Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

CtrlAltDel screen regularly disappears without authorisation/accidenta


  • This topic is locked This topic is locked

#16
hmp3

hmp3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 612 posts

I removed the OS id and registration info for privacy.

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: [REDACTED FOR PRIVACY]
Windows Product Key Hash: [REDACTED FOR PRIVACY]
Windows Product ID: [REDACTED FOR PRIVACY]
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: [REDACTED FOR PRIVACY]
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_ldr_escrow.190729-1700
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Ultimate 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Portable Program Files\INET\FirefoxPortableESR\App\Firefox64\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{F922B31D-71F6-455C-B899-E2FA8F0E32A0}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7CP3B</PKey><PID>00371-152-9567483-85587</PID><PIDType>5</PIDType><SID>S-1-5-21-1925592742-456944920-4000667399</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1201   </Version><SMBIOSVersion major="2" minor="5"/><Date>20100224000000.000000+000</Date></BIOS><HWID>2E893407018400FE</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002E-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Ultimate 2007</Name><Ver>12</Ver><Val>3CC922513371778</Val><Hash>alih6XdL4xH+rREFKkk7F9oxh4o=</Hash><Pid>81608-956-7023252-65437</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows® 7, Professional edition
Description: Windows Operating System - Windows® 7, RETAIL channel
Activation ID: [REDACTED FOR PRIVACY]
Application ID: [REDACTED FOR PRIVACY]
Extended PID: [REDACTED FOR PRIVACY]
Installation ID: [REDACTED FOR PRIVACY]
Processor Certificate URL: http://go.microsoft....k/?LinkID=88338
Machine Certificate URL: http://go.microsoft....k/?LinkID=88339
Use License URL: http://go.microsoft....k/?LinkID=88341
Product Key Certificate URL: http://go.microsoft....k/?LinkID=88340
Partial Product Key: [REDACTED FOR PRIVACY]
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 23/09/2019 22:06:25

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: QgAAAAEABAABAAEAAgAGAAAAAwABAAEACrZ42bqMhDSMJmhlRrziFDCOCoB39mF/ixmGB366hsXZJiorxIl8zOqC

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
  ACPI Table Name    OEMID Value    OEMTableID Value
  APIC            022410        APIC1359
  FACP            022410        FACP1359
  HPET            022410        OEMHPET
  MCFG            022410        OEMMCFG
  OEMB            022410        OEMB1359
  OSFR            022410        OEMOSFR
  SSDT            DpgPmm        CpuPm


 


  • 0

Advertisements


#17
iMacg3

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi phickspc,

It looks like part of the CKScanner log may have been cut off. Please post the contents of CKFiles.txt in your reply.
  • 0

#18
hmp3

hmp3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 612 posts

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\portable program files\inet\ffx profiles\currentprofile\storage\default\https+++crackberry.onesignal.com\.metadata
c:\portable program files\inet\ffx profiles\currentprofile\storage\default\https+++crackberry.onesignal.com\.metadata-v2
c:\portable program files\inet\ffx profiles\currentprofile\storage\default\https+++crackberry.onesignal.com\idb\993782502obnde__ksdisg_nla.sqlite
c:\portable program files\inet\ffx profiles\oldprofile\storage\default\https+++crackberry.onesignal.com\.metadata
c:\portable program files\inet\ffx profiles\oldprofile\storage\default\https+++crackberry.onesignal.com\.metadata-v2
c:\portable program files\inet\ffx profiles\oldprofile\storage\default\https+++crackberry.onesignal.com\idb\993782502obnde__ksdisg_nla.sqlite
c:\portable program files\inet\firefoxportableesr\data\profile\storage\default\https+++crackberry.onesignal.com\.metadata
c:\portable program files\inet\firefoxportableesr\data\profile\storage\default\https+++crackberry.onesignal.com\.metadata-v2
c:\portable program files\inet\firefoxportableesr\data\profile\storage\default\https+++crackberry.onesignal.com\idb\993782502obnde__ksdisg_nla.sqlite
c:\program files\common files\native instruments\kontakt 4\presets\effects\convolution\05 drum reverbs\0.4s firecracker snare orven.nkp
c:\program files (x86)\common files\native instruments\shared content\sounds\massive\crackle carl.ksd
c:\program files (x86)\common files\native instruments\shared content\sounds\massive\digitoy crackle.ksd
c:\program files (x86)\image-line\fl studio 10\plugins\fruity\effects\hardcore\presets\i cracked my tube!.hdprg
c:\program files (x86)\image-line\fl studio 10\plugins\fruity\generators\drumaxx\drum patches\sound fx\crack.dmpatch
c:\program files (x86)\image-line\fl studio 10\plugins\fruity\generators\drumpad\drum patches\sound fx\crack.dmpatch
c:\program files (x86)\native instruments\battery 3\presets\effects\convolution\small rooms\firecracker snare.b3p
c:\program files (x86)\native instruments\battery 3\presets\effects\strip-cell-ifx\snare cracker.b3p
c:\program files (x86)\waves mercury\plug-ins\plug-in settings\x-crackle settings.xps
c:\users\User3\documents\izotope idrum content\kits\boom boom crack 104.idrum\boom boom crack 104.idrumproject
c:\users\User3\documents\izotope idrum content\kits\boom boom crack 104.idrum\desktop.ini
c:\users\User3\documents\izotope idrum content\kits\boom boom crack 104.idrum\contents\info.plist
c:\users\User3\documents\izotope idrum content\kits\boom boom crack 104.idrum\contents\pkginfo
c:\users\User3\documents\izotope idrum content\kits\boom boom crack 104.idrum\contents\resources\idrum.kit
c:\users\User3\documents\izotope idrum content\samples\snares\crack! snare.aif
c:\users\User1\documents\izotope idrum content\kits\boom boom crack 104.idrum\boom boom crack 104.idrumproject
c:\users\User1\documents\izotope idrum content\kits\boom boom crack 104.idrum\desktop.ini
c:\users\User1\documents\izotope idrum content\kits\boom boom crack 104.idrum\contents\info.plist
c:\users\User1\documents\izotope idrum content\kits\boom boom crack 104.idrum\contents\pkginfo
c:\users\User1\documents\izotope idrum content\kits\boom boom crack 104.idrum\contents\resources\idrum.kit
c:\users\User1\documents\izotope idrum content\samples\snares\crack! snare.aif
c:\users\User2\documents\izotope idrum content\kits\boom boom crack 104.idrum\boom boom crack 104.idrumproject
c:\users\User2\documents\izotope idrum content\kits\boom boom crack 104.idrum\desktop.ini
c:\users\User2\documents\izotope idrum content\kits\boom boom crack 104.idrum\contents\info.plist
c:\users\User2\documents\izotope idrum content\kits\boom boom crack 104.idrum\contents\pkginfo
c:\users\User2\documents\izotope idrum content\kits\boom boom crack 104.idrum\contents\resources\idrum.kit
c:\users\User2\documents\izotope idrum content\samples\snares\crack! snare.aif
c:\users\template\documents\izotope idrum content\kits\boom boom crack 104.idrum\boom boom crack 104.idrumproject
c:\users\template\documents\izotope idrum content\kits\boom boom crack 104.idrum\desktop.ini
c:\users\template\documents\izotope idrum content\kits\boom boom crack 104.idrum\contents\info.plist
c:\users\template\documents\izotope idrum content\kits\boom boom crack 104.idrum\contents\pkginfo
c:\users\template\documents\izotope idrum content\kits\boom boom crack 104.idrum\contents\resources\idrum.kit
c:\users\template\documents\izotope idrum content\samples\snares\crack! snare.aif
scanner sequence 3.ZZ.11.BAAAXB
 ----- EOF -----
 


  • 0

#19
iMacg3

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Please send me a Personal Message with the contents of the MGA Diagnostics report.
  • 0

#20
hmp3

hmp3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 612 posts

Unfortunately, I had a problem with MBAM when it automatically uninstalled to update, it caused a lot of hangs and other errors. MSE real-time protection was repeatedly off on bootup and froze for several minutes whenever I tried to enable it, only to boot up disabled again. I noticed Windows defender was also off, and took even longer to enable, which disabled again on bootup.

 

So I first uninstalled MBAM (difficult but successful),

then tried to unsintall MSE using the Microsoft uninstaller (hoping a reinstall would repair it), but I couldn't unsintall because antimalware service refused to stop, even tried disabling its bootup, renaming it but no avail. I tried system restore but the MSE still wouldn't uninstall.

So I restored to a system drive backup 8 days old.

Mbam was fine, but I realised MSE does start with real protection off, but then when MBAM appears in system tray, it re-enables.

I spent the day getting my pc back to the state it was before the MBAM issue, then I set MBAM not to check for program updates.

Then I re-did your first FRST fix (new fixlog.txt available on request).

I then tried to use MSFixIt to uninstall but it couldn't and asked me to download a troubleshooter (DIAG_MATS_NETWORK_global.diagcab), which found connection issues but couldn't fix them.

I would like to stick with windows 7 beyond EOL, and I'll need to install a new AV to replace MSE, but won't be able to do that unless I can resolve Windows Defender (still off and hangs when I try to enable) and successfully uninstall MSE.

The last thing I did was MGADiag.exe and PM'd you the MgaDiag.exe results.


Edited by phickspc, 26 September 2019 - 05:56 PM.

  • 0

#21
iMacg3

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi phickspc,

Please run a new scan with FRST and copy/paste both reports to your reply. (FRST.txt and Addition.txt)
  • 0

#22
hmp3

hmp3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 612 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-09-2019
Ran by User1 (administrator) on NIV (28-09-2019 12:39:23)
Running from C:\Users\User1\Desktop
Loaded Profiles: User1 (Available Profiles: User3 & User2 & User1 & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Portable Program Files\INET\FirefoxPortableESR\FirefoxPortable.exe" -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Avid Technology, Inc. -> Avid Technology, Inc.) C:\Windows\SysWOW64\MAFWTray.exe
(BlackBerry Ltd. -> Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
(BlackBerry Ltd. -> BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
(BlackBerry Ltd. -> BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
(BlackBerry Ltd. -> BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(BlackBerry Ltd. -> BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Logitech, Inc. -> Logitech Inc.) C:\Program Files (x86)\MSG\LWS\Webcam Software\LWS.exe
(London Trust Media Incorporated -> ) C:\Program Files\Private Internet Access\pia-service.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Inc -> Malwarebytes Corporation) C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Exploit\mbae.exe
(Malwarebytes Inc -> Malwarebytes Corporation) C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes Inc -> Malwarebytes Corporation) C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Exploit\mbae-svc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Portable Program Files\MSG\ThunderbirdPortable\App\Thunderbird\thunderbird.exe
(Nalpeiron Ltd.) [File not signed] C:\Windows\SysWOW64\nlssrv32.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(pdfforge GmbH -> © pdfforge GmbH.) C:\Program Files (x86)\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe
(PeerBlock, LLC -> PeerBlock, LLC) C:\Portable Program Files\INET\PeerBlockPortable\App\PeerBlock\Modern64\peerblock.exe
(Rare Ideas, LLC -> PortableApps.com) C:\Portable Program Files\MSG\ThunderbirdPortable\ThunderbirdPortable.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\MAINTENANCE\Unchecky\bin\unchecky_bg.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\MAINTENANCE\Unchecky\bin\unchecky_svc.exe
(Sebastien.warin.fr) [File not signed] C:\Program Files (x86)\AUDIO\Stream What You Hear\SWYH.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Skwire Empire) [File not signed] C:\Portable Program Files\UTILITIES\kLED\kLED.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2314120 2009-06-01] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [754728 2019-08-26] (Acronis International GmbH -> )
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2014-10-31] (BlackBerry Ltd. -> BlackBerry Limited)
HKLM-x32\...\Run: [M-Audio Taskbar Icon] => C:\Windows\SysWOW64\MAFWTray.exe [254256 2012-01-24] (Avid Technology, Inc. -> Avid Technology, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065968 2015-07-23] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\WORK\NaturallySpeaking14\Ereg\Ereg.exe [325960 2014-05-30] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\MSG\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech, Inc. -> Logitech Inc.)
HKLM-x32\...\Run: [RIM PeerManager] => C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4861688 2015-03-19] (BlackBerry Ltd. -> BlackBerry Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Exploit\mbae.exe [2480328 2019-09-25] (Malwarebytes Inc -> Malwarebytes Corporation)
HKU\S-1-5-21-1925592742-456944920-4000667399-1008\...\Run: [EPSON Stylus D92 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIBZE.EXE [213504 2007-10-05] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1925592742-456944920-4000667399-1008\...\Run: [PeerBlock] => C:\Portable Program Files\INET\PeerBlockPortable\App\PeerBlock\Modern64\peerblock.exe [2513992 2014-01-15] (PeerBlock, LLC -> PeerBlock, LLC)
HKU\S-1-5-21-1925592742-456944920-4000667399-1008\...\Run: [StreamWhatYouHear] => C:\Program Files (x86)\AUDIO\Stream What You Hear\SWYH.exe [364032 2016-03-09] (Sebastien.warin.fr) [File not signed]
HKU\S-1-5-21-1925592742-456944920-4000667399-1008\...\Run: [RIMDeviceManager] => C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe [2471672 2015-05-20] (BlackBerry Ltd. -> Research In Motion Limited)
HKU\S-1-5-21-1925592742-456944920-4000667399-1008\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3681944 2019-09-05] (Invincea, Inc. -> Sandboxie Holdings, LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
Startup: C:\Users\User3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kLED.exe.lnk [2016-02-28]
ShortcutTarget: kLED.exe.lnk -> C:\Portable Program Files\UTILITIES\kLED\kLED.exe (Skwire Empire) [File not signed]
Startup: C:\Users\User3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2016-12-22]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\WORK\Microsoft Office 2007\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kLED.lnk [2017-07-11]
ShortcutTarget: kLED.lnk -> C:\Portable Program Files\UTILITIES\kLED\kLED.exe (Skwire Empire) [File not signed]
Startup: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2016-02-10]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\WORK\Microsoft Office 2007\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2019-09-28]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ThunderbirdPortable.exe.lnk [2019-06-13]
ShortcutTarget: ThunderbirdPortable.exe.lnk -> C:\Portable Program Files\MSG\ThunderbirdPortable\ThunderbirdPortable.exe (Rare Ideas, LLC -> PortableApps.com)
Startup: C:\Users\User2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2016-02-10]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\WORK\Microsoft Office 2007\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {088B8578-F1E9-4E72-B263-4A2DA36BF64B} - System32\Tasks\{DB1241E9-6ECB-44CC-B724-7A04CD0810F6} => C:\Users\User2\AppData\Roaming\Microsoft\Installer\{9DAB307E-531F-4992-AB30-6F1AD39E6CF9}\_8C4C6DE2B4274D54DAD619.exe [10134 2016-02-07] () [File not signed]
Task: {0F111F3F-03AD-42E2-801A-466ECE4E1CB3} - System32\Tasks\{887C1110-C5ED-4E7C-A980-3C0B6D2DC06D} => C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe [111616 2010-12-13] (Microsoft Corporation) [File not signed]
Task: {2B912585-4655-4633-93A6-032023931D84} - System32\Tasks\{36674DC5-28BC-4011-A06F-C94F7D70D3B7} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.18.85.112/en/abandoninstall?page=tsMain
Task: {2ED0EEF8-CBA1-4C74-B6AC-1D5658ED7C87} - System32\Tasks\{329C6536-59D9-4AB4-8D29-B034D57C5146} => C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe [111616 2010-12-13] (Microsoft Corporation) [File not signed]
Task: {35462A02-EE83-4FB6-885F-4BEDE56AE37E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1428640 2019-09-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {46FD89D8-EFB5-4792-82BE-3F2508097C32} - System32\Tasks\{D99CFF2F-7BA6-47F7-BF46-ED68A4B0F8C6} => C:\Users\User2\AppData\Roaming\Microsoft\Installer\{9DAB307E-531F-4992-AB30-6F1AD39E6CF9}\_8C4C6DE2B4274D54DAD619.exe [10134 2016-02-07] () [File not signed]
Task: {49D5742A-B2D4-46F2-A1F8-9338B8F4AC63} - System32\Tasks\GoogleUpdateTaskMachineCore1cf826e5eb38d0d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2016-01-18] (Google Inc -> Google Inc.)
Task: {4F5F4CC2-1260-4254-A723-0F0AD2C018B8} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {51EEFD20-43FB-4A59-82C0-404B3016C813} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367016 2019-08-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {5626C39C-4F4D-400D-9791-50051F225313} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1428640 2019-09-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {633E5843-662B-445E-97D8-66F81AEF7632} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [117728 2019-09-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {662F43B1-F324-47C0-B467-E123D3BCF53B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [117728 2019-09-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {68B5A1E7-A704-4EBF-9C68-B9B6C2B66A80} - System32\Tasks\G2MUploadTask-S-1-5-21-1925592742-456944920-4000667399-1008 => C:\Users\User1\AppData\Local\GoToMeeting\10996\g2mupload.exe [29736 2018-11-04] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {76312250-FAED-43D6-BB2B-93DA17A949BF} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2314120 2009-06-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {9537870B-FB18-4BCC-A520-14365287A819} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2016-01-18] (Google Inc -> Google Inc.)
Task: {986FAA46-05C1-4BD4-96A2-94C22443135E} - System32\Tasks\{3362883A-034F-4055-96D0-908470C90366} => I:\VSTi Software\PIANO\pianitostudio.exe
Task: {9A3B0445-D00E-4473-8A83-E18DE717B0A3} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {9D8DD398-0EE4-4D2E-9B06-433F6D9E20DF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-09-11] (Adobe Inc. -> Adobe)
Task: {BBD2BE3E-1523-4863-B874-B71AEDCAA360} - System32\Tasks\{E8903C49-EF76-4257-A723-778ADD211C92} => C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe [111616 2010-12-13] (Microsoft Corporation) [File not signed]
Task: {D110944E-205A-4494-A573-B16F4B6B48D6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2016-01-18] (Google Inc -> Google Inc.)
Task: {D3D1555C-4E38-459A-8473-471E23E21B0F} - System32\Tasks\G2MUpdateTask-S-1-5-21-1925592742-456944920-4000667399-1008 => C:\Users\User1\AppData\Local\GoToMeeting\10996\g2mupdate.exe [29736 2018-11-04] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {D7EC0C0C-1653-4558-8C4E-5249BA6A106A} - System32\Tasks\{20B784C2-3347-4E79-85C3-40CD3160C547} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.22.85.109/en/abandoninstall?page=tsMain
Task: {D8AE400C-FA2A-4336-A372-0E9E4C4700D6} - System32\Tasks\EPSON Perfection V39 Update => C:\Program Files (x86)\epson\escndv\update\e_dtsksd.exe [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {E7D82D8F-77E1-493E-890F-C84C702A484D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367016 2019-08-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {EB5AE8B1-FFFF-4C83-B726-12AB536DB690} - System32\Tasks\{EFCB2B36-234C-446B-BD98-6595EF63956F} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxps://ui.skype.com/ui/0/7.37.0.103/en/abandoninstall?page=tsMain
Task: {F0C7A64F-5252-4DF0-8594-C023D11063CE} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_255_Plugin.exe [1457720 2019-09-11] (Adobe Inc. -> Adobe)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\EPSON Perfection V39 Update.job => C:\Program Files (x86)\epson\escndv\update\e_dtsksd.exe7/EXE_S:EPSON Perfection V39,ES010D.DAT /F:UpdateUser1ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1925592742-456944920-4000667399-1008.job => C:\Users\User1\AppData\Local\GoToMeeting\10996\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1925592742-456944920-4000667399-1008.job => C:\Users\User1\AppData\Local\GoToMeeting\10996\g2mupload.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{20DC78A3-BF1B-4E36-91C7-CE2E9A975D75}: [NameServer] 9.9.9.9,8.8.8.8
Tcpip\..\Interfaces\{20DC78A3-BF1B-4E36-91C7-CE2E9A975D75}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{238FBF41-957F-4B5C-B838-3AD6A3074AC5}: [DhcpNameServer] 209.222.18.222 209.222.18.218
HKLM\System\...\Parameters\PersistentRoutes: [104.96.147.3,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [111.221.29.177,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [111.221.29.253,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [131.253.40.37,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [134.170.115.60,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [134.170.165.248,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [134.170.165.253,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [134.170.185.70,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [134.170.30.202,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [137.116.81.24,255.255.255.255,0.0.0.0,1]
PersistentRoutes: There are 65 PersistentRoutes.


Internet Explorer:
==================
HKU\S-1-5-21-1925592742-456944920-4000667399-1008\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\WORK\NaturallySpeaking14\Program\x64\dgnriaie_x64.dll [2015-08-22] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech Inc -> Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2019-09-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\WORK\NaturallySpeaking14\Program\dgnriaie.dll [2015-08-22] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll [2019-07-18] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-12-01] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech Inc -> Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2019-09-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-07-18] (Oracle America, Inc. -> Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-09-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-09-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-09-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-09-01] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-02-10] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_255.dll [2019-09-11] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\WORK\NaturallySpeaking14\Program\x64\npDgnRia2_x64.dll [2015-08-22] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_255.dll [2019-09-11] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-07-17] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-07-17] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-07-17] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-07-17] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-07-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-07-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @jazz-soft.com/JazzPlugin -> C:\Program Files (x86)\AUDIO\Jazz-Soft.net\Jazz-Plugin\npJazz.dll [2017-04-03] (Jazz-Soft) [File not signed]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-05-17] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2015-05-22] (Research In Motion -> )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\WORK\NaturallySpeaking14\Program\npDgnRia2.dll [2015-08-22] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
FF Plugin HKU\S-1-5-21-1925592742-456944920-4000667399-1008: @citrixonline.com/appdetectorplugin -> C:\Users\User1\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-06-07] (Citrix Online -> Citrix Online)
FF Plugin HKU\S-1-5-21-1925592742-456944920-4000667399-1008: @jazz-soft.com/JazzPlugin -> C:\Program Files (x86)\AUDIO\Jazz-Soft.net\Jazz-Plugin\npJazz.dll [2017-04-03] (Jazz-Soft) [File not signed]
StartMenuInternet: FirefoxPortable - C:\Portable Program Files\INET\FirefoxPortableESR\FirefoxPortable.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AcronisOSSReinstallSvc; C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2217416 2007-02-22] (Acronis, Inc -> )
R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [236544 2012-04-06] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Ltd. -> BlackBerry Limited)
S3 cfbackd; C:\Program Files (x86)\DISK\CleverFiles\Disk Drill\cfbackd.w32.exe [211520 2015-09-25] (508 Software, LLC -> CleverFiles)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11568144 2019-08-30] (Microsoft Corporation -> Microsoft Corporation)
R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [165440 2015-08-22] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
R2 MbaeSvc; C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Exploit\mbae-svc.exe [152264 2019-09-25] (Malwarebytes Inc -> Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S4 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5352960 2011-04-07] (Native Instruments GmbH) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [63488 2010-01-25] (Nalpeiron Ltd.) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 PDF Architect 5 Manager; C:\Program Files (x86)\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe [985848 2017-05-16] (pdfforge GmbH -> © pdfforge GmbH.)
R2 PrivateInternetAccessService; C:\Program Files\Private Internet Access\pia-service.exe [1073664 2019-08-26] (London Trust Media Incorporated -> )
R2 PSI_SVC_2_x64; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [396024 2015-03-19] (BlackBerry Ltd. -> Apple Inc.)
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1354488 2015-03-19] (BlackBerry Ltd. -> BlackBerry Limited)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [328856 2019-07-12] (Invincea, Inc. -> Sandboxie Holdings, LLC)
R2 Unchecky; C:\Program Files (x86)\MAINTENANCE\Unchecky\bin\unchecky_svc.exe [297240 2018-04-16] (Reason Software Company Inc. -> Reason Software Company Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [11174400 2012-04-06] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [343040 2012-04-06] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [65248 2015-04-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [118184 2018-05-14] (Alcorlink Corp. -> )
R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (APOWERSOFT LIMITED -> Wondershare)
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [104984 2016-01-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [11174400 2012-04-06] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
S3 axefx2load; C:\Windows\System32\Drivers\axefx2load.sys [55600 2013-07-12] (Fractal Audio Systems -> Cypress Semiconductor)
S3 blackberryncm; C:\Windows\System32\DRIVERS\blackberryncm6_AMD64.sys [25088 2014-09-08] (Microsoft Windows Hardware Compatibility Publisher -> BlackBerry)
R3 bomebus; C:\Windows\System32\DRIVERS\bomebus.sys [56376 2018-05-16] (Bome Software GmbH & Co.KG -> Bome Software GmbH & Co. KG)
R3 bomemidi; C:\Windows\System32\drivers\bomemidi.sys [50744 2018-05-16] (Bome Software GmbH & Co.KG -> Bome Software GmbH & Co. KG)
R1 ESProtectionDriver; C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Exploit\mbae64.sys [153312 2019-09-25] (Malwarebytes Corporation -> Malwarebytes)
S3 fasusbaudio; C:\Windows\System32\DRIVERS\fasusbaudio_x64.sys [254464 2014-05-16] (Fractal Audio Systems -> )
S3 fasusbaudioks; C:\Windows\System32\DRIVERS\fasusbaudioks_x64.sys [46080 2014-05-16] (Fractal Audio Systems -> )
R0 FlashBoot; C:\Windows\System32\DRIVERS\FlashBoot.sys [17616 2014-04-03] (Challenger Backup Solutions, LLC -> Challenger Backup Solutions, LLC)
R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [34704 2012-12-30] (Arainia Solutions, LLC -> Arainia Solutions LLC)
S3 hitmanpro36; C:\Windows\system32\drivers\hitmanpro36.sys [30496 2012-08-08] (SurfRight B.V. -> )
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (3am.com(Test) -> HTC, Corporation) [File not signed]
S3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [36928 2013-10-17] (HTC Corp. -> Windows ® Win 7 DDK provider)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (Sqa.com(Test) -> QUALCOMM Incorporated) [File not signed]
R3 JmUsbCcgp; C:\Windows\System32\DRIVERS\jmccgp.sys [17136 2009-07-29] (JMicron Technology Corp. -> JMicron Technology Corp.)
R3 MAFW; C:\Windows\System32\DRIVERS\mafw.sys [235312 2012-01-24] (Avid Technology, Inc. -> Avid Technology, Inc.)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [140672 2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2019-09-28] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation -> Malwarebytes Corporation)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation -> Malwarebytes Corporation)
R3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [255552 2009-02-24] (JiaPing Gan -> MagicISO, Inc.)
R3 mcdbus; C:\Windows\SysWOW64\DRIVERS\mcdbus.sys [255552 2009-02-24] (JiaPing Gan -> MagicISO, Inc.)
S3 MDA_NTDRV; C:\Windows\system32\MDA_NTDRV.sys [21208 2019-09-27] (北京铠信神州科技有限责任公司 -> )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] (ASUSTeK Computer Inc. -> )
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [75600 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 pbfilter; C:\Portable Program Files\INET\PeerBlockPortable\App\PeerBlock\Modern64\pbfilter.sys [22600 2014-01-15] (PeerBlock, LLC -> )
S3 RDID1053; C:\Windows\System32\Drivers\rdwm1053.sys [81792 2009-09-18] (Roland Corporation -> Roland Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [80384 2015-01-14] (Microsoft Windows Hardware Compatibility Publisher -> BlackBerry Limited)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [18432 2015-05-26] (Microsoft Windows Hardware Compatibility Publisher -> BlackBerry Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Research in Motion Ltd)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [227296 2019-07-12] (Invincea, Inc. -> Sandboxie Holdings, LLC)
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
R3 tap-pia-0901; C:\Windows\System32\DRIVERS\tap-pia-0901.sys [30208 2019-05-30] (Private Internet Access (London Trust Media Incorporated) -> The OpenVPN Project)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2016-02-10] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA64.sys [654720 2010-08-20] (Microsoft Windows Hardware Compatibility Publisher -> eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM64.sys [943872 2010-08-20] (Microsoft Windows Hardware Compatibility Publisher -> eMPIA Technology, Inc.)
S3 MBAMFarflt; \??\C:\Windows\system32\drivers\farflt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-28 12:39 - 2019-09-28 12:40 - 000038919 _____ C:\Users\User1\Desktop\FRST.txt
2019-09-28 12:39 - 2019-09-28 12:39 - 000000000 ____D C:\Users\User1\Desktop\FRST-OlderVersion
2019-09-28 02:08 - 2019-09-28 02:08 - 000000000 ____D C:\Users\User1\Downloads\LivAgui
2019-09-27 15:40 - 2019-09-27 15:40 - 000000849 _____ C:\Users\User1\Desktop\POffc.lnk
2019-09-27 14:16 - 2019-09-27 14:21 - 000066560 _____ C:\Windows\dm_batch.bak
2019-09-27 14:16 - 2019-09-27 14:21 - 000000096 _____ C:\Windows\dm.dmap
2019-09-27 14:15 - 2019-09-27 14:15 - 000733080 _____ C:\Windows\system32\ndw-fre.exe
2019-09-27 14:15 - 2019-09-27 14:15 - 000021208 _____ C:\Windows\system32\MDA_NTDRV.sys
2019-09-27 13:58 - 2019-09-27 13:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ KillDisk 11
2019-09-27 13:00 - 2019-09-27 13:00 - 000000516 _____ C:\Users\User1\Desktop\¶-7QG.URL
2019-09-27 12:44 - 2019-09-27 12:44 - 000000000 ____D C:\Users\User1\AppData\Roaming\Thunderbird
2019-09-27 02:18 - 2019-09-27 02:18 - 000000640 ____H C:\Users\User1\Downloads\aJunk19.lnk
2019-09-27 00:37 - 2019-09-27 00:37 - 000000000 ____D C:\ProgramData\Office Genuine Advantage
2019-09-27 00:37 - 2019-09-27 00:37 - 000000000 ____D C:\MGADiagToolOutput
2019-09-26 20:12 - 2019-09-28 03:15 - 000000000 ____D C:\Users\User1\AppData\LocalLow\Mozilla
2019-09-26 17:54 - 2019-09-26 17:58 - 000000000 ____D C:\Users\Public\Documents\HostsMan Backups
2019-09-26 17:54 - 2019-09-26 17:58 - 000000000 ____D C:\ProgramData\Documents\HostsMan Backups
2019-09-26 17:54 - 2019-09-26 17:54 - 000000000 ____D C:\Users\User1\AppData\Roaming\abelhadigital.com
2019-09-26 17:54 - 2019-09-26 17:54 - 000000000 ____D C:\ProgramData\abelhadigital.com
2019-09-26 17:15 - 2019-09-26 17:15 - 000000000 ____D C:\Users\User1\AppData\Roaming\Skype
2019-09-26 16:03 - 2019-09-26 16:03 - 000000000 ____D C:\Users\User1\AppData\Local\TileDataLayer
2019-09-26 16:03 - 2019-09-26 16:03 - 000000000 ____D C:\Users\User1\AppData\Local\Packages
2019-09-26 16:03 - 2019-09-26 16:03 - 000000000 ____D C:\ProgramData\USOPrivate
2019-09-26 14:04 - 2019-09-26 14:04 - 000000000 ___RD C:\Users\User1\Documents\Scanned Documents
2019-09-26 14:04 - 2019-09-26 14:04 - 000000000 ____D C:\Users\User1\Documents\Fax
2019-09-26 13:53 - 2019-09-26 13:53 - 000000000 ____D C:\Program Files\Bonjour
2019-09-26 13:53 - 2019-09-26 13:53 - 000000000 ____D C:\Program Files (x86)\Bonjour
2019-09-26 13:52 - 2019-09-26 18:12 - 000000000 ____D C:\ProgramData\Acronis
2019-09-18 16:09 - 2019-09-18 16:09 - 000000902 _____ C:\Users\User1\Desktop\#AcronisNEW.lnk
2019-09-18 15:06 - 2019-09-28 12:39 - 001616384 _____ (Farbar) C:\Users\User1\Desktop\FRST64.exe
2019-09-18 00:26 - 2019-09-18 00:26 - 000000224 _____ C:\Users\User1\Desktop\Toilets.URL
2019-09-16 01:26 - 2019-09-16 01:26 - 000001115 _____ C:\Users\User1\Desktop\D-d.lnk
2019-09-09 20:32 - 2019-09-09 20:32 - 000000355 _____ C:\Users\User1\Desktop\Recycl.lnk
2019-09-09 20:32 - 2019-09-09 20:32 - 000000355 _____ C:\Users\User1\Desktop\Computr.lnk
2019-09-09 13:56 - 2019-09-09 13:56 - 000001794 _____ C:\Users\User1\Desktop\AE.lnk
2019-09-08 22:55 - 2019-09-08 22:55 - 000000953 _____ C:\Users\User1\Desktop\Dwhelper.lnk
2019-09-08 18:47 - 2019-09-08 18:47 - 000000404 _____ C:\Users\User1\Desktop\Inet.lnk
2019-09-07 22:49 - 2019-09-07 22:49 - 000000091 _____ C:\Users\User1\Desktop\BestKRadios.url
2019-09-06 15:08 - 2019-09-06 15:08 - 000000990 _____ C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access.lnk

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-28 12:39 - 2018-09-23 15:13 - 000000000 ____D C:\FRST
2019-09-28 12:37 - 2018-02-22 18:36 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2019-09-28 12:37 - 2009-10-25 13:06 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-09-28 12:35 - 2016-05-26 14:28 - 000000000 ____D C:\ProgramData\NVIDIA
2019-09-28 12:34 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-09-28 03:11 - 2017-11-22 20:33 - 000000000 ___RD C:\Users\User1\Desktop\BB&id
2019-09-28 03:10 - 2016-06-07 16:10 - 000000550 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1925592742-456944920-4000667399-1008.job
2019-09-28 03:01 - 2009-07-14 06:13 - 000782510 _____ C:\Windows\system32\PerfStringBackup.INI
2019-09-28 03:01 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2019-09-28 02:51 - 2016-02-19 17:00 - 000000913 _____ C:\Windows\Tasks\EPSON Perfection V39 Update.job
2019-09-27 22:50 - 2016-03-17 20:26 - 000000000 ____D C:\Users\User1\dwhelper
2019-09-27 17:06 - 2018-12-10 03:15 - 000000000 ____D C:\Program Files\Recuva
2019-09-27 13:58 - 2018-02-22 17:38 - 000000000 ____D C:\Program Files\MAINTENANCE
2019-09-27 13:41 - 2016-04-29 15:45 - 000000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2019-09-27 12:49 - 2009-07-14 05:45 - 000025936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-09-27 12:49 - 2009-07-14 05:45 - 000025936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-09-27 00:34 - 2016-02-07 22:29 - 000000000 ____D C:\Users\User1\AppData\Local\ElevatedDiagnostics
2019-09-27 00:25 - 2016-02-14 23:59 - 000000008 __RSH C:\ProgramData\ntuser.pol
2019-09-27 00:23 - 2016-02-06 23:02 - 000000000 ____D C:\Users\User2\AppData\LocalLow\Temp
2019-09-27 00:23 - 2010-03-24 15:39 - 000000000 ____D C:\Users\User3\AppData\LocalLow\Temp
2019-09-27 00:22 - 2009-07-14 04:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2019-09-27 00:22 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2019-09-26 20:51 - 2019-05-16 19:25 - 000002896 _____ C:\Windows\Sandboxie.ini
2019-09-26 18:06 - 2016-02-14 19:43 - 000000000 ____D C:\Users\User1\AppData\Local\CrashDumps
2019-09-26 17:57 - 2009-07-14 03:34 - 000007106 _____ C:\Windows\system32\Drivers\etc\HOSTS.bak
2019-09-26 17:18 - 2019-05-19 16:42 - 000000000 ____D C:\Program Files\Sandboxie
2019-09-26 16:53 - 2016-02-08 17:36 - 000000000 ___RD C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VIDEO
2019-09-26 16:52 - 2016-02-08 17:37 - 000000000 ____D C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NOTATION
2019-09-26 16:49 - 2016-02-08 17:37 - 000000000 ___RD C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAINTAIN
2019-09-26 16:48 - 2018-10-06 20:14 - 001265960 _____ C:\Users\User1\AppData\Local\GDIPFONTCACHEV1.DAT
2019-09-26 16:46 - 2016-02-08 17:37 - 000000000 ___RD C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\INET
2019-09-26 16:26 - 2016-02-13 22:22 - 000000000 ____D C:\Users\User1\AppData\Roaming\HandBrake
2019-09-26 16:16 - 2016-02-10 23:28 - 000000000 ____D C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BIZ
2019-09-26 16:15 - 2016-02-09 18:48 - 000000000 ____D C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMG
2019-09-26 16:15 - 2016-02-08 17:37 - 000000000 ____D C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AUDIO
2019-09-26 16:15 - 2016-02-08 17:36 - 000000000 ____D C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UTILITIES
2019-09-26 16:14 - 2016-02-08 17:37 - 000000000 ____D C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAWs
2019-09-26 16:13 - 2016-02-20 15:55 - 000000000 ____D C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSG
2019-09-26 16:09 - 2016-02-15 16:51 - 000000000 ____D C:\Portable Program Files
2019-09-26 16:07 - 2009-10-25 23:42 - 000001024 _____ C:\Windows\demdata.txt
2019-09-26 16:05 - 2009-10-25 23:32 - 000000000 ____D C:\Program Files (x86)\Native Instruments
2019-09-26 14:05 - 2018-03-26 23:48 - 000000000 ____D C:\Users\User1\AppData\Roaming\Thinstall
2019-09-26 14:03 - 2009-10-26 12:17 - 000000000 ____D C:\Program Files (x86)\Guitar Pro 5
2019-09-26 13:53 - 2012-02-25 12:54 - 000371144 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\snapman.sys
2019-09-26 03:05 - 2016-02-07 22:22 - 000000000 ____D C:\Users\User1
2019-09-18 14:09 - 2016-02-11 00:53 - 000168015 _____ C:\ads_err.adt
2019-09-16 15:47 - 2018-12-18 01:29 - 000000000 ____D C:\Users\User1\Documents\OneNote
2019-09-16 00:01 - 2018-09-04 01:43 - 000000000 ____D C:\Users\User1\AppData\Local\SquirrelTemp
2019-09-13 23:09 - 2012-02-22 19:19 - 000766376 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-09-13 13:44 - 2019-05-17 17:16 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-09-13 13:43 - 2011-05-29 10:59 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-09-13 01:53 - 2016-02-07 22:30 - 000023636 _____ C:\Users\User1\Documents\Layout 1280 x 1024.dtr
2019-09-13 01:51 - 2016-02-07 22:39 - 000001696 _____ C:\Users\User1\Desktop\Gtr,Kar.lnk
2019-09-13 01:47 - 2016-02-07 22:39 - 000000615 _____ C:\Users\User1\Desktop\Aud.lnk
2019-09-13 01:42 - 2018-07-03 22:23 - 000000868 _____ C:\Users\User1\Desktop\InetCafes.lnk
2019-09-11 20:45 - 2018-01-29 14:04 - 000000904 _____ C:\Users\User1\Desktop\Music#NOW.lnk
2019-09-11 16:00 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
2019-09-11 13:38 - 2018-03-13 19:44 - 000004456 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-09-11 13:38 - 2016-07-16 13:03 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-09-11 13:38 - 2012-08-08 17:04 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-09-11 13:38 - 2012-08-08 17:04 - 000000000 ____D C:\Windows\system32\Macromed
2019-09-11 13:38 - 2012-02-12 14:09 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-09-10 02:03 - 2018-10-04 23:10 - 000022976 _____ C:\Users\User2\Documents\Layout 1280 x 1024.dtr
2019-09-09 13:56 - 2019-07-10 20:37 - 000001618 _____ C:\Users\User1\Desktop\FixShortcts.lnk
2019-09-09 13:55 - 2019-07-12 14:42 - 000013025 _____ C:\Users\User1\Desktop\ShortctMan.lnk
2019-09-09 02:27 - 2019-01-23 03:27 - 000001045 _____ C:\Users\User1\Desktop\Hoods.lnk
2019-09-08 20:59 - 2019-03-15 01:22 - 000000694 _____ C:\Users\User1\Desktop\GTAV100%.lnk
2019-09-08 20:49 - 2016-02-08 17:35 - 000001676 _____ C:\Users\User1\Desktop\StartMen2.lnk
2019-09-08 20:49 - 2016-02-08 17:35 - 000001295 _____ C:\Users\User1\Desktop\StartMen.lnk
2019-09-08 20:45 - 2016-02-07 22:39 - 000000730 _____ C:\Users\User1\Desktop\Biz.lnk
2019-09-08 20:02 - 2016-01-18 17:24 - 000000000 ____D C:\Program Files (x86)\UTILITIES
2019-09-06 21:08 - 2016-02-14 19:03 - 000000000 ____D C:\Windows\SysWOW64\files
2019-09-06 21:08 - 2016-02-14 19:03 - 000000000 ____D C:\Windows\SysWOW64\exceptions
2019-09-06 20:12 - 2016-02-14 00:38 - 000000000 ____D C:\Users\User1\AppData\Roaming\MacroCreator
2019-09-06 15:10 - 2019-03-01 17:50 - 000000000 ____D C:\Users\User1\AppData\Local\Private Internet Access
2019-09-06 15:08 - 2019-03-01 17:34 - 000000000 ____D C:\Program Files\Private Internet Access
2019-09-04 16:06 - 2019-07-11 14:14 - 000000000 ____D C:\Users\User1\AppData\Roaming\MusicBrainz
2019-09-04 14:53 - 2018-12-17 02:30 - 000000000 ____D C:\Users\User1\AppData\Roaming\FreeFileSync
2019-09-01 16:54 - 2019-08-02 23:05 - 000212992 _____ C:\Windows\system32\ClickToRun_Pipeline16

==================== Files in the root of some directories ================

2009-10-26 11:48 - 2009-10-26 11:48 - 000000604 ____H () C:\Program Files (x86)\STLL Notifier
2016-02-07 22:30 - 2010-04-17 16:14 - 000000052 _____ () C:\Users\User1\AppData\Roaming\Culture Prefs
2016-08-29 16:06 - 2016-08-29 16:06 - 000000112 _____ () C:\Users\User1\AppData\Roaming\JP2K CS6 Prefs
2016-02-11 00:49 - 2019-05-14 22:01 - 000005852 _____ () C:\Users\User1\AppData\Roaming\Rim.Desktop.Exception.log
2016-02-11 00:49 - 2016-03-19 22:56 - 000006217 _____ () C:\Users\User1\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2016-02-11 00:49 - 2019-05-14 22:01 - 000005852 _____ () C:\Users\User1\AppData\Roaming\Rim.DesktopHelper.Exception.log
2016-02-21 20:26 - 2016-11-17 22:59 - 000001475 _____ () C:\Users\User1\AppData\Roaming\SAS7_000.DAT
2016-02-18 01:11 - 2016-02-18 01:11 - 000000096 _____ () C:\Users\User1\AppData\Roaming\version2.xml
2016-02-10 15:22 - 2012-02-26 20:40 - 000037814 _____ () C:\Users\User1\AppData\Roaming\Microsoft\MSO1033.acl
2016-02-10 15:22 - 2014-03-14 23:09 - 000000110 _____ () C:\Users\User1\AppData\Roaming\Microsoft\MSO2057.acl
2016-02-10 15:22 - 2016-01-24 21:29 - 000000030 _____ () C:\Users\User1\AppData\Roaming\Microsoft\MSO3081.acl
2019-07-08 00:57 - 2017-07-16 14:49 - 000000218 _____ () C:\Users\User1\AppData\Local\recently-used.xbel
2016-02-07 22:29 - 2018-01-15 17:09 - 000007603 _____ () C:\Users\User1\AppData\Local\resmon.resmoncfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-09-26 15:09
==================== End of FRST.txt ============================


  • 0

#23
hmp3

hmp3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 612 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-09-2019
Ran by User1 (28-09-2019 12:41:02)
Running from C:\Users\User1\Desktop
Windows 7 Professional Service Pack 1 (X64) (2009-10-24 16:18:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1925592742-456944920-4000667399-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-1925592742-456944920-4000667399-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1925592742-456944920-4000667399-1002 - Limited - Enabled)
User3 (S-1-5-21-1925592742-456944920-4000667399-1003 - Administrator - Enabled) => C:\Users\User3
User1 (S-1-5-21-1925592742-456944920-4000667399-1008 - Administrator - Enabled) => C:\Users\User1
User2 (S-1-5-21-1925592742-456944920-4000667399-1006 - Administrator - Enabled) => C:\Users\User2

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Active@ KillDisk 11 (HKLM\...\{0218BA4B-0594-40E2-B3C6-40A859A348FF}_is1) (Version: 11 - LSoft Technologies Inc)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.255 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.255 - Adobe)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{421E3900-59C7-8A50-C424-83CFFC1DB2B9}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AnyTrans for Android (HKLM-x32\...\{CE84DF95-1914-47BB-8055-847E28B605B9}) (Version: 6.3.5 - iMobie) Hidden
AnyTrans for Android (HKLM-x32\...\AnyTrans for Android 6.3.5) (Version: 6.3.5 - iMobie)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArtsAcoustic Reverb 1.2.1 (HKLM-x32\...\ArtsAcoustic Reverb) (Version: 1.2.1 - ArtsAcoustic Vertrieb GbR)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AudioEase Altiverb VST RTAS v6.12 (HKLM-x32\...\AudioEase Altiverb VST RTAS_is1) (Version:  - )
Authy Desktop (HKU\S-1-5-21-1925592742-456944920-4000667399-1008\...\authy-electron) (Version: 1.7.0 - Twilio Inc.)
AutoHotkey 1.1.23.01 (HKLM\...\AutoHotkey) (Version: 1.1.23.01 - Lexikos)
Axe-Edit 3.12.0 (HKLM-x32\...\{0B2FECD3-B4EF-4071-9546-7529D90BAA99}_is1) (Version:  - Fractal Audio)
BlackBerry 10 Desktop Software (HKLM-x32\...\{a0642dd3-1105-464b-84c8-caaf676c39c8}) (Version: 1.1.0.22 - BlackBerry)
BlackBerry Blend (HKLM-x32\...\{1DA42C01-4ED2-4B4E-B90C-18FCBA12FC41}) (Version: 1.1.0.23 - BlackBerry Ltd.) Hidden
BlackBerry Communication Drivers (HKLM-x32\...\{46CD5A63-0C1F-45C3-B643-CA87A17275C0}) (Version: 8.0.0.119 - BlackBerry Ltd.) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\{BE5B0450-DCCB-4FE9-93E2-3B38D88A745B}) (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Device Drivers (HKLM-x32\...\{1F6490E5-7540-426D-BC1E-EB57B0BF0C38}) (Version: 8.0.0.119 - BlackBerry Ltd.) Hidden
BlackBerry Device Software Updater (HKLM-x32\...\{E755A98B-F45F-4008-A1A5-FC4CB4D2177A}) (Version: 8.0.0.66 - Research In Motion Ltd)
BlackBerry Link (HKLM-x32\...\{C42468F9-9812-4550-A54B-5DDB062EB10F}) (Version: 1.2.4.28 - BlackBerry) Hidden
BlackBerry Link Remover (HKLM-x32\...\{44D65CAB-1BC8-47B7-BF5B-3EB8B6BB0276}) (Version: 1.2.4.0 - BlackBerry Ltd.) Hidden
Bome Virtual MIDI 2.1.0.44 (HKLM\...\BMIDI_Driver1.0.0.11_is1) (Version:  - Bome Software GmbH & Co. KG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Contents64 (HKLM\...\{1CDDC143-E149-4945-A5C9-8B366D8C2FC6}) (Version: 18.0.0.181 - Corel Corporation) Hidden
ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
Corel VideoStudio Ultimate X8 (HKLM-x32\...\_{A22A80C4-F237-4B5A-825F-0731971ECBE6}) (Version: 18.6.0.6 - Corel Corporation)
dBpoweramp [Multi Encoder] Codec (HKLM-x32\...\dBpoweramp [Multi Encoder] Codec) (Version: Release 2 - Illustrate)
dBpoweramp AAC Encoder (HKLM-x32\...\dBpoweramp AAC Encoder) (Version:  - )
dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 3 - Illustrate)
dBpoweramp FLAC Codec (HKLM-x32\...\dBpoweramp FLAC Codec) (Version: Release 10 (FLAC 1.2.0) - Illustrate)
dBpoweramp m4a Codec (HKLM-x32\...\dBpoweramp m4a Codec) (Version: Release 7 - Illustrate)
dBpoweramp m4b Audio book Encoder (HKLM-x32\...\dBpoweramp m4b Audio book Encoder) (Version:  - )
dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 13.2 - Illustrate)
dBpoweramp Windows Media Audio 10 Codec (HKLM-x32\...\dBpoweramp Windows Media Audio 10 Codec) (Version: Release 5 - Illustrate)
Desktop Restore (HKLM\...\{15D07D6F-E4CC-41D9-88A3-94115E5E5A10}) (Version: 1.6.3 - JOConnell)
Desktop Restore (HKLM\...\{9DAB307E-531F-4992-AB30-6F1AD39E6CF9}) (Version: 1.6.1 - JOConnell)
Disk Drill 2.0.0.338 (HKLM-x32\...\{91CF2A75-07FB-4CAF-AE14-2BE4EE77EF00}) (Version: 2.0.338 - CleverFiles)
Document Capture Pro (HKLM-x32\...\{8930DCE5-510D-4476-A879-835188F7B6F4}) (Version: 1.06.0011 - Seiko Epson Corporation)
Dragon 14 (HKLM-x32\...\{FEAB6184-0560-4EBF-A26B-C3F2B11FE9E1}) (Version: 14.00.000 - Nuance Communications Inc.)
Earope Advanced Ear Training v1.65 (HKLM-x32\...\Earope Advanced Ear Training_is1) (Version:  - )
EASEUS Data Recovery Wizard Professional 5.5.1 (HKLM-x32\...\EASEUS Data Recovery Wizard Professional 5.5.1_is1) (Version:  - EASEUS)
East West Boesendorfer 290 (HKLM-x32\...\East West Boesendorfer 290) (Version:  - )
East West Colossus (HKLM-x32\...\East West Colossus) (Version:  - )
East West EWQLSO Gold Edition (HKLM-x32\...\East West EWQLSO Gold Edition) (Version:  - )
East West EWQLSO PRO XP Brass (HKLM-x32\...\East West EWQLSO PRO XP Brass) (Version:  - )
East West EWQLSO PRO XP Percussion (HKLM-x32\...\East West EWQLSO PRO XP Percussion) (Version:  - )
East West EWQLSO PRO XP Strings (HKLM-x32\...\East West EWQLSO PRO XP Strings) (Version:  - )
East West EWQLSO PRO XP Woodwinds (HKLM-x32\...\East West EWQLSO PRO XP Woodwinds) (Version:  - )
East West HardcoreBass (HKLM-x32\...\East West HardcoreBass) (Version:  - )
East West Percussive Adventures 2 (HKLM-x32\...\East West Percussive Adventures 2) (Version:  - )
East West Ra (HKLM-x32\...\East West Ra) (Version:  - )
East West Stormdrum Intakt (HKLM-x32\...\East West Stormdrum Intakt) (Version:  - )
East West Symphonic Choirs (HKLM-x32\...\East West Symphonic Choirs) (Version:  - )
East West Vapor (HKLM-x32\...\East West Vapor) (Version:  - )
Easy Photo Scan (HKLM-x32\...\{1A6DED1E-A024-455D-AA82-203D6B3B0CBC}) (Version: 1.00.0006 - Seiko Epson Corporation)
Enigma (HKLM-x32\...\{1F145099-1224-4C5B-84F2-7AE6DC699F1A}) (Version: 1.2.0.0 - M-Audio)
Epson Copy Utility 4 (HKLM-x32\...\{06A7E8AB-2856-4490-BAA9-F338ABE7695A}) (Version: 4.01.0001 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{17FA0444-A025-43B9-862C-81AE6307C2F2}) (Version: 3.10.0050 - Seiko Epson Corporation)
EPSON Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.50.0.0 - SEIKO EPSON CORPORATION)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.00 - SEIKO EPSON Corp.)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Evernote v. 5.9.6 (HKLM-x32\...\{A542D366-9877-11E5-B101-005056951CAD}) (Version: 5.9.6.9494 - Evernote Corp.)
Exif Pilot 5.4 (HKLM-x32\...\Exif Pilot_is1) (Version: 5.4 - Two Pilots)
Extreme Sample Converter v3.5.3 (HKLM-x32\...\Extreme Sample Converter v3.5.3) (Version:  - )
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
Finale 2012 (HKLM-x32\...\Finale 2012) (Version: 2012.c.r13.4 - MakeMusic)
Fix Shortcuts 1.2 (HKLM\...\Fix Shortcuts_is1) (Version:  - Puran Software)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
FLAC 1.2.1b (remove only) (HKLM-x32\...\FLAC) (Version: 1.2.1b - Xiph.org)
Foxit PhantomPDF Business (HKLM-x32\...\{1C0B89FF-BBF6-4DB7-BC97-89CA8D5D0F54}) (Version: 7.3.0.118 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.2.0.9297 - Foxit Software Inc.)
Fractal Audio Systems USB Audio Driver v2.23.0 (HKLM-x32\...\Fractal Audio Systems USB Audio Driver v2.23.0) (Version: 2.23.0 - Fractal Audio Systems)
Fractal Audio Systems USB Driver Package 2014.06.06 (HKLM\...\{E992CC59-71FD-4199-B04E-6274F7439EA0}_is1) (Version: 2014.06.06 - Fractal Audio Systems)
Fractal-Bot 2.11.0 (HKLM-x32\...\{6DBF83F6-BE11-414D-82DC-58C414CACF35}_is1) (Version:  - Fractal Audio)
FreeFileSync 10.8 (HKLM-x32\...\FreeFileSync_is1) (Version: 10.8 - FreeFileSync.org)
Garritan Instruments for Finale 2009 (HKLM\...\Garritan Instruments for Finale 2009_is1) (Version: v1.0.0.1 - Garritan)
Garritan Jazz Big Band (HKLM-x32\...\Garritan Jazz Big Band) (Version:  - )
Gnaural ver. 1.0.20110606 (HKLM-x32\...\Gnaural_is1) (Version:  - Bret Logan)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.23.9 - Google Inc.) Hidden
GoToMeeting 8.37.0.10996 (HKU\S-1-5-21-1925592742-456944920-4000667399-1008\...\GoToMeeting) (Version: 8.37.0.10996 - LogMeIn, Inc.)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.25) (Version: 9.25 - Artifex Software Inc.)
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
HD Tune Pro 5.00 (HKLM-x32\...\HD Tune Pro_is1) (Version:  - EFD Software)
HitmanPro 3.6 (HKLM\...\HitmanPro36) (Version: 3.6.1.163 - SurfRight B.V.)
ICA (HKLM-x32\...\{A22A80C4-F237-4B5A-825F-0731971ECBE6}) (Version: 18.0.0.181 - Corel Corporation) Hidden
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel Processor Diagnostic Tool 64bit (HKLM-x32\...\{04d7bf4f-df2d-43f7-9ac0-0ecf85606989}) (Version: 4.1.3.35 - )
Intel® C++ Redistributables on IA-32 (HKLM-x32\...\{317059CB-7642-4F2E-89C0-62E69D4074B7}) (Version: 15.0.148 - Intel Corporation)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{2DD3C090-2986-4970-B3CB-87BB4C8AC4A5}) (Version: 15.0.148 - Intel Corporation)
IPM_VS_Pro64 (HKLM\...\{CEE838EA-72D1-4149-91F5-5591AFE0CBBC}) (Version: 18.0 - Corel Corporation) Hidden
IrfanView 4.51 (64-bit) (HKLM\...\IrfanView64) (Version: 4.51 - )
iZotope iDrum (HKLM-x32\...\iZotope iDrum_is1) (Version: 1.61 - iZotope, Inc.)
Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
Jazz-Plugin (HKLM-x32\...\{4D91EBA9-1769-467B-982B-C0693147D353}) (Version: 1.5 - Jazz-Soft)
JBridge (HKLM-x32\...\JBridge) (Version:  - JBridge)
JDiskReport 1.4.1 (HKLM-x32\...\JDiskReport 1.4.1) (Version: 1.4.1 (2014-02-26 11:50:44) - JGoodies Karsten Lentzsch)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMICRON Technology Corp.)
K-Lite Codec Pack 13.5.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.5.5 - KLCP)
KRISTAL Audio Engine (HKLM-x32\...\KRISTAL Audio Engine) (Version:  - )
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Exploit version 1.13.1.117 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.13.1.117 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Manager (HKLM-x32\...\{8DED36D9-54D6-4127-A112-5A1BA1CDD66B}) (Version: 5.0.26.33533 - 2017 pdfforge GmbH. All rights reserved) Hidden
Market Samurai (HKLM-x32\...\{BCBB1378-B65A-6D5C-152B-FEF3AEEE7CA8}) (Version: 0.93.86 - Alliance Software Pty Ltd) Hidden
Market Samurai (HKLM-x32\...\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.93.86 - Alliance Software Pty Ltd)
M-Audio FireWire 6.0.4 (x64) (HKLM\...\{D53342CB-8C24-4493-9E04-C35D09873DF5}) (Version: 6.0.4 - M-Audio)
MeldaProduction Audio Plugins 9 (HKLM-x32\...\MeldaProduction Audio Plugins 9) (Version:  - MeldaProduction)
Micrologus Musician Training Center 2.3.1.6 (HKLM-x32\...\Micrologus_Musician_Training_Center_is1) (Version: 2.3.1.6 - Micrologus.com)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft IntelliPoint 7.0 (HKLM\...\{C74A84EC-7C5F-4C36-A4A6-381E516D643B}) (Version: 7.0.260.0 - Microsoft)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM-x32\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneNote Home and Student 2016 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.11929.20300 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mouse Manager (HKLM\...\Mouse Manager_is1) (Version: 1.3 - RealityRipple Software)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 2.1.3 - MusicBrainz)
Native Instruments Absynth 5 (HKLM-x32\...\Native Instruments Absynth 5) (Version:  - Native Instruments)
Native Instruments Battery 3 (HKLM-x32\...\Native Instruments Battery 3) (Version:  - Native Instruments)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version:  - Native Instruments)
Native Instruments Elektrik Piano (HKLM-x32\...\Native Instruments Elektrik Piano) (Version:  - )
Native Instruments Evolve Mutations (HKLM-x32\...\Native Instruments Evolve Mutations) (Version:  - Native Instruments)
Native Instruments FM8 (HKLM-x32\...\Native Instruments FM8) (Version:  - Native Instruments)
Native Instruments Guitar Rig 3 (HKLM-x32\...\Native Instruments Guitar Rig 3) (Version:  - Native Instruments)
Native Instruments Guitar Rig 4 (HKLM-x32\...\Native Instruments Guitar Rig 4) (Version:  - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version:  - Native Instruments)
Native Instruments Guitar Rig v1.1.2 (HKLM-x32\...\Native Instruments Guitar Rig v1.1.2) (Version:  - )
Native Instruments Komplete 6 (HKLM-x32\...\Native Instruments Komplete 6) (Version:  - Native Instruments)
Native Instruments Kontakt 3 (HKLM-x32\...\Native Instruments Kontakt 3) (Version:  - Native Instruments)
Native Instruments Kontakt 4 (HKLM-x32\...\Native Instruments Kontakt 4) (Version:  - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version:  - Native Instruments)
Native Instruments Pro-53 v3.02 (HKLM-x32\...\Native Instruments Pro-53 v3.02) (Version:  - )
NirSoft ShellExView (HKLM-x32\...\NirSoft ShellExView) (Version:  - )
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation)
NVIDIA Graphics Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Orb Composer S (HKLM\...\{B8013ED0-0295-4945-B444-6C9BD5687CF2}_is1) (Version: 1.4.4 - Hexachords & Team V.R)
PC 73 Virtual Piano Keyboard (HKLM-x32\...\PC 73 Virtual Piano Keyboard) (Version:  - )
PC-50 Driver (HKLM\...\RolandRDID0053) (Version:  - Roland Corporation)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 3.1.1 - pdfforge GmbH)
Playlist Creator 3.6.2 (HKLM-x32\...\Playlist Creator 3.6.2) (Version: 3.6.2.0 - oddgravity)
POP Peeper (HKLM-x32\...\POP Peeper) (Version:  - Esumsoft)
Power Tab Editor 1.7 (HKLM-x32\...\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}) (Version: 1.7.0 - Power Tab Software)
Private Internet Access (HKLM\...\{33023371-7761-4F81-BBB1-0E0D0D175ACF}) (Version: 1.4.0+03180 - London Trust Media, Inc.)
proDAD Mercalli 2.0 (64bit) (HKLM\...\proDAD-Mercalli-2.0) (Version: 2.0.120 - proDAD GmbH) Hidden
Project SAM Symphobia 1.0 (HKLM-x32\...\{676FAD0D-40C3-4911-93E7-5C70C201ADEA}_is1) (Version:  - )
Pulover's Macro Creator version 4.1.3 (HKLM\...\{223FFB42-2D49-4AF6-9EF2-82B7D0CAF8B4}_is1) (Version: 4.1.3 - Rodolfo U. Batista)
PxMergeModule (HKLM-x32\...\{024521CF-C07E-4F8E-8481-0D75695E03AF}) (Version: 1.00.0000 - Your Company Name) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Rank Tracker Samurai (HKLM-x32\...\{F9BFB0DE-0DE9-A021-D4E3-E60BC77DEE9B}) (Version: 0.00.17 - Alliance Software Pty Ltd) Hidden
Rank Tracker Samurai (HKLM-x32\...\RankTrackerSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.00.17 - Alliance Software Pty Ltd)
RapidComposer (HKLM\...\RapidComposer_is1) (Version: 3.6.5 - MusicDevelopments & Team V.R)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Reason 4.0 (HKLM-x32\...\Reason4_is1) (Version: 4.0 - Propellerhead Software AB)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
ReWire (HKLM\...\{4481A621-E317-411C-8926-864AACDF509B}) (Version: 1.00.0000 - Waves)
Riffstation (HKU\S-1-5-21-1925592742-456944920-4000667399-1008\...\{66bd4367-2215-46cb-a211-cbddfe321d39}) (Version: 1.6.3 - Sonic Ladder Ltd.)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
Sandboxie 5.31.4 (64-bit) (HKLM\...\Sandboxie) (Version: 5.31.4 - Sandboxie Holdings, LLC)
SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Security Task Manager 1.7f (HKLM-x32\...\Security Task Manager) (Version: 1.7f - Neuber GmbH)
Setup (HKLM-x32\...\{CC55892B-B7A6-4F5F-BFB4-F69D77E2D7D5}) (Version: 18.0.0.181 - Corel Corporation) Hidden
Share64 (HKLM\...\{3BB9B652-3725-419E-869F-7A5F7FE82C28}) (Version: 18.0.0.181 - Corel Corporation) Hidden
Skype version 8.23 (HKLM-x32\...\Skype_is1) (Version: 8.23 - Skype Technologies S.A.)
Softube FET Compressor VST RTAS v1.0.3 (HKLM-x32\...\Softube FET Compressor VST RTAS_is1) (Version:  - )
Softube Tube-Tech PE 1C VST RTAS v1.0.1 (HKLM-x32\...\Softube Tube-Tech PE 1C_is1) (Version:  - )
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
SoundToys Native Effects VST RTAS v3.1.2 (HKLM-x32\...\SoundToys Native Effects VST RTAS_is1) (Version:  - )
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Stream What You Hear (SWYH) version 1.4 (HKLM-x32\...\{5FBEA9D3-668E-4B88-BF6C-E1BCF441ECFD}_is1) (Version: 1.4 - Sebastien.warin.fr)
Streaming Video Recorder V5.1.3 (HKLM-x32\...\{2CD65167-671F-49A3-B6C7-3B919DF028E2}_is1) (Version: 5.1.3 - APOWERSOFT LIMITED)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Sylenth1 v2.20 (HKLM\...\Sylenth1_is1) (Version:  - )
Sylenth1 v2.20 (HKLM-x32\...\Sylenth1_is1) (Version:  - )
System Scheduler 4.35 (HKLM-x32\...\Windows Scheduler_is1) (Version:  - Splinterware Software Solutions)
Sytrus (HKLM-x32\...\Sytrus) (Version:  - Image-Line)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
TimeComX Basic (64-Bit) (HKLM-x32\...\TimeComX Basic 64-Bit) (Version: 1.3.2.0 - Bitdreamers)
Transcribe! 8.40 (HKLM-x32\...\Transcribe!_is1) (Version: 8.40 - Seventh String Software)
Trilogy (HKLM-x32\...\Trilogy_is1) (Version:  - Spectrasonics, Inc.)
TruePianos 1.5.0 (HKLM\...\TruePianos_is1) (Version:  - 4Front Technologies)
TruePianos: Amber Module 1.4.0 (HKLM-x32\...\TruePianos: Amber Module_is1) (Version:  - 4Front Technologies)
TruePianos: Diamond Module 1.4.0 (HKLM-x32\...\TruePianos: Diamond Module_is1) (Version:  - 4Front Technologies)
TruePianos: Emerald Module 1.4.0 (HKLM-x32\...\TruePianos: Emerald Module_is1) (Version:  - 4Front Technologies)
TruePianos: Sapphire Module 1.4.0 (HKLM-x32\...\TruePianos: Sapphire Module (Pedal sounds included)_is1) (Version:  - 4Front Technologies)
TruePianos: Sapphire Module 1.4.0 (HKLM-x32\...\TruePianos: Sapphire Module_is1) (Version:  - 4Front Technologies)
Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Ut Video Codec Suite (HKLM\...\utvideo_is1) (Version: 15.4.0 - UMEZAWA Takeshi)
VdhCoApp 1.3.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
VideoStudio MyDVD (HKLM-x32\...\{49D8422A-D54E-425F-8A38-54167B1174A1}) (Version: 1.0 - Corel)
VideoStudio MyDVD (HKLM-x32\...\{7EB40408-4144-4477-95B5-B80B02A1FB66}) (Version: 1.0.112 - Corel Corporation) Hidden
Voxengo Boogex (HKLM\...\Voxengo Boogex_is1) (Version: 2.1 - Voxengo)
Voxengo Marvel GEQ (HKLM\...\Voxengo Marvel GEQ_is1) (Version: 1.4 - Voxengo)
Voxengo Overtone GEQ (HKLM\...\Voxengo Overtone GEQ_is1) (Version: 1.11 - Voxengo)
VSClassic64 (HKLM\...\{C8686FE2-D759-4304-9791-66ED3C1A7789}) (Version: 18.0.0.181 - Corel Corporation) Hidden
VSUltimate64 (HKLM\...\{4BBC9291-7961-42EE-9CDA-6EC4BD6EB782}) (Version: 18.0.0.181 - Corel Corporation) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Wave Arts Tube Saturator (HKLM-x32\...\Wave Arts Tube Saturator) (Version:  - )
Wave Arts Tube Saturator 64 (HKLM\...\Wave Arts Tube Saturator 64) (Version:  - )
Waves Complete v8.0.11 (HKLM-x32\...\Waves Complete V8_is1) (Version:  - )
Waves Mercury Complete VST DX RTAS v1.01 (HKLM-x32\...\Waves Mercury Complete VST DX RTAS_is1) (Version:  - Waves Ltd.)
Windows Driver Package - Advanced Micro Devices (AtiHDAudioService) MEDIA  (01/16/2016 7.12.0.7723) (HKLM\...\E18EFCE3DA74D73E2828F3B3E53176B4E08B9418) (Version: 01/16/2016 7.12.0.7723 - Advanced Micro Devices)
Windows Driver Package - Advanced Micro Devices (AtiHDAudioService) MEDIA  (08/11/2015 7.12.0.7723) (HKLM\...\FF579B3D0A1F64296C1D2BD5BE5728F02B42E927) (Version: 08/11/2015 7.12.0.7723 - Advanced Micro Devices)
Windows Driver Package - Advanced Micro Devices, Inc. (amdkmdap) Display  (04/05/2012 8.961.0.0000) (HKLM\...\66FF30DCFCACEE6BACEC2B23668C4F83C158922A) (Version: 04/05/2012 8.961.0.0000 - Advanced Micro Devices, Inc.)
Windows Driver Package - Alcor Micro, Corp. (AmUStor) USB  (04/11/2016 1.0.145.40103) (HKLM\...\7DBA26E9A80D98472F1CF95A0767EB4949C8885D) (Version: 04/11/2016 1.0.145.40103 - Alcor Micro, Corp.)
Windows Driver Package - Alcor Micro, Corp. (AmUStor) USB  (09/22/2015 1.0.144.2002) (HKLM\...\A841DAE23AACC3DE82C4ABD365CA02F42BD2D6BF) (Version: 09/22/2015 1.0.144.2002 - Alcor Micro, Corp.)
Windows Driver Package - Alcor Micro, Corp. (AmUStor) USB  (12/08/2015 1.0.145.40101) (HKLM\...\DF633FC6C1775EA261113B0E3C4728D8B6204522) (Version: 12/08/2015 1.0.145.40101 - Alcor Micro, Corp.)
Windows Driver Package - AMD (amdkmpfd) System  (02/12/2015 15.20.0.0000) (HKLM\...\708AE871DE4DE98C022B914117B48025341D07B8) (Version: 02/12/2015 15.20.0.0000 - AMD)
Windows Driver Package - AMD (amdkmpfd) System  (07/24/2013 13.15.1.0001) (HKLM\...\EF70220A4FF8FBE3EC6338B797A142BC03FACCE7) (Version: 07/24/2013 13.15.1.0001 - AMD)
Windows Driver Package - ATK (MTsensor) System  (05/05/2009 1043.6.0.0) (HKLM\...\A1CE88ECEE452DF2F78DB201E0D9BED96DD08791) (Version: 05/05/2009 1043.6.0.0 - ATK)
Windows Driver Package - BlackBerry (RimUsb) RIMUSBBB  (08/21/2015 4.2.0.37) (HKLM\...\B55CD77E7DF02D898BAAEF952AD0A614BA6C130B) (Version: 08/21/2015 4.2.0.37 - BlackBerry)
Windows Driver Package - Challenger Backup Solutions, LLC (FlashBoot) DiskDrive  (08/11/2013 2.3.72.0) (HKLM\...\CA8BFE662913F62CB908BA31685037C57A7DD973) (Version: 08/11/2013 2.3.72.0 - Challenger Backup Solutions, LLC)
Windows Driver Package - Dell Inc. Monitor  (06/22/2005 1.0) (HKLM\...\591C1894C89A0FDEDDFFF2E6FF3906BDD14F5041) (Version: 06/22/2005 1.0 - Dell Inc.)
Windows Driver Package - EPSON Printer  (04/21/2009 6.3.9600.17415) (HKLM\...\50BCF590163ED91C75D0032CD403946293288A3F) (Version: 04/21/2009 6.3.9600.17415 - EPSON)
Windows Driver Package - Fractal Audio Systems (axefx2load) USB  (05/15/2011 1.0.0.9) (HKLM\...\6AEB8A42A154DE456DE5E467C01A582911CB5C6A) (Version: 05/15/2011 1.0.0.9 - Fractal Audio Systems)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (12/06/2010 4.0.0000.00000) (HKLM\...\30B2813B1F17EF6D99360A190E7F0D3BA2F0DC3C) (Version: 12/06/2010 4.0.0000.00000 - Google, Inc.)
Windows Driver Package - Intel hdc  (07/25/2013 9.1.9.1005) (HKLM\...\45E15243FF229D0F06670A5B262CA9C7887085F6) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel System  (07/25/2013 9.1.9.1005) (HKLM\...\0D5FF16DF1EB1D79525FA3E61418108F8F3002E1) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel System  (07/25/2013 9.1.9.1005) (HKLM\...\CAC45647A959F237CE25C052FDB9A4A914C34830) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel System  (07/25/2013 9.1.9.1005) (HKLM\...\ED810FFB415BA44CFFBFDE4E3A80FA4D67842D61) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel USB  (07/31/2013 9.1.9.1006) (HKLM\...\B0CC38E1CE139A5179BF0F8255865BD29DA00B02) (Version: 07/31/2013 9.1.9.1006 - Intel)
Windows Driver Package - JMicron (usbccgp) USB  (07/28/2009 1.0.4.2) (HKLM\...\D3AAF0E65D8B1D5934711D3312BF76371DB14E42) (Version: 07/28/2009 1.0.4.2 - JMicron)
Windows Driver Package - JMicron Technology Corp. (JRAID) SCSIAdapter  (09/17/2012 1.17.65.11) (HKLM\...\39FCA3B1E44BB5B526E74F29B111ACB49ABC9017) (Version: 09/17/2012 1.17.65.11 - JMicron Technology Corp.)
Windows Driver Package - KYE System Corp. (ioFakMap) HIDClass  (07/23/2015 10.0.0.1) (HKLM\...\4E0CA847D35A4DB0EBC8BA2B5254126B3D650579) (Version: 07/23/2015 10.0.0.1 - KYE System Corp.)
Windows Driver Package - KYE System Corp. (ioFakMap) HIDClass  (09/09/2013 6.3.0.1) (HKLM\...\2D411C1C731F85B0AE8A713F3C27A67932A89369) (Version: 09/09/2013 6.3.0.1 - KYE System Corp.)
Windows Driver Package - Logitech (HidUsb) HIDClass  (08/31/2012 1.10.77.0) (HKLM\...\5498ECA18B56D1C7C4EC25B46FBEA3A008C6545A) (Version: 08/31/2012 1.10.77.0 - Logitech)
Windows Driver Package - Logitech (usbccgp) USB  (11/04/2010 1.0.2.11) (HKLM\...\8A87028F68EFC3B6D4F26F7EF2DDB31C8F6767EF) (Version: 11/04/2010 1.0.2.11 - Logitech)
Windows Driver Package - Microsoft (usbvideo) Image  (11/30/2011 4.00.271.0) (HKLM\...\038FE5C3ADC3253893A69B8C3731D30F61329D0D) (Version: 11/30/2011 4.00.271.0 - Microsoft)
Windows Driver Package - Realtek (RTL8167) Net  (01/07/2016 7.098.0107.2016) (HKLM\...\98646A049185AFF3261925EB9AF62F27CDE1973A) (Version: 01/07/2016 7.098.0107.2016 - Realtek)
Windows Driver Package - Realtek (RTL8167) Net  (04/22/2016 7.100.0422.2016) (HKLM\...\F8155F67753B825ABE617429CF7039CBBA40F662) (Version: 04/22/2016 7.100.0422.2016 - Realtek)
Windows Driver Package - Realtek (RTL8167) Net  (10/01/2015 7.097.1001.2015) (HKLM\...\68DA79C9547185B2A7523EB8E6D022500B2B3ACC) (Version: 10/01/2015 7.097.1001.2015 - Realtek)
Xvid MPEG-4 Video Codec (HKLM-x32\...\xvid) (Version:  - Xvid Development Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1925592742-456944920-4000667399-1008_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\5174\G2MOutlookAddin64.dll (Citrix Online -> Citrix Online, a division of Citrix Systems, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2016-01-07] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2018-07-13] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:/Program Files/UTILITIES/PDFCreator/PDFCreatorShell.DLL [2017-10-19] (pdfforge GmbH -> pdfforge GmbH)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [DeskMenu] -> {7E74422F-2393-11D4-98E0-444553540000} => C:\Program Files (x86)\Desktop Restore\dkticnsr.dll [2010-11-12] (Jamie O'Connell) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2018-07-13] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\User1\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
Shortcut: C:\Users\User1\Desktop\PIAxTB.lnk -> C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\INET\PIAxTB.bat ()
Shortcut: C:\Users\User1\Desktop\RV.lnk -> C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\INET\TBxPIA.bat ()
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VST INST\Native Instruments\Service Center\Native Instruments Homepage.lnk -> hxxp://www.native-instruments.de
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VST INST\Native Instruments\Pro-53\Native Instruments Homepage.lnk -> hxxp://www.native-instruments.net
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VST INST\Native Instruments\Guitar Rig 1.1.2\Native Instruments Homepage.lnk -> hxxp://www.native-instruments.net
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VST FX\Native Instruments\Guitar Rig 1.1.2\Native Instruments Homepage.lnk -> hxxp://www.native-instruments.net
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NOTATION\Finale 2012\User Manual.lnk -> hxxp://www.finalemusic.com/UserManuals/Finale2012Win/Finale_Left.ht
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAINTAIN\JDiskReport 1.4.1\JGoodies Home Page.lnk -> hxxp://www.jgoodies.com
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAWs\Image-Line\FL Studio 10\Image-Line website.lnk -> hxxp://www.image-line.com
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAWs\Image-Line\FL Studio 10\Advanced\Diagnostic.lnk -> hxxp://diagnostic.image-line.com
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAWs\Image-Line\FL Studio 10\Additional\Download Deckadance.lnk -> hxxp://www.deckadance.com
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAWs\Image-Line\FL Studio 10\Additional\SynthMaker website.lnk -> hxxp://www.synthmaker.co.uk
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AUDIO\dBpoweramp Music Converter\Register dBpoweramp.lnk -> hxxp://www.dbpoweramp.com/dmc-power-register.htm

==================== Loaded Modules (Whitelisted) ==============

2019-07-20 16:04 - 2016-08-06 15:39 - 000008704 _____ () [File not signed] C:\Portable Program Files\MSG\ThunderbirdPortable\Data\profile\extensions\[email protected]\lib\tray_x86-msvc.dll
2015-03-19 12:22 - 2015-03-19 12:22 - 000094208 _____ () [File not signed] C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\libxpmux.dll
2018-05-02 23:24 - 2015-06-02 08:41 - 000721408 _____ (hxxp://lame.sf.net) [File not signed] C:\Program Files (x86)\AUDIO\Stream What You Hear\libmp3lame.32.dll
2019-05-17 17:14 - 2019-05-17 17:14 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\AppVIsvSubsystems32.dll
2019-05-17 17:14 - 2019-05-17 17:14 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll
2016-02-09 18:41 - 2018-01-07 17:05 - 000120072 _____ (pdfforge GmbH) [File not signed] C:\Windows\System32\pdfcmon.dll
2013-08-01 17:05 - 2013-08-01 17:05 - 000112128 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll
2015-01-29 11:04 - 2015-01-29 11:04 - 000004096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\ESPSUTL.dll
2009-10-21 18:39 - 2009-10-21 18:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1925592742-456944920-4000667399-1008\...\dell.com -> dell.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2019-09-28 12:35 - 001304404 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
0.0.0.0 statsfe2.update.microsoft.com.akadns.net
0.0.0.0 fe2.update.microsoft.com.akadns.net
0.0.0.0 s0.2mdn.net
0.0.0.0 survey.watson.microsoft.com
0.0.0.0 view.atdmt.com
0.0.0.0 watson.microsoft.com
0.0.0.0 watson.ppe.telemetry.microsoft.com

There are 45662 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64\compiler;C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\ia32\compiler;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\VIDEO\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-1925592742-456944920-4000667399-1008\Control Panel\Desktop\\Wallpaper -> C:\Users\User1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 9.9.9.9 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: AcronisOSSReinstallSvc => 2
MSCONFIG\Services: AcrSch2Svc => 2
MSCONFIG\Services: afcdpsrv => 2
MSCONFIG\Services: Gizmo Central => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: NIHardwareService => 2
MSCONFIG\Services: syncagentsrv => 2
MSCONFIG\Services: UnsignedThemes => 2
MSCONFIG\Services: WinDefend => 3
MSCONFIG\startupfolder: C:^Users^User1^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\Windows\pss\EvernoteClipper.lnk.Startup
MSCONFIG\startupfolder: C:^Users^User1^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: avichannel => "C:\Program Files (x86)\MSG\Evaer Skype Recorder\videochannel.exe"
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: ISUSPM Startup => "c:\Program Files (x86)\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: Skype for Desktop => C:\Portable Program Files\MSG\SkypePortable\app\Skype.exe
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\MAINTENANCE\TrueImageHome\TrueImageMonitor.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{7276BF16-03F5-4092-A3D1-570910DD4CDA}] => (Block) C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation -> Malwarebytes)
FirewallRules: [{8F8F735E-BFC5-48F5-9AF9-4746E1A72AAA}] => (Block) C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation -> Malwarebytes)
FirewallRules: [{07275EB8-8FB1-4DF3-B4F8-4B7E33C9ACCB}] => (Allow) C:\Program Files (x86)\AUDIO\Winamp Lite\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{3C903969-A203-40CA-826A-78C91D9E1532}] => (Allow) C:\Program Files (x86)\AUDIO\Winamp Lite\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{0B0A8C75-21CB-4939-A973-27884781226F}] => (Allow) C:\Program Files (x86)\WORK\Microsoft Office 2007\Office12\ONENOTE.EXE (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A63EFC61-80C6-41BC-B263-46EB789A6787}] => (Allow) C:\Program Files (x86)\WORK\Microsoft Office 2007\Office12\ONENOTE.EXE (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FFFAC329-843D-4B4C-B378-0A26D2082DA1}] => (Block) C:\Windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{F2B13664-C0CF-443E-9323-7AA59C9AB5A3}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{9C094317-857E-4BBC-ABB9-8A198EB7B074}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{FC49401F-BD2A-46B9-9CB4-8495B2152A11}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{DB5BCCE7-A067-405E-B38B-7E9D59FF9185}] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{615FD8E7-2A10-45B4-94A9-6CA6FA3E2058}] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{52DE605D-52FD-4B65-9998-D9F50EC92171}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{49CC108C-A904-423A-AA0C-C5256BE16B45}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [TCP Query User{805AA0FA-A7C3-4A40-A9E2-9FB7E6AD5A15}C:\portable program files\msg\skypeportable\app\skype\phone\skype.exe] => (Allow) C:\portable program files\msg\skypeportable\app\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{D330B362-FC43-4C0B-91D9-D6CF44A11010}C:\portable program files\msg\skypeportable\app\skype\phone\skype.exe] => (Allow) C:\portable program files\msg\skypeportable\app\skype\phone\skype.exe No File
FirewallRules: [{298F4086-A4FB-4DE3-BE4B-1010ABEFB0ED}] => (Allow) LPort=51001
FirewallRules: [TCP Query User{0C4C360E-D6B8-47AA-93FA-E9857C929244}C:\portable program files\automate\phraseexpress\phraseexpress.exe] => (Block) C:\portable program files\automate\phraseexpress\phraseexpress.exe (Bartels Media GmbH -> Bartels Media GmbH)
FirewallRules: [UDP Query User{7A172613-B3B9-4631-94B4-E5DF36FBC873}C:\portable program files\automate\phraseexpress\phraseexpress.exe] => (Block) C:\portable program files\automate\phraseexpress\phraseexpress.exe (Bartels Media GmbH -> Bartels Media GmbH)
FirewallRules: [{3087E63C-4B9E-4D3D-A0A6-624B649CFEBD}] => (Allow) C:\Program Files (x86)\UTILITIES\RIM\Rim.Desktop.exe (Research In Motion -> Research In Motion)
FirewallRules: [{E6D4DB63-B282-491F-9160-38D68A199075}] => (Allow) C:\Program Files (x86)\UTILITIES\RIM\Rim.Desktop.exe (Research In Motion -> Research In Motion)
FirewallRules: [{157548F2-8CD2-4C01-B2A4-E0FE96CB5669}] => (Allow) LPort=4481
FirewallRules: [{2C8E22DE-2466-40C4-9468-8E9B667382B5}] => (Allow) LPort=4481
FirewallRules: [{C3159DD3-9B90-4035-BFF7-A9B462A6330F}] => (Allow) LPort=4482
FirewallRules: [{338342B8-002B-4036-B79D-8EE470B8DC2B}] => (Allow) LPort=4482
FirewallRules: [TCP Query User{BB619C23-5A2E-413B-8689-F0B8C9952A00}C:\portable program files\msg\skypeportable\app\skype\phone\skype.exe] => (Allow) C:\portable program files\msg\skypeportable\app\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{DF4C2ADE-C060-4500-9C05-48684BE02DB0}C:\portable program files\msg\skypeportable\app\skype\phone\skype.exe] => (Allow) C:\portable program files\msg\skypeportable\app\skype\phone\skype.exe No File
FirewallRules: [{69C55611-E8C5-4EB0-9315-0DBA0AD4A0F2}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{ACC4EFEA-F224-46A2-B2FA-B4D1AE2929C5}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{CB17F21D-4110-469B-8103-EFD32DA4F380}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{B7B738EC-861B-4E84-A2E3-3A492788CCE8}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{48522084-EB66-4CA8-8CF8-54448155AB5E}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F344E7D2-10C0-49BA-AA68-6C0A4B29746A}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{157959D6-1D39-43F6-86D1-C58930392CD9}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E5BE19BB-D568-4159-ABCC-2441EA7DDAAA}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F9E20079-5963-4D5D-A159-8873F4B4A004}] => (Allow) LPort=51001
FirewallRules: [{2D88A4B8-537D-4EB1-89CD-35D7C086C4AD}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe (BlackBerry Ltd. -> )
FirewallRules: [{5975E934-291C-4D87-BBEE-B618F75399B3}] => (Allow) C:\Program Files (x86)\BlackBerry\BlackBerry Blend\desktopinvokeproxy.exe (BlackBerry Ltd. -> BlackBerry Limited. All rights reserved)
FirewallRules: [TCP Query User{B4F7F1DE-E042-4936-8056-744A660845BF}C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe] => (Block) C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe (BlackBerry Ltd. -> BlackBerry Limited)
FirewallRules: [UDP Query User{454B83D7-43DA-4FA7-B24B-C7B6F098A569}C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe] => (Block) C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe (BlackBerry Ltd. -> BlackBerry Limited)
FirewallRules: [TCP Query User{873763AD-34CA-415E-8BC2-E89A4A5922ED}C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe] => (Allow) C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe (BlackBerry Ltd. -> BlackBerry Limited)
FirewallRules: [UDP Query User{9CD42232-D5B6-4EDD-A209-10AC000F958A}C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe] => (Allow) C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe (BlackBerry Ltd. -> BlackBerry Limited)
FirewallRules: [TCP Query User{B0322ADD-DDFC-4650-8D71-8BC08CB83843}C:\portable program files\inet\winhttrack_3.48-18_rev8\bin\winhttrack\winhttrack.exe] => (Block) C:\portable program files\inet\winhttrack_3.48-18_rev8\bin\winhttrack\winhttrack.exe (Open Source Developer, Xavier Roche -> HTTrack)
FirewallRules: [UDP Query User{E2B20840-55EE-472D-B3BF-4E482492DA9D}C:\portable program files\inet\winhttrack_3.48-18_rev8\bin\winhttrack\winhttrack.exe] => (Block) C:\portable program files\inet\winhttrack_3.48-18_rev8\bin\winhttrack\winhttrack.exe (Open Source Developer, Xavier Roche -> HTTrack)
FirewallRules: [{BFE91F25-39BD-493D-B176-67B41553ED0D}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\Streaming Video Recorder.exe (APOWERSOFT LIMITED -> Apowersoft)
FirewallRules: [{798DA693-3288-4535-B055-7430C20EF39B}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\Streaming Video Recorder.exe (APOWERSOFT LIMITED -> Apowersoft)
FirewallRules: [{A028EAFD-429E-4025-9DCB-04ACDACB27EF}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\ApowersoftSrv.dll () [File not signed]
FirewallRules: [{B73BDB23-5B98-4503-8D53-DD8C83A8170E}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\ApowersoftSrv.dll () [File not signed]
FirewallRules: [{AD330C0B-218B-4767-AE82-56E119736790}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\ApowersoftDump.dll () [File not signed]
FirewallRules: [{A04D3D64-8869-4FC6-B91F-19069314759C}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\ApowersoftDump.dll () [File not signed]
FirewallRules: [{02E55126-479A-4BCB-B252-6CAB2E3B9696}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\ApowersoftAC.dll (APOWERSOFT LIMITED -> )
FirewallRules: [{C60BA495-AC36-4333-BDCE-AFD797E043EB}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\ApowersoftAC.dll (APOWERSOFT LIMITED -> )
FirewallRules: [{775A4488-04F9-4280-B1E1-E1291F59DED9}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\ApowersoftPlayer.dll (APOWERSOFT LIMITED -> )
FirewallRules: [{9E81C0A6-5FE0-4BA3-948F-9E0A1758BE2C}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\ApowersoftPlayer.dll (APOWERSOFT LIMITED -> )
FirewallRules: [{4358C953-F11F-4740-B270-BCC54D258D23}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\ApowersoftDownloaderHelp.dll (APOWERSOFT LIMITED -> )
FirewallRules: [{705DAFDD-E2D8-43B2-AEF1-CA5A436CC0EF}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\ApowersoftDownloaderHelp.dll (APOWERSOFT LIMITED -> )
FirewallRules: [{6703B2D8-666F-4F00-96CB-54D555A9F495}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\ApowersoftHDSDump.dll (APOWERSOFT LIMITED -> Apowersoft)
FirewallRules: [{B1F8B121-748F-4F2C-A3A8-10656F8B9908}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\ApowersoftHDSDump.dll (APOWERSOFT LIMITED -> Apowersoft)
FirewallRules: [TCP Query User{A19847BB-7071-445F-8BB6-42833E0CB59C}C:\program files (x86)\audio\stream what you hear\swyh.exe] => (Block) C:\program files (x86)\audio\stream what you hear\swyh.exe (Sebastien.warin.fr) [File not signed]
FirewallRules: [UDP Query User{68D4689E-A0D2-40D0-A41E-95EE56FCFF3D}C:\program files (x86)\audio\stream what you hear\swyh.exe] => (Block) C:\program files (x86)\audio\stream what you hear\swyh.exe (Sebastien.warin.fr) [File not signed]
FirewallRules: [TCP Query User{7A3941F6-6713-4B21-A936-E2F344877BC7}C:\program files (x86)\audio\stream what you hear\swyh.exe] => (Block) C:\program files (x86)\audio\stream what you hear\swyh.exe (Sebastien.warin.fr) [File not signed]
FirewallRules: [UDP Query User{C78E3762-3291-4065-A248-DF13ED0A075B}C:\program files (x86)\audio\stream what you hear\swyh.exe] => (Block) C:\program files (x86)\audio\stream what you hear\swyh.exe (Sebastien.warin.fr) [File not signed]
FirewallRules: [{A3C1A797-A089-436B-93FF-EC7C85C0BADE}] => (Allow) LPort=9098
FirewallRules: [{68B70A15-BAAF-499C-82A1-B53E33CB8028}] => (Allow) LPort=9098
FirewallRules: [{7A33D1EB-9D24-4AE5-AC91-91EB3D292026}] => (Allow) C:\Program Files (x86)\AnyTrans for Android\AnyTrans for Android.exe (iMobie Inc.) [File not signed]
FirewallRules: [{44C4D3B7-B7A4-49C5-AD58-DAC3B0EA4660}] => (Allow) C:\Program Files (x86)\AnyTrans for Android\AnyTrans for Android.exe (iMobie Inc.) [File not signed]
FirewallRules: [{897273A7-90AE-4EDD-8FF1-2CD28977DCB2}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3517CF07-A1F0-44AB-8E3F-8BE9E746D616}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{55C4744E-1942-4D85-A839-480C21527E56}C:\portable program files\skype-portable\app\skype.exe] => (Allow) C:\portable program files\skype-portable\app\skype.exe No File
FirewallRules: [UDP Query User{DA0BBAA8-9EFB-4A22-B8DA-B1D472F5A5DD}C:\portable program files\skype-portable\app\skype.exe] => (Allow) C:\portable program files\skype-portable\app\skype.exe No File
FirewallRules: [TCP Query User{69E392CE-71CD-414A-BE81-C48A61641078}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{EF1B4E72-08CD-469C-9F41-6047C0C68671}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{C6902763-EB62-42DD-B94B-AEFF7BE3562E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{59034DE5-54B8-4127-9F6B-9D833FE12ADE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3FB034B8-67D3-411A-99FF-F7EA825E9559}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0D8C1783-6F15-487C-9064-DA7C94118696}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DBA10FC7-ECF6-4FF2-89C7-E1B51353C615}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome ()
FirewallRules: [{57128726-465D-441A-A325-92C3077350B8}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome ()

==================== Codecs (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [175392 2012-09-21] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [VIDC.ULRA] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULRG] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULY0] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULY2] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULH0] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULH2] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [VIDC.UQY2] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [msacm.dvacm_vspx8] => C:\Program Files\VIDEO\Corel VideoStudio Ultimate X8\DVACM.acm [23552 2015-01-28] (Corel TW Corp.) [File not signed]
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-09-21] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\SysWOW64\vorbis.acm [1554944 2009-09-15] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]
HKLM\...\Drivers32: [VIDC.ULRA] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULRG] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULY0] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULY2] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULH0] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULH2] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [VIDC.UQY2] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [msacm.pspgru] => C:\Windows\SysWOW64\pspgru.acm [401920 2010-03-22] (Philips Austria GmbH - Speech Processing) [File not signed]
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [236544 2011-12-19] () [File not signed]
HKLM\...\Drivers32: [vidc.MPG4] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.MP42] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.MP43] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed]

==================== Restore Points =========================

13-09-2019 23:08:36 Windows Update
18-09-2019 13:35:46 Windows Update
26-09-2019 13:05:55 Installed Microsoft Fix it 50692
26-09-2019 13:06:53 Windows Update
26-09-2019 14:03:10 Revo Uninstaller's restore point - Guitar Pro 5.2
26-09-2019 16:59:26 Revo Uninstaller's restore point - Sandboxie 5.30 (64-bit)
26-09-2019 18:04:25 Revo Uninstaller's restore point - Acronis True Image
27-09-2019 00:21:12 Pre-FRSTv1fixes
27-09-2019 00:22:29 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============

Name: Standard floppy disk controller
Description: Standard floppy disk controller
Class Guid: {4d36e969-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard floppy disk controllers)
Service: fdc
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/27/2019 11:57:48 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Local Hostname NIV.local already in use; will try NIV-2.local instead

Error: (09/27/2019 11:57:48 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister    4 NIV.local. Addr 169.254.224.69

Error: (09/27/2019 11:57:48 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.18:5353    4 NIV.local. Addr 192.168.0.18

Error: (09/27/2019 11:57:47 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing:    4 NIV.local. Addr 169.254.224.69

Error: (09/27/2019 11:57:47 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 02D5EA50 Our Record 3 lost: 003181A8    4 NIV.local. Addr 169.254.224.69

Error: (09/27/2019 11:57:47 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 02D5EA50 Pkt Record:        00302A90    4 NIV.local. Addr 192.168.0.18

Error: (09/27/2019 11:57:47 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 02D5EA50 Our Record 3 lost: 003181A8    4 NIV.local. Addr 169.254.224.69

Error: (09/27/2019 11:57:47 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 02D5EA50 Pkt Record:        00302A90    4 NIV.local. Addr 192.168.0.18


System errors:
=============
Error: (09/28/2019 12:37:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (09/27/2019 11:57:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (09/27/2019 11:51:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (09/27/2019 11:51:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (09/27/2019 11:50:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (09/27/2019 11:48:29 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (09/27/2019 11:47:59 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (09/27/2019 11:47:29 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.


CodeIntegrity:
===================================

Date: 2016-02-08 22:18:56.284
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\uphcleanhlp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-08 22:18:56.206
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\uphcleanhlp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-08 22:16:32.481
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\uphcleanhlp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-08 22:16:32.387
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\uphcleanhlp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-08 22:11:09.140
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\uphcleanhlp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-08 22:11:09.046
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\uphcleanhlp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-19 19:21:00.698
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-19 19:21:00.698
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 1201 02/24/2010
Motherboard: ASUSTeK Computer INC. P6T
Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 39%
Total physical RAM: 12278.12 MB
Available physical RAM: 7488.2 MB
Total Virtual: 24554.38 MB
Available Virtual: 19768.13 MB

==================== Drives ================================

Drive c: (Win7) (Fixed) (Total:465.76 GB) (Free:185.81 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (MEDIA) (Fixed) (Total:1863.01 GB) (Free:166.64 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 68FA4FB7)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: B55D94AC)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#24
iMacg3

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi phickspc,

Sorry for the delay.

Please let me know what issues persist with this computer.
  • 0

#25
hmp3

hmp3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 612 posts

No worries. MSE still does boots up with real-time off until MBAM loads. MSE stil doesn't uninstall due to antimalware service process refusing to close.

System restore works every other way, I don't know if it's working with the fix repair script you gave me.

The ctrl alt del screen still doesn't returns to desktop after awhile, but lock screen works fine.


  • 0

Advertisements


#26
iMacg3

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi phickspc,

---------------------------------------------------
Farbar Service Scanner

Download Farbar Service Scanner and save it to your desktop.
  • Right-click FSS.exe and select Run as Administrator.
  • Check the following boxes:
    Internet Services
    Windows Firewall
    System Restore
    Security Center/Action Center
    Windows Update
    Windows Defender
    
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
---------------------------------------------------

In your next reply, please include:
  • FSS.txt

  • 0

#27
hmp3

hmp3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 612 posts

Farbar Service Scanner Version: 27-01-2016
Ran by User1 (administrator) on 30-09-2019 at 15:48:01
Running from "C:\Users\User1\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=DWORD:1


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****


  • 0

#28
iMacg3

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi phickspc,

---------------------------------------------------
Farbar Recovery Scan Tool - Fix
  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Start::
    CreateRestorePoint:
    End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
    Note: No need to paste the script into FRST.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.
---------------------------------------------------

In your next reply, please include:
  • Fixlog.txt

  • 0

#29
hmp3

hmp3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 612 posts

 Fix result of Farbar Recovery Scan Tool (x64) Version: 30-09-2019
Ran by User1 (01-10-2019 20:30:00) Run:2
Running from C:\Users\User1\Desktop
Loaded Profiles: User1 (Available Profiles: User3 & User2 & User1 & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:

*****************

Restore point was successfully created.

==== End of Fixlog 20:30:14 ====


  • 0

#30
iMacg3

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi phickspc,

FRST was able to create a restore point successfully.

MSE stil doesn't uninstall due to antimalware service process refusing to close.


MSE and Malwarebytes should be able to run alongside each other. Are you attempting to uninstall MSE and use a different AV program?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP