\;C:\Program Files (x86)\Common Files\ACD Systems\EN\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1630993411-145381888-747447847-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rick\Documents\My Documents\Spare Icons\1\Photos 2\Wallpaper\BingWallpaper-2018-06-18.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
MSCONFIG\Services: ABBYY.Licensing.FineReader.Sprint.9.0 => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CCDMonitorService => 2
MSCONFIG\Services: CodeMeter.exe => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: GamesAppIntegrationService => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IJPLMSVC => 2
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: Intel® ME Service => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: L4301_Solar => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: NOBU => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: ReflectService.exe => 2
MSCONFIG\Services: Stereo Service => 2
HKLM\...\StartupApproved\StartupFolder: => "PC Clone EX.LNK"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "mylbx"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "LifeCam"
HKLM\...\StartupApproved\Run32: => "Malwarebytes Anti-Exploit"
HKLM\...\StartupApproved\Run32: => "ShaPlus Bandwidth Meter"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\Run: => "abDocsDllLoader"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\Run: => "OfficeSyncProcess"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\Run: => "ABBYY Screenshot Reader Bonus"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\Run: => "Avanquest Message"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\Run: => "5KPlayer"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\Run: => "Bonus.SSR.FR14"
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\StartupApproved\Run: => "UPSmart"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{0955A86A-2ED8-4E39-9329-0F2A2ABC8744}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe No File
FirewallRules: [{50143828-261D-4073-AE7B-F625BD9012A6}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe No File
FirewallRules: [{484F38D2-32FC-4FDC-9DC2-4DDEC02F66AA}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe No File
FirewallRules: [{7DC0C804-70DF-424D-BD87-6AD435A39C3E}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe No File
FirewallRules: [{EE5AF3DE-39B7-4032-8B82-A7DAC76C73CA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{8A6A80A5-8488-4639-AC02-0D10F3BA96E2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{2D90616E-620B-4704-9FE2-188396CD332B}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{897B1F29-60CF-4AFC-BA04-3BE54DA11E35}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FAE71AF6-7F25-4423-B1CA-E5D4C25A24BE}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{61F70EAE-A460-45BD-AC7D-542ED2A34FE7}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B1B8424F-3F40-4F51-AAE7-B0433B25D790}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{4C4AC1DC-3879-41DD-8E1A-9C8709745E01}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{E006BC02-43B3-41A1-BA28-2D78FAC1E58C}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe (Acer Incorporated -> acer)
FirewallRules: [{AC8334EF-1EBF-46D6-942D-E6645FDF3A02}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe (Acer Incorporated -> acer)
FirewallRules: [{6F2575DD-8B74-452A-A869-F3220637BA29}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{AA1F52B4-5D29-4263-983C-F171A36DD445}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{59A244B5-FD13-4CE9-B7BB-434E9B1CCB5C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{D0C095EF-62FB-4836-AF9E-09BBCCEDD3B1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{15937FE9-6B7C-4F06-A3AA-09E4142B19F6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{BC6340C9-1AAA-4B4A-884F-33EE6946AD08}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{710A0316-D030-4762-A753-884D9F048C01}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{0A791055-516F-4ABF-9CC0-7C60F8E04AE3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{7F9D5A5D-3277-4778-8DB6-43DE68F0F1F9}] => (Allow) C:\Program Files (x86)\stashimi\stashimi 12\Audials.exe (Audials AG -> Audials AG)
FirewallRules: [{3FCCCE94-DC9B-4961-990D-F763B5CDF777}] => (Allow) LPort=12972
FirewallRules: [{A5D845CB-23BA-4445-A24C-FE60495D37E4}] => (Allow) LPort=14714
FirewallRules: [{8007E4CA-A8D1-4C1F-9DEF-791B533C01DD}] => (Allow) LPort=31931
FirewallRules: [{49A38E7F-03A1-41A9-A70D-136BE1A71605}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe (Nero AG -> Nero AG)
FirewallRules: [{C9CC69B5-59D1-4B62-96C1-F3C853B80215}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe (Nero AG -> Nero AG)
FirewallRules: [{07755194-8ABB-4D57-8FE9-F2D7E9E1CE0C}] => (Allow) C:\Program Files (x86)\Nero\Nero 2015\Nero Burning ROM\StartNBR.exe (Nero AG -> Nero AG)
FirewallRules: [{3753B8A7-C901-420F-B35E-E695CFA30C26}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe (Nero AG -> Nero AG)
FirewallRules: [{C61BECE5-79BF-4348-A2BC-E705831F4572}] => (Allow) C:\Program Files (x86)\Nero\Nero 2015\Nero Burning ROM\nero.exe (Nero AG -> Nero AG)
FirewallRules: [{4AAF9233-4763-4545-9569-3A432271E7DE}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (Acer Incorporated -> Acer Cloud Technology)
FirewallRules: [{6D3F7FC8-EAB4-47B8-B745-80245527CD1D}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (Acer Incorporated -> Acer Cloud Technology)
FirewallRules: [{09FF3557-254C-4CA3-8034-4F22E5DEFF4E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FED014A0-63EE-45F5-8B26-CD012D2DDCA2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{52A5CACB-9FCD-4682-92EB-655F401BE9AA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{6B512EC7-1C9A-4DD0-B90B-F3260D3426ED}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{11764031-4EC4-46FD-BF07-045402D5F92D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{1033ED95-03C5-49BE-AED3-8A0CACCA4B07}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{E6B331CE-C73A-4EF3-8F2D-4E023D1C4A1F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{F5BB788E-DF73-4CCF-A918-C717FFBEFB6C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{32469169-AA4A-45EB-ACB1-CE527B05773B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{38363DE5-0DF2-4D82-91E0-FA87882BB990}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{BFA0A2B0-62A9-40BA-B6EB-36ED5C0698EF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3503228D-7DAD-4A19-8D18-181F6D555EB2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{33E3A89D-8087-4EE4-B24A-8A9AD592F383}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0EEFCB46-7766-49B8-8658-0795DC9BFDF2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CB345A0B-5CFD-4DA3-8DF8-533AF5BBCAC2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BD99BF21-82FD-4F96-8C8E-9C395773199D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{32DA455E-E9CB-46B6-A5BA-4D85A2D09E33}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
FirewallRules: [{BF17EB2F-6735-44B1-B7B8-DF2AF8D34021}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
FirewallRules: [{E25F5355-6388-4598-B2A9-B2C64F9CFE62}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
FirewallRules: [{20E6D3A9-4BD0-40A4-9A38-2C32477831DA}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
FirewallRules: [{2F288AEC-36A5-410F-845A-FDBC12DB8DE1}] => (Allow) LPort=5454
FirewallRules: [{81821348-98D7-44C8-BA48-72A6A06ED2EA}] => (Allow) LPort=5454
FirewallRules: [{A4A4AE44-7EC8-455B-A560-BD6C2CB6DA66}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2018\on1sandbox.exe No File
FirewallRules: [{51D22DDC-5C82-4E23-8274-257254BF729E}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2018\on1sandbox.exe No File
FirewallRules: [{35F70A29-BE37-4140-977B-FA4726385DF0}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2018\on1capture.exe No File
FirewallRules: [{63EFCE3B-EFFE-4686-BD84-4E8318A16A87}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2018\on1capture.exe No File
FirewallRules: [{1051BA62-C267-4506-8C21-30088E14074C}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2018\on1 photo raw 2018.exe No File
FirewallRules: [{F614331A-D0D5-4542-B9A9-DA557EE0D6C6}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2018\on1 photo raw 2018.exe No File
FirewallRules: [{F0295F0F-85D4-4554-B3AF-893FB77414B1}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [{8A1B1CB5-E93D-4CE5-BD55-93384AAD9EF1}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [TCP Query User{68FD5875-AB16-4B73-866E-0FDAA21B88F4}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe (Digiarty, Inc. -> DearMob)
FirewallRules: [UDP Query User{F5A1BA6C-C456-4E11-9357-B01CF09840BC}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe (Digiarty, Inc. -> DearMob)
FirewallRules: [{306B9756-D585-4046-85CB-5779A0470EC4}] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe (Digiarty, Inc. -> DearMob)
FirewallRules: [{A710A770-E3F8-422A-87D7-2BADDBB83176}] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe (Digiarty, Inc. -> DearMob)
FirewallRules: [TCP Query User{E0311600-CFE6-4EE0-9FE4-5F080D548139}C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe] => (Block) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe No File
FirewallRules: [UDP Query User{7372B4B5-E4B1-40DF-AAAB-591E3BED6389}C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe] => (Block) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe No File
FirewallRules: [{12C793FA-308C-483E-A837-D55A23A9B9E0}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{C74F49EA-15F3-4ACA-8D9D-E1F65FF23CE5}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{7DC66632-EE26-4ACB-BF46-A41F6ED806C2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DBC7321D-2567-4F07-BBDF-C0EED41F366B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{598BCAC5-24BA-4A8F-B292-723951BB6926}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
 
==================== Restore Points =========================
 
11-02-2019 12:58:33 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/14/2019 02:17:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (02/14/2019 02:13:49 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (02/14/2019 02:12:43 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {1baa6491-6624-4799-9cee-bfb6528bc104}
 
Error: (02/14/2019 12:09:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application registered 2 identical instances of service 5KPlayer-HalPC._airplay._tcp.local. port 8080.
 
Error: (02/14/2019 12:08:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application registered 2 identical instances of service 5KPlayer-HalPC._airplay._tcp.local. port 8080.
 
Error: (02/14/2019 12:06:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application registered 2 identical instances of service 5KPlayer-HalPC._airplay._tcp.local. port 8080.
 
Error: (02/14/2019 12:05:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application registered 2 identical instances of service 5KPlayer-HalPC._airplay._tcp.local. port 8080.
 
Error: (02/14/2019 12:04:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application registered 2 identical instances of service 5KPlayer-HalPC._airplay._tcp.local. port 8080.
 
 
System errors:
=============
Error: (02/14/2019 02:21:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscBrokerManager
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/14/2019 02:20:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/14/2019 02:20:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/14/2019 02:19:28 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Media Player Network Sharing Service service terminated with the following error: 
An attempt was made to reference a token that does not exist.
 
Error: (02/14/2019 02:19:12 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (02/14/2019 02:17:53 PM) (Source: DCOM) (EventID: 10010) (User: HALPC)
Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy!App.AppX9s1cz53zc86xn39kwrb02jyft9ecn62r.mca did not register with DCOM within the required timeout.
 
Error: (02/14/2019 02:12:21 PM) (Source: DCOM) (EventID: 10016) (User: HALPC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user HalPC\Rick SID (S-1-5-21-1630993411-145381888-747447847-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/14/2019 02:10:35 PM) (Source: DCOM) (EventID: 10016) (User: HALPC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user HalPC\Rick SID (S-1-5-21-1630993411-145381888-747447847-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
 
Date: 2019-01-23 05:22:38.485
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Acer\shellext\x64\shellext_win.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-01-23 05:22:38.458
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Acer\shellext\x64\shellext_win.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-01-23 05:22:38.432
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Acer\shellext\x64\shellext_win.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-01-23 05:22:38.405
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.16.3.21\BuShell.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-01-23 05:22:38.392
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.16.3.21\BuShell.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-01-23 05:22:38.379
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.16.3.21\BuShell.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-01-23 05:22:38.297
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Acer\shellext\x64\shellext_win.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-01-23 05:22:38.269
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Acer\shellext\x64\shellext_win.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4440 CPU @ 3.10GHz
Percentage of memory in use: 35%
Total physical RAM: 8125.09 MB
Available physical RAM: 5208.75 MB
Total Virtual: 16317.09 MB
Available Virtual: 13332.74 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:457.31 GB) (Free:386.11 GB) NTFS
Drive d: (DATA) (Fixed) (Total:457.31 GB) (Free:457.12 GB) NTFS
 
\\?\Volume{b096842d-7d80-4c4a-8eb4-e5827b8055db}\ (Recovery) (Fixed) (Total:0.39 GB) (Free:0.15 GB) NTFS
\\?\Volume{f6bcedad-eb04-46fa-b9ae-76917f8a3f45}\ (Push Button Reset) (Fixed) (Total:16.08 GB) (Free:1.17 GB) NTFS
\\?\Volume{dab56a16-f60a-48f0-ab2f-c837a014a40d}\ (ESP) (Fixed) (Total:0.29 GB) (Free:0.24 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 3456572E)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
Regards

  • 0

#9
Joeicam

Joeicam

    Malware Removal

  • Malware Removal
  • 1,282 posts

Great, thanks for providing those logs. What did Revo say when you tried uninstalling that program? Did it say it was successful or give you any problems? 


  • 0

#10
Rickles

Rickles

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 532 posts

Hi Joe,

 

it just said that an uninstaller could not be found.

 

​So I then scrolled down on your instructions and continued with Fix with FRST.

 

I encountered no problems following the instructions and all went smoothly.

 

Regards


  • 0

Advertisements


#11
Joeicam

Joeicam

    Malware Removal

  • Malware Removal
  • 1,282 posts
Hi Rickles,
 

It just said that an uninstaller could not be found. So I then scrolled down on your instructions and continued with Fix with FRST.

Great, thanks for providing that additional information. In the future, please include things like this. The more the merrier :)
 
A few questions for you:
1. How is your computer performing after that initial FRST fix?
2. How is Chrome performing? I ask because I've read that sometimes Chrome can act up, based on the Malwarebytes pop-up window.
 
Step 1 of 2: Clean with AdwCleaner
 
Download AdwCleaner from here. Save the file to the desktop.
 
Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
You will see the following console:
1_zpsclfmckom.png
  • Click the Scan Now button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Scan results - "Clean & Repair" will remove the selected threats from your computer.
  • Click the Clean & Repair button.
  • Everything checked will be moved to Quarantine.
  • Click on Clean & Restart Now
2_zpscbfj5wbw.png
 
On reboot a screen similar to the one below will be displayed.
3_zpsezrlgpjf.png
 
Click on "View Log File" and copy/paste that in your next reply, or if no restart was required, click on "Log Files", double-click on the most recent file, and copy/paste that in your next reply. This report is also saved to C:\AdwCleaner\Logs\AdwCleaner[C00].txt
 
Step 2 of 2:Re-Scan with FRST
  • Right-click the FRST application and select run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce logs called FRST.txt and Addition.txt in the same directory the tool is run from.
  • Please copy and paste the logs back here.
 
 
===============================================
 
When you reply to me, I need to see:
  • Any questions/concerns you might have, or if you were not able to complete any of the steps above
  • The copied and pasted results of the Adwcleaner text file
  • The copied and pasted results of the FRST.txt and Addition.txt files
 
 
 
 

  • 0

#12
Rickles

Rickles

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 532 posts
 
Hi Joe,
 
My apologies for the error earlier
 
 
. How is your computer performing after that initial FRST fix?  The pop up is not coming up as much.
 
2. How is Chrome performing? I ask because I've read that sometimes Chrome can act up, based on the Malwarebytes pop-up window. Chrome is working well but I am not worried about ditching it if there is a better browser.
 
I noticed that when I Right Click on a Folder I can see the 百度网盘 is there but it is only on the desktop Folders, see photo.
 
Regards

Attached Thumbnails

  • w.jpg

  • 0

#13
Joeicam

Joeicam

    Malware Removal

  • Malware Removal
  • 1,282 posts
Hi Rickles,
 
How is your computer performing after that initial FRST fix?  The pop up is not coming up as much.

Great to hear!

 

Chrome is working well but I am not worried about ditching it if there is a better browser.

Okay, also great to hear. Chrome is fine, I'm currently using it myself :).

 

I noticed that when I Right Click on a Folder I can see the 百度网盘 is there but it is only on the desktop Folders, see photo.

Interesting. Have you used the program for anything in the past?

 

Please continue with Steps 1 and 2 in my previous post :), post #11.


  • 0

#14
Rickles

Rickles

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 532 posts

I keep getting this popup when I try to reply. Regards

Attached Thumbnails

  • Untitled.jpg

  • 0

#15
Rickles

Rickles

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 532 posts
I shall try the logs one at a time.
 
# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build:    01-30-2019
# Database: 2019-02-15.6 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    02-16-2019
# Duration: 00:00:18
# OS:       Windows 10 Home
# Scanned:  31826
# Detected: 6
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.CompuClever        C:\Users\Rick\AppData\Roaming\CompuClever
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.AmazonAssistant    HKLM\Software\Wow6432Node\Classes\AppID\AmazonAppIE.dll
PUP.Optional.AmazonAssistant    HKLM\SOFTWARE\Classes\AppID\AmazonAppIE.dll
PUP.Optional.Legacy             HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
 
***** [ Chromium (and derivatives) ] *****
 
PUP.Optional.Legacy             MSN Homepage & Bing Search Engine
PUP.Optional.Legacy             MSN Homepage & Bing Search Engine
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 

Attached Thumbnails

  • M1.jpg
  • M2.jpg

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP