Thanks, here are the FRST logs:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by Kwong (administrator) on KWONGCHANG-PC (01-02-2018 09:13:50)
Running from C:\Users\Kwong\Desktop
Loaded Profiles: Kwong (Available Profiles: Kwong)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SHARP CORPORATION) C:\Windows\System32\spool\drivers\x64\3\IN0XRCV.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(SHARP CORPORATION) C:\Windows\System32\spool\drivers\x64\3\SS0XRCV.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\mstsc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
(Applied Systems, Inc.) C:\Users\Kwong\AppData\Local\Apps\2.0\R7V3M6OG.QDR\QZ9DNJRC.WK7\appl..tion_91ebb94d4de0a4e5_0001.0002_5d0bee18fda4dab7\AppliedOnlineUploadCenter.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1289704 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [IN0XRCV] => C:\Windows\system32\spool\drivers\x64\3\IN0XRCV.exe [102400 2006-10-19] (SHARP CORPORATION)
HKLM\...\Run: [ScrewDrivers RDP Plugin] => C:\Program Files (x86)\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe [136520 2011-08-26] ()
HKLM\...\Run: [SS0XRCV] => C:\Windows\system32\spool\drivers\x64\3\SS0XRCV.exe [102400 2006-10-23] (SHARP CORPORATION)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2726765177-3793255156-395904341-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
Startup: C:\Users\Kwong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Applied TAMOnline (2).lnk [2015-10-07]
ShortcutTarget: Applied TAMOnline (2).lnk -> C:\Users\Kwong\Documents\VTAM1TAMOnline.RDP ()
InternetURL: C:\Users\Kwong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Network Solutions Webmail.website -> URL: hxxps://webmail.networksolutionsemail.com/edgedesk/cgi-bin/global.exe?id=018ba005b1f9993d8b12852f8007540f2b29&xsl=sso.xsl
Startup: C:\Users\Kwong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pleasant Log.doc - Shortcut.lnk [2017-02-15]
ShortcutTarget: Pleasant Log.doc - Shortcut.lnk -> C:\Users\Kwong\Desktop\Pleasant Log.doc ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{19550974-7148-45F2-824D-08A491D5376E}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{5D791FDA-61B7-4A36-AFF6-A7BEB976ED58}: [DhcpNameServer] 172.26.38.1 172.26.38.2
Tcpip\..\Interfaces\{F3B3039B-9D6A-4152-9DFD-4F58BD0B5BFA}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKU\S-1-5-21-2726765177-3793255156-395904341-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2726765177-3793255156-395904341-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKLM -> DefaultScope {B63A792B-1D29-4544-812B-5954D843763C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM -> {B63A792B-1D29-4544-812B-5954D843763C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {B63A792B-1D29-4544-812B-5954D843763C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2726765177-3793255156-395904341-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-31] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-31] (Oracle Corporation)
DPF: HKLM-x32 {1663ed61-23eb-11d2-b92f-008048fdd814} hxxps://eagent.farmersinsurance.com/PLA/eAgent/eAuto/commonActiveX/smsx.cab
DPF: HKLM-x32 {62789780-B744-11D0-986B-00609731A21D} hxxp://gis.ci.fremont.ca.us/public/install/mgaxctrlsp1.cab
FireFox:
========
FF DefaultProfile: o0026yy1.default-1517017002407
FF ProfilePath: C:\Users\Kwong\AppData\Roaming\Mozilla\Firefox\Profiles\o0026yy1.default-1517017002407 [2018-02-01]
FF Homepage: Mozilla\Firefox\Profiles\o0026yy1.default-1517017002407 -> www.google.com
FF Extension: (uBlock Origin) - C:\Users\Kwong\AppData\Roaming\Mozilla\Firefox\Profiles\o0026yy1.default-1517017002407\Extensions\[email protected] [2018-01-31]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-09] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.38 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2012-05-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2012-05-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2726765177-3793255156-395904341-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Kwong\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-07-02] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Users\Kwong\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-08-16] (Cisco WebEx LLC)
Chrome:
=======
CHR Profile: C:\Users\Kwong\AppData\Local\Google\Chrome\User Data\Default [2018-01-31]
CHR Extension: (Slides) - C:\Users\Kwong\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Kwong\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Kwong\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-10]
CHR Extension: (YouTube) - C:\Users\Kwong\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-10]
CHR Extension: (Sheets) - C:\Users\Kwong\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (Google Docs Offline) - C:\Users\Kwong\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kwong\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-02]
CHR Extension: (Gmail) - C:\Users\Kwong\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-10]
CHR Extension: (Chrome Media Router) - C:\Users\Kwong\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-08]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8422760 2011-10-05] (DisplayLink Corp.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_6.0.32700.0.sys [17408 2012-12-19] (hxxp://libusb-win32.sourceforge.net)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
S1 MpKsl84621d77; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EC27264D-4830-4FFF-8322-8B5A0AA58795}\MpKsl84621d77.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-01 09:13 - 2018-02-01 09:16 - 000015270 _____ C:\Users\Kwong\Desktop\FRST.txt
2018-02-01 09:13 - 2018-02-01 09:13 - 002393088 _____ (Farbar) C:\Users\Kwong\Desktop\FRST64.exe
2018-01-31 14:23 - 2018-01-31 17:18 - 003054614 _____ C:\Users\Kwong\Desktop\2018-01-31 Quote.pdf
2018-01-25 17:17 - 2018-01-25 17:17 - 000081398 _____ C:\Users\Kwong\Desktop\2012-2013 WC Policy (Gospel Ops).pdf
2018-01-19 10:40 - 2018-01-19 10:40 - 000172528 _____ C:\Users\Kwong\Desktop\Domain Names, Web Hosting and Online Marketing Services _ Network Solutions.pdf
2018-01-19 09:42 - 2018-01-19 09:42 - 000009992 _____ C:\Users\Kwong\Desktop\HA00151852144 (2018 REN).pdf
2018-01-19 09:41 - 2018-01-19 09:41 - 000009945 _____ C:\Users\Kwong\Desktop\HA00151852143 (2017 REN).pdf
2018-01-11 16:29 - 2018-01-11 16:29 - 000032079 _____ C:\Users\Kwong\Desktop\FormGenerationServlet.pdf
2018-01-09 14:18 - 2018-01-09 14:18 - 000044423 _____ C:\Users\Kwong\Desktop\6.pdf
2018-01-05 15:33 - 2018-01-30 11:07 - 000000000 ____D C:\Users\Kwong\Desktop\TSE
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-01 09:13 - 2017-08-30 13:52 - 000000000 ____D C:\FRST
2018-02-01 09:07 - 2012-12-20 10:41 - 000000000 ____D C:\Users\Kwong\AppData\Local\Deployment
2018-02-01 09:06 - 2016-12-06 09:06 - 000000000 ____D C:\Users\Kwong\AppData\LocalLow\Mozilla
2018-02-01 09:04 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-31 17:29 - 2017-09-08 14:39 - 000000534 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2726765177-3793255156-395904341-1000.job
2018-01-31 17:18 - 2012-12-20 12:28 - 000000000 ____D C:\Users\Kwong\AppData\Local\CutePDF Writer
2018-01-31 16:24 - 2017-09-08 14:39 - 000000630 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2726765177-3793255156-395904341-1000.job
2018-01-31 09:30 - 2009-07-13 20:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-31 09:30 - 2009-07-13 20:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-29 09:11 - 2017-10-12 08:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-01-29 09:11 - 2012-12-21 17:13 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-23 10:58 - 2010-11-20 19:27 - 000548000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-01-19 17:36 - 2012-10-26 11:39 - 000000000 ____D C:\Users\Kwong
2018-01-19 13:58 - 2017-06-27 11:29 - 000000000 ____D C:\Users\Kwong\AppData\Roaming\iMazing
2018-01-18 10:11 - 2017-07-10 13:16 - 000000000 ____D C:\Users\Kwong\AppData\Local\GoToMeeting
2018-01-18 10:11 - 2015-07-02 14:08 - 000003666 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2726765177-3793255156-395904341-1000
2018-01-18 10:11 - 2015-07-02 14:08 - 000003570 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2726765177-3793255156-395904341-1000
2018-01-12 14:38 - 2012-12-26 09:15 - 000000000 ____D C:\Users\Kwong\Documents\Outlook Files
2018-01-12 14:38 - 2012-12-19 20:19 - 000000000 ____D C:\Users\Kwong\Documents\Mail Archives
2018-01-09 10:51 - 2017-11-30 15:28 - 000004484 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-01-09 10:51 - 2015-06-04 08:10 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-01-09 10:51 - 2012-10-05 01:00 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-01-09 10:51 - 2012-10-05 01:00 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-01-09 10:51 - 2012-10-05 01:00 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-01-09 10:51 - 2012-10-05 01:00 - 000000000 ____D C:\Windows\system32\Macromed
2018-01-09 10:01 - 2012-12-28 14:24 - 000000000 ____D C:\ProgramData\ThumbsPlus
2018-01-09 09:49 - 2012-12-28 14:25 - 000000000 ____D C:\Users\Kwong\AppData\Roaming\ThumbsPlus
2018-01-09 09:24 - 2016-11-10 17:05 - 000002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
==================== Files in the root of some directories =======
2012-12-11 17:47 - 2012-12-11 17:47 - 000012288 _____ (Archlink Technology Corporation) C:\Users\Kwong\AppData\Roaming\CheckOSandLaunch.exe
2012-12-12 14:14 - 2012-12-12 14:14 - 000001855 _____ () C:\Users\Kwong\AppData\Roaming\CheckOSandLaunch.exe.config
2014-11-05 09:35 - 2014-11-05 09:35 - 000002316 _____ () C:\Users\Kwong\AppData\Roaming\HKCRHTTP.reg
2014-11-05 09:35 - 2014-11-05 09:35 - 000001766 _____ () C:\Users\Kwong\AppData\Roaming\HKCRHTTPS.reg
2014-11-05 09:35 - 2014-11-05 09:35 - 000099010 _____ () C:\Users\Kwong\AppData\Roaming\HKCUIS.reg
2014-11-05 09:36 - 2014-11-05 09:36 - 000008920 _____ () C:\Users\Kwong\AppData\Roaming\HKCUMAIN.reg
2014-11-05 09:35 - 2014-11-05 09:35 - 000001346 _____ () C:\Users\Kwong\AppData\Roaming\HKCUNW.reg
2014-11-05 09:36 - 2014-11-05 09:36 - 000000662 _____ () C:\Users\Kwong\AppData\Roaming\HKCUPF.reg
2014-11-05 09:35 - 2014-11-05 09:35 - 000024032 _____ () C:\Users\Kwong\AppData\Roaming\HKCUTAB.reg
2017-03-21 08:17 - 2017-03-21 08:17 - 000000000 _____ () C:\Users\Kwong\AppData\Local\{93D3AA8F-D0E9-4774-B2A4-95F4BE620C77}
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-01-30 12:51
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by Kwong (01-02-2018 09:16:39)
Running from C:\Users\Kwong\Desktop
Windows 7 Professional Service Pack 1 (X64) (2012-10-26 19:39:24)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2726765177-3793255156-395904341-500 - Administrator - Disabled)
Guest (S-1-5-21-2726765177-3793255156-395904341-501 - Limited - Disabled)
Kwong (S-1-5-21-2726765177-3793255156-395904341-1000 - Administrator - Enabled) => C:\Users\Kwong
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AS: Microsoft Security Essentials (Enabled - Up to date) {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version: - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
allday savings (HKLM\...\B021CBBD-E38E-4F8C-8E93-6624B0597A23) (Version: 2.0.1 - allday savings)
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
AppliedOnline Install (HKLM-x32\...\AppliedOnline Install_is1) (Version: - Applied Systems, Inc.)
AppliedOnline Upload Center Launcher - 64 bit (HKLM\...\{9040C3D4-2ACC-42DC-8850-4654CF3D2EEB}) (Version: 1.0.4 - Applied Systems, Inc.)
arc_setup_west (HKLM-x32\...\{C2CFBD0F-B632-417B-9656-3DF8D7C7D475}) (Version: 1.0 - InstallAware Software Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-7820N (HKLM-x32\...\{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.4.0 - Conexant)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.5127 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
DirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) Hidden
DisplayLink Core Software (HKLM\...\{24710201-55DB-4C7C-963A-5BE230098E24}) (Version: 6.0.34621.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{E970DFED-0D14-4937-A887-0F1346707321}) (Version: 6.0.34689.0 - DisplayLink Corp.)
Driving Recorder Player (HKLM-x32\...\{197DB879-DBD3-41CD-8550-2FF7F06C83C9}) (Version: 1.0.4898.21771 - Archlink Technology Corporation)
Driving Recorder Player (HKLM-x32\...\{D329F868-66B6-4F03-BE4E-57413957188E}) (Version: 1.0.5728.20341 - Archlink Technology Corporation)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 8.20.0.8199 (HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\GoToMeeting) (Version: 8.20.0.8199 - LogMeIn, Inc.)
iMazing 2.2.8.0 (HKLM\...\iMazing_is1) (Version: 2.2.8.0 - DigiDNA)
Intel® Identity Protection Technology 1.2.27.0 (HKLM-x32\...\{F109D156-577D-101B-A622-CF4351943AA4}) (Version: 1.2.27.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.50.1172 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3040 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.1.522.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31119 - Microsoft Corporation)
Mozilla Firefox 58.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 58.0 (x86 en-US)) (Version: 58.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Oce cm2510/4010 Series PC-Fax Driver (HKLM-x32\...\Oce cm2510 4010 Series PC-Fax Driver) (Version: 1.00.000 - Oce)
Oce cm2510/4010 Series PCL/PS Printer Driver (HKLM-x32\...\Oce cm2510/4010 Series PCL PS Printer Driver) (Version: 1.00.000 - Oce)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 10.0 - PlotSoft LLC)
PhotoShowExpress (HKLM-x32\...\{3250260C-7A95-4632-893B-89657EB5545B}) (Version: 2.0.063 - Sonic Solutions) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0019 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.47 - Piriform)
ReNamer (HKLM-x32\...\ReNamer_is1) (Version: 6.4.0.0 - den4b Team)
Revo Uninstaller 1.85 (HKLM-x32\...\Revo Uninstaller) (Version: 1.85 - VS Revo Group)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.2 - Roxio) Hidden
ScrewDrivers Client v4 x64 (rdp only) (HKLM\...\{7A1354BD-FD99-414A-AA13-C6E9F4DB8BD8}) (Version: 4.6.01.09 - triCerat, Inc.)
SHARP Driver Uninstall Tool (HKLM-x32\...\SHARP Driver Uninstall Tool) (Version: 1.0.0.0 - SHARP CORPORATION)
SHARP MX-2310/2010/2610/3110/3610 Series PCL/PS Printer Driver (HKLM-x32\...\SHARP MX-2310U PCL PS Printer Driver) (Version: 1.00.000 - SHARP)
SHARP MX-2610/3110/3610/4110/5110 Series PC-Fax Driver (HKLM-x32\...\SHARP MX-2610 3110 3610 Series PC-Fax Driver) (Version: 1.00.000 - SHARP)
Sonic CinePlayer Decoder Pack (HKLM-x32\...\{9A00EC4E-27E1-42C4-98DD-662F32AC8870}) (Version: 4.3.0 - Sonic Solutions) Hidden
SyncBack (HKLM-x32\...\SyncBack_is1) (Version: - 2BrightSparks)
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 6.3.13.0 - 2BrightSparks)
ThumbsPlus (HKLM-x32\...\{9D7C721E-9861-4994-A91E-2E219CC4A7FD}) (Version: 9.0.0.3920 - Cerious Software Inc.) Hidden
ThumbsPlus (HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\ThumbsPlus) (Version: - Cerious Software Inc.)
Travelers AgentBrowserConfiguration (HKLM-x32\...\{15E5B0F4-3E84-4EB1-B5C9-EC618B339FD6}) (Version: 1.0.55.0 - Travelers, Inc.)
VChannelClient (HKLM-x32\...\{245B4BB9-D643-4A87-968D-6C856FF1706A}) (Version: 5.04 - Applied Systems)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2012-09-12] (Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2012-09-12] (Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2012-09-12] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-02-22] (Intel Corporation)
ContextMenuHandlers5: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0CC42227-366B-4162-AA41-6073CCEFC6C4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {0CC42227-366B-4162-AA41-6073CCEFC6C4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {0CC42227-366B-4162-AA41-6073CCEFC6C4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-13] (Microsoft Corporation)
Task: {0DF9C426-5517-45EE-8F88-6E007C472BCC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {2796FA55-D57F-4421-B3C5-132F0F3A5ED5} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {2796FA55-D57F-4421-B3C5-132F0F3A5ED5} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-13] (Microsoft Corporation)
Task: {4B258667-A8AA-4CDB-A50A-B17EA1D83CB3} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_137_pepper.exe [2018-01-09] (Adobe Systems Incorporated)
Task: {753EAA4F-3634-4D00-9F8E-3725AD4D86F6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-09] (Adobe Systems Incorporated)
Task: {925065EA-9C8C-4C37-B879-95C3F5725F3B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {97B20DCE-D8AD-4B1B-BA22-7131122E11AB} - System32\Tasks\Microsoft\Windows\MobilePC\DisplayLink TMM Control
Task: {9D46A589-E60B-4DF8-B5FB-BC2BBC52DF8F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {9D46A589-E60B-4DF8-B5FB-BC2BBC52DF8F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-13] (Microsoft Corporation)
Task: {A6AD2451-9CFD-4490-B96D-211559EF2201} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B6607889-7BEE-4D81-ADB8-4A5CC7208E6A} - System32\Tasks\G2MUploadTask-S-1-5-21-2726765177-3793255156-395904341-1000 => C:\Users\Kwong\AppData\Local\GoToMeeting\8199\g2mupload.exe [2018-01-18] (LogMeIn, Inc.)
Task: {C2C4BF10-BFCB-436C-8996-FE7397AF84F0} - System32\Tasks\{C38373DC-3F42-45E9-9D07-8C1F74540BDE} => C:\Users\Kwong\Desktop\IE11-Windows6.1-x64-en-us.exe
Task: {D11CB6C1-6BDA-45C3-85B7-83E467691304} - System32\Tasks\{F767F846-DFE5-430A-B318-CE69AE9CEA1C} => C:\Users\Kwong\Desktop\IE11-Windows6.1-x64-en-us.exe
Task: {E105279E-1290-4F58-B548-FDBCF2DE4F68} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {E47EFA4E-3D2D-48DF-8036-B98FD69C1EC0} - System32\Tasks\Dell\Client System Update => C:\Program Files (x86)\Dell\ClientSystemUpdate\DellClientSystemUpdate.exe
Task: {F76B2136-3462-47FA-A1DE-64BA80FF3515} - System32\Tasks\G2MUpdateTask-S-1-5-21-2726765177-3793255156-395904341-1000 => C:\Users\Kwong\AppData\Local\GoToMeeting\8199\g2mupdate.exe [2018-01-18] (LogMeIn, Inc.)
Task: {FD5DCE66-BB04-41B3-9CFE-EA7D67746298} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {FD5DCE66-BB04-41B3-9CFE-EA7D67746298} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-13] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2726765177-3793255156-395904341-1000.job => C:\Users\Kwong\AppData\Local\GoToMeeting\8199\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2726765177-3793255156-395904341-1000.job => C:\Users\Kwong\AppData\Local\GoToMeeting\8199\g2mupload.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2012-10-26 14:36 - 2009-11-05 07:40 - 000085504 _____ () C:\Windows\System32\cpwmon64.dll
2017-05-08 23:44 - 2017-05-08 23:44 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-05-08 23:44 - 2017-05-08 23:44 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-10-05 02:35 - 2011-06-10 10:36 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-05-09 02:05 - 2017-05-09 02:05 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-05-09 02:05 - 2017-05-09 02:05 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2012-10-26 14:37 - 2005-04-22 12:36 - 000143360 ____N () C:\Windows\system32\BrSNMP64.dll
2011-03-16 23:11 - 2011-03-16 23:11 - 004297568 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-2726765177-3793255156-395904341-1000\Software\Classes\.exe: => <==== ATTENTION
HKU\S-1-5-21-2726765177-3793255156-395904341-1000\Software\Classes\.scr: => <==== ATTENTION
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\csespi.com -> spinn.csespi.com
IE trusted site: HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\isohomevalue.com -> isohomevalue.com
IE trusted site: HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\safeco.com -> hxxps://safeco.com
IE trusted site: HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\travelers.com -> hxxp://travelers.com
IE trusted site: HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\travelers.com -> hxxps://travelers.com
IE trusted site: HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\travelerspc.com -> hxxp://travelerspc.com
IE trusted site: HKU\S-1-5-21-2726765177-3793255156-395904341-1000\...\travelerspc.com -> hxxps://travelerspc.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 18:34 - 2009-06-10 13:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2726765177-3793255156-395904341-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{CA6841FB-ED68-4BA6-9A26-C9BE1B763599}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{BCE76975-7798-4DCB-9304-6F7571AAD2D3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{92C0C9CF-6A45-49EE-B9F3-55B6E8B2A00C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F472B530-5A0F-48E4-AE7D-920633B35CF7}] => (Allow) LPort=2869
FirewallRules: [{04A70910-C3A6-4F24-9059-9F9823E47749}] => (Allow) LPort=1900
FirewallRules: [{80466809-D1EA-474E-B840-4D0259F0640D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4F8A948D-C553-4B73-AC13-892FE35E41A2}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{E1B766CF-0017-40FE-8CF5-9364144C1FE5}] => (Allow) LPort=61117
FirewallRules: [{71ADF70D-538D-4774-8D15-56BFB11C81BA}] => (Allow) LPort=61116
FirewallRules: [{BCF45379-2452-486A-BA0D-7EF5EFABF893}] => (Allow) LPort=54925
FirewallRules: [TCP Query User{EAFA016F-92D0-40B8-BE51-8A9705F458EC}C:\windows\system32\spool\drivers\x64\3\ss0xnjr.exe] => (Allow) C:\windows\system32\spool\drivers\x64\3\ss0xnjr.exe
FirewallRules: [UDP Query User{52507263-56A4-4BD2-94B5-213991BF7A51}C:\windows\system32\spool\drivers\x64\3\ss0xnjr.exe] => (Allow) C:\windows\system32\spool\drivers\x64\3\ss0xnjr.exe
FirewallRules: [TCP Query User{E4F22D58-35CE-4E05-9D5A-C2346C97C115}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{9B8E092D-78BB-417D-8C74-DCEEBDEF6B1D}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{91F590D9-CBC7-4190-8C16-BF93119685A6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B0748FE5-6DA0-4BD2-B2F2-E1E93807A3DF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B10FFABC-821A-44F8-959F-F74DB34703D6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BE94C274-C86F-4223-86BB-D531DA0A6FDE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E2B418E4-A7E1-4D12-8E21-B0ACAF30F3CD}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{805370A1-B3D2-4409-8004-69189EBFE94B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{56C56AF7-B99B-43F2-93D8-343E3C4F0927}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B2D22085-531B-4F24-9BDC-2941E6EB20AE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
12-01-2018 09:23:42 Windows Update
16-01-2018 08:38:08 Windows Update
19-01-2018 09:18:36 Windows Update
22-01-2018 10:37:55 Windows Update
25-01-2018 12:00:42 Windows Update
29-01-2018 09:22:54 Windows Update
==================== Faulty Device Manager Devices =============
Name: MpKsl84621d77
Description: MpKsl84621d77
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsl84621d77
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/01/2018 09:06:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/31/2018 09:09:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/30/2018 08:32:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/29/2018 09:12:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/26/2018 09:11:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/25/2018 11:51:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/24/2018 09:09:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/24/2018 09:09:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mstsc.exe, version: 6.1.7601.18540, time stamp: 0x53c72529
Faulting module name: mstscax.dll, version: 6.1.7601.18918, time stamp: 0x55a004fd
Exception code: 0xc0000005
Fault offset: 0x00000000001a326c
Faulting process id: 0x%9
Faulting application start time: 0xmstsc.exe0
Faulting application path: mstsc.exe1
Faulting module path: mstsc.exe2
Report Id: mstsc.exe3
Error: (01/22/2018 10:28:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/19/2018 01:29:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24
System errors:
=============
Error: (01/31/2018 09:18:47 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}
Error: (01/31/2018 09:18:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (01/31/2018 09:18:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
Error: (01/31/2018 09:13:02 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (01/30/2018 03:48:13 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR6.
Error: (01/29/2018 09:12:23 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR5.
Error: (01/26/2018 09:11:11 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
Error: (01/24/2018 09:08:55 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR5.
Error: (01/24/2018 09:08:54 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR5.
Error: (01/23/2018 08:30:26 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR5.
==================== Memory info ===========================
Processor: Intel® Core i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 89%
Total physical RAM: 1959.06 MB
Available physical RAM: 211.14 MB
Total Virtual: 3918.12 MB
Available Virtual: 1934.14 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:218.16 GB) (Free:112.73 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 4B1A5462)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218.2 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================