Skip to main content

Fake popup 268D3 error may have disabled AdAware?

Comments

21 comments

  • Customer

    more info on this issue:

    After clearing the fake error message popup from my desktop (deleted IE temporary files, did end task on several instances in Task manager) I resumed web browsing.

     

    Shortly after logging into PrizeGrab.com the popups returned. I noticed a url listed in Task Manager applications window next to listing for the offending IE explorer popup windows. That url is pomonalick.com. I hope Lavasoft can add that to blocked domains.

     

    Ron

    0
  • Support

    Hi Ron,

     

    It seems that you've malware or adware in the computer that has blocked or damaged Ad-Aware. Please, to get help with cleaning your computer follow the instructions in the topic Read This Before You Post! and I will move your topic to the forum Help with Stubborn Infections.

    0
  • Customer





    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017


    Ran by Ron (administrator) on SEMICHI (23-02-2017 06:50:50)


    Running from C:\Users\Ron\Desktop


    Loaded Profiles: Ron (Available Profiles: Ron & LogMeInRemoteUser & Test & UpdatusUser & Employee Access)


    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)


    Internet Explorer Version 11 (Default browser: Chrome)


    Boot Mode: Normal






    ==================== Processes (Whitelisted) =================




    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)




    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe


    (Microsoft Corporation) C:\Windows\System32\CISVC.EXE


    (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe


    (Microsoft Corporation) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe


    (Microsoft Corporation) C:\Program Files (x86)\MICROSOFT SQL SERVER\90\Shared\sqlbrowser.exe


    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe


    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE


    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE


    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe


    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe


    () C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe


    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe


    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe


    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe


    (Google) C:\Users\Ron\AppData\Roaming\Google\Google Talk\googletalk.exe


    (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe


    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe


    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe


    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe


    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe


    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe


    (Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe


    (Gadwin Systems) C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen64.exe


    (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe


    (Tethys Solutions, LLC) C:\Program Files (x86)\Launch-n-Go\HotKey.exe


    (Tethys Solutions, LLC) C:\Program Files (x86)\Launch-n-Go\HotKey.exe


    () C:\UPS\WSTD\UPSNA1Msgr.exe


    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


    (Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe


    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe


    (Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe


    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe


    () C:\UPS\WSTD\WSTDMessaging.exe


    (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe


    (Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe


    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe


    (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe


    (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe


    (Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe


    (Microsoft Corporation) C:\Windows\splwow64.exe


    () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe


    (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe


    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe


    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe


    () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareTray.exe


    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe


    (Microsoft Corporation) C:\Windows\System32\calc.exe


    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe


    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe


    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe


    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe


    (Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe


    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE


    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe




    ==================== Registry (Whitelisted) ====================




    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)




    HKLM\...\Run: [seagull Drivers] => ssdal_nc.exe startup


    HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.)


    HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2010-09-17] (LogMeIn, Inc.)


    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)


    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)


    HKLM-x32\...\Run: [] => [X]


    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2016-03-26] (Apple Inc.)


    HKLM-x32\...\Run: [NortonOnlineBackupReminder] => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED


    HKLM-x32\...\Run: [NA1Messenger] => C:\UPS\WSTD\UPSNA1Msgr.exe [24576 2009-12-01] ()


    HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)


    HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)


    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26220296 2017-02-06] (Dropbox, Inc.)


    HKLM-x32\...\Run: [DLSService] => C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe [55808 2009-09-29] (Sanford, L.P.)


    HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)


    HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)


    HKLM-x32\...\Run: [brMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)


    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2017-01-13] (Apple Inc.)


    HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)


    HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)


    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-04-01] (Google Inc.)


    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1041736 2012-10-16] ()


    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)


    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-01-17] (Apple Inc.)


    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-01-17] (Apple Inc.)


    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [googletalk] => C:\Users\Ron\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)


    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [Google Update] => C:\Users\Ron\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)


    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)


    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [eM Client] => "C:\Program Files (x86)\eM Client\MailClient.exe" /startup


    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [eFax 4.4] => "C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" /R


    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)


    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-01-17] (Apple Inc.)


    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1084688 2016-04-21] (Apple Inc.)


    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [Gadwin PrintScreen (64-bit)] => C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen64.exe [14439584 2014-10-15] (Gadwin Systems)


    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2017-02-19] (Siber Systems)


    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\MountPoints2: {b0312b54-e9fc-11e4-beed-90e6ba591fe0} - F:\autorun.exe


    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\MountPoints2: {ecfc6d99-6036-11e2-bea1-90e6ba591fe0} - F:\iStudio.exe


    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\MountPoints2: {ecfc6fce-6036-11e2-bea1-90e6ba591fe0} - F:\iLinker.exe


    HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)


    ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)


    ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)


    ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)


    ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)


    ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)


    ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)


    ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)


    ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)


    ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)


    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)


    ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)


    ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)


    ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)


    ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)


    ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)


    ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)


    ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)


    ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)


    ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)


    ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)


    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)


    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)


    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)


    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2016-02-22]


    ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)


    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2013-06-19]


    ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)


    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launch-n-Go Hotkeys.lnk [2010-04-30]


    ShortcutTarget: Launch-n-Go Hotkeys.lnk -> C:\Program Files (x86)\Launch-n-Go\HotKey.exe (Tethys Solutions, LLC)


    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-06-09]


    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (No File)


    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk [2009-11-12]


    ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)


    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk [2010-03-11]


    ShortcutTarget: UPS WorldShip Messaging Utility.lnk -> C:\UPS\WSTD\WSTDMessaging.exe ()


    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk [2010-03-11]


    ShortcutTarget: UPS WorldShip PLD Reminder Utility.lnk -> C:\UPS\WSTD\wstdPldReminder.exe (UPS)


    Startup: C:\Users\Employee Access\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2013-11-14]


    ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)


    Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk [2012-07-12]


    ShortcutTarget: eFax 4.4.lnk -> C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe (No File)


    Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2012-03-29]


    ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)


    Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OUTLOOK.EXE - Shortcut.lnk [2016-09-12]


    ShortcutTarget: OUTLOOK.EXE - Shortcut.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)


    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION




    ==================== Internet (Whitelisted) ====================




    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)




    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt


    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76


    Tcpip\..\Interfaces\{0E97319C-1499-443F-8DA1-F948B1EEF128}: [DhcpNameServer] 75.75.75.75 75.75.76.76


    Tcpip\..\Interfaces\{54A572E2-5771-4B92-B793-AB9A69B0E820}: [DhcpNameServer] 75.75.75.75 75.75.76.76


    Tcpip\..\Interfaces\{EC8C1B85-DABD-4F8E-B5DF-520CE2B95ECA}: [DhcpNameServer] 192.168.1.1




    Internet Explorer:


    ==================


    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank


    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank


    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =


    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =


    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =


    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =


    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank


    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =


    SearchScopes: HKLM -> {07FD3917-1596-4165-9C39-D78089ED0FD1} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd


    SearchScopes: HKLM -> {BA2C68D5-0C58-4043-8FC8-7AC3A4725332} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox


    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =


    SearchScopes: HKLM-x32 -> {07FD3917-1596-4165-9C39-D78089ED0FD1} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd


    SearchScopes: HKLM-x32 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZXxdm039YYus&ptnrS=ZXxdm039YYus&si=radiopi&ptb=3FAA0180-EFBD-4D7E-9EBC-C5E277999B41&ind=2012072513&n=77edca41&psa=&st=sb&searchfor={searchTerms}


    SearchScopes: HKLM-x32 -> {BA2C68D5-0C58-4043-8FC8-7AC3A4725332} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox


    SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {07FD3917-1596-4165-9C39-D78089ED0FD1} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd


    SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&AF=109930&babsrc=SP_ss&mntrId=64107edb000000000000c0c1c06054e4


    SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZXxdm039YYus&ptnrS=ZXxdm039YYus&si=radiopi&ptb=3FAA0180-EFBD-4D7E-9EBC-C5E277999B41&ind=2012072513&n=77edca41&psa=&st=sb&searchfor={searchTerms}


    SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=03F6F03584CC89083BDED950C8082D4F&q={searchTerms}


    SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {7C560F43-CF86-4D10-BF85-D534839184F1} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3209604


    SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {831AD50D-2C35-4C64-8FEE-E154A489B122} URL = hxxp://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1


    SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {8816804E-C5E1-411B-ACCC-DEB9C0021740} URL =


    SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {BA2C68D5-0C58-4043-8FC8-7AC3A4725332} URL =


    BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-02-19] (Siber Systems Inc.)


    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)


    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)


    BHO-x32: Ad-Aware Security Add-on -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} -> C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll [2013-08-09] ()


    BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-02-19] (Siber Systems Inc.)


    BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-19] (Oracle Corporation)


    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)


    BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-06-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)


    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)


    BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-19] (Oracle Corporation)


    Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-02-19] (Siber Systems Inc.)


    Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2013-06-19] (LastPass)


    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)


    Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)


    Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-02-19] (Siber Systems Inc.)


    Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2013-06-19] (LastPass)


    Toolbar: HKLM-x32 - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll [2013-08-09] ()


    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)


    Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File


    Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-02-19] (Siber Systems Inc.)


    Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)


    Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> No Name - {B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} - No File


    Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File


    DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab


    DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab


    DPF: HKLM-x32 {106E49CF-797A-11D2-81A2-00E02C015623} hxxp://www.alternatiff.com/distribution/alternatiff-ax-w32-2.0.4.cab


    DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB


    DPF: HKLM-x32 {49232000-16E4-426C-A231-62846947304B} hxxps://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab


    DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab


    DPF: HKLM-x32 {74F4F118-91E6-4AFC-B8D2-04066781F239} hxxps://www.member-data.com/rdc/EZTwainX.cab


    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab


    DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1074


    Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)


    Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll [2014-09-23] (Xacti, LLC)


    Handler-x32: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll [2014-09-23] (Xacti, LLC)




    FireFox:


    ========


    FF ProfilePath: C:\Users\Ron\AppData\Roaming\Mozilla\SeaMonkey\Profiles\6k0syyf3.default [2017-02-23]


    FF Extension: (ChatZilla) - C:\Users\Ron\AppData\Roaming\Mozilla\SeaMonkey\Profiles\6k0syyf3.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2015-04-22] [not signed]


    FF Extension: (JavaScript Debugger) - C:\Users\Ron\AppData\Roaming\Mozilla\SeaMonkey\Profiles\6k0syyf3.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2013-10-01] [not signed]


    FF ProfilePath: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default [2017-02-23]


    FF user.js: detected! => C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js [2014-08-20]


    FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\4luj5tdd.default -> Search the web (Babylon)


    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\4luj5tdd.default -> blekko


    FF Homepage: Mozilla\Firefox\Profiles\4luj5tdd.default -> hxxps://www.aspenshopsonline.com/a_1419control/login.php


    FF Keyword.URL: Mozilla\Firefox\Profiles\4luj5tdd.default -> hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=


    FF NetworkProxy: Mozilla\Firefox\Profiles\4luj5tdd.default -> type", 0


    FF Extension: (iCloud Bookmarks) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\firefoxdav@icloud.com [2014-02-26] [not signed]


    FF Extension: (SaveFrom.net - helper) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\helper-sig@savefrom.net.xpi [2016-04-26]


    FF Extension: (Lavasoft Search Plugin) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012-12-04] [not signed]


    FF Extension: (Add Google Search To New Tab Page) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\newtabgoogle@graememcc.co.uk.xpi [2014-05-16] [not signed]


    FF Extension: (AmazonSmile 1Button for Firefox) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\smile1Button@amazon.com.xpi [2014-06-20] [not signed]


    FF Extension: (LastPass) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\support@lastpass.com [2014-08-20] [not signed]


    FF Extension: (DNS Flusher) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\{7d575baa-b543-11dc-8314-0800200c9a66}.xpi [2014-09-20] [not signed]


    FF Extension: (Ad-Aware Security Add-on) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2013-10-08] [not signed]


    FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG10\Firefox4


    FF Extension: (AVG Safe Search) - C:\Program Files (x86)\AVG\AVG10\Firefox4 [2012-09-17] [not signed]


    FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi


    FF Extension: (RoboForm Toolbar) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2017-02-19]


    FF HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Firefox\Extensions: [{D8555115-7DE9-11E1-826D-B8AC6F996F26}] - C:\Users\Ron\AppData\Local\{D8555115-7DE9-11E1-826D-B8AC6F996F26}


    FF Extension: (Translate This!) - C:\Users\Ron\AppData\Local\{D8555115-7DE9-11E1-826D-B8AC6F996F26} [2012-04-03] [not signed]


    FF HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi


    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] ()


    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]


    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)


    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]


    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()


    FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-19] (Oracle Corporation)


    FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-19] (Oracle Corporation)


    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]


    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)


    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)


    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)


    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)


    FF Plugin-x32: @mozilla.zeniko.ch/PDFLite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [2014-02-26] (Simon Bünzli)


    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)


    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)


    FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)


    FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)


    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)


    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)


    FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: @mozilla.zeniko.ch/PDFLite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [2014-02-26] (Simon Bünzli)


    FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Ron\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)


    FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: @talk.google.com/O1DPlugin -> C:\Users\Ron\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)


    FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)


    FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)


    FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: SkypePlugin -> C:\Users\Ron\AppData\Local\SkypePlugin\7.12.0.55\npGatewayNpapi.dll [2015-12-08] (Skype Technologies S.A.)


    FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: SkypePlugin64 -> C:\Users\Ron\AppData\Local\SkypePlugin\7.12.0.55\npGatewayNpapi-x64.dll [2015-12-08] (Skype Technologies S.A.)


    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2011-03-18] (Coupons, Inc.)


    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPEltr32.dll [2008-07-28] (UPS)


    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2011-03-18] (Coupons, Inc.)


    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)


    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)


    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-09-30] (Apple Inc.)


    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-09-30] (Apple Inc.)


    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-09-30] (Apple Inc.)


    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-09-30] (Apple Inc.)


    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-09-30] (Apple Inc.)


    FF Plugin ProgramFiles/Appdata: C:\Users\Ron\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)


    FF Plugin ProgramFiles/Appdata: C:\Users\Ron\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)




    Chrome:


    =======


    CHR DefaultProfile: Default


    CHR HomePage: Default -> hxxp://www.google.com/


    CHR StartupUrls: Default -> "hxxp://www.google.com/"


    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\gcswf32.dll => No File


    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File


    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File


    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File


    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File


    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File


    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File


    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File


    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File


    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll => No File


    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File


    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File


    CHR Plugin: (RoboForm Plugin for Google Chrome/Opera/etc.) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\plugin/rf-np-plugin.dll (Siber Systems Inc.)


    CHR Plugin: (AVG Internet Security) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll (AVG Technologies CZ, s.r.o.)


    CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll => No File


    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll => No File


    CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)


    CHR Profile: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default [2017-02-23]


    CHR Extension: (Entanglement Web App) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2013-10-16]


    CHR Extension: (Honey) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-02-22]


    CHR Extension: (Tampermonkey) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-01-02]


    CHR Extension: (iCloud Bookmarks) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2016-04-24]


    CHR Extension: (LastPass: Free Password Manager) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-02-09]


    CHR Extension: (AVG Safe Search) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2011-10-14]


    CHR Extension: (SearchLock) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\madakpajlmcpaodhfbekojajlhbdklol [2017-01-31]


    CHR Extension: (Poppit!) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-11-21]


    CHR Extension: (Chrome Web Store Payments) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-21]


    CHR Extension: (Lavasoft NewTab) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole [2013-10-16]


    CHR Extension: (Chrome Media Router) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]


    CHR Extension: (RoboForm Password Manager) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2017-02-16]


    CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-07]


    CHR HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx


    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx


    CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - C:\Program Files (x86)\LastPass\lpchrome.crx [2013-06-19]


    CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG10\Chrome\safesearch.crx [2011-09-09]


    CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2013-09-20]


    CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-07]




    ==================== Services (Whitelisted) ====================




    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




    S4 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)


    S4 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)


    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)


    S4 BRA_Scheduler; C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [99328 2015-01-14] () [File not signed]


    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)


    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)


    R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46400 2017-02-06] (Dropbox, Inc.)


    S4 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()


    S4 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]


    S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1039376 2017-01-16] (Garmin Ltd. or its subsidiaries)


    S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]


    S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [File not signed]


    S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2013-06-07] (LogMeIn, Inc.)


    S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2013-06-07] (LogMeIn, Inc.)


    S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2010-11-08] (LogMeIn, Inc.)


    R2 MSSQL$UPSWSDBSERVER; c:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)


    S4 RunSwUSB; C:\Windows\runSW.exe [48856 2013-10-18] ()


    S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)


    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)


    S4 WSWUSB6300; C:\Program Files (x86)\Linksys WUSB6300\WifiSvc.exe [312144 2013-07-22] () [File not signed]




    ===================== Drivers (Whitelisted) ======================




    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




    S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [35456 2012-10-24] () [File not signed]


    R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-01] (GFI Software)


    S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-30] (Broadcom Corporation)


    R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.)


    S4 LMIRfsClientNP; no ImagePath


    R3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-13] (Microsoft Corporation)


    S3 NPF; C:\Windows\System32\drivers\NPF.sys [40464 2007-11-06] (CACE Technologies)


    S3 PcaSp50; C:\Windows\System32\Drivers\PcaSp50.sys [45624 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA))


    S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2978520 2014-01-10] (Realtek Semiconductor Corporation )


    R3 SPorts; C:\Windows\System32\DRIVERS\SPorts.sys [122880 2009-08-17] ()


    S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16056 2015-09-30] (SlimWare Utilities, Inc.)


    S1 BdfNdisf; \??\c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [X]


    S1 bdftdif; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdftdif.sys [X]


    S3 dbx; system32\DRIVERS\dbx.sys [X]


    S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]




    ==================== NetSvcs (Whitelisted) ===================




    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)






    ==================== One Month Created files and folders ========




    (If an entry is included in the fixlist, the file/folder will be moved.)




    2017-02-23 06:50 - 2017-02-23 06:52 - 00046157 _____ C:\Users\Ron\Desktop\FRST.txt


    2017-02-23 06:50 - 2017-02-23 06:50 - 00000000 ____D C:\FRST


    2017-02-23 06:49 - 2017-02-23 06:49 - 02423296 _____ (Farbar) C:\Users\Ron\Desktop\FRST64.exe


    2017-02-23 06:23 - 2017-02-23 06:23 - 00000165 ____H C:\Users\Ron\Desktop\~$PRIZEGRAB.xlsx


    2017-02-22 09:00 - 2017-02-22 09:00 - 00000000 ____D C:\ProgramData\Lavasoft


    2017-02-18 19:20 - 2017-02-18 19:20 - 00000321 _____ C:\Users\Ron\Downloads\Buffalo_Grass_Acoustic_Society.vcf


    2017-02-16 23:26 - 2017-02-17 15:34 - 00000000 ____D C:\Users\Ron\Desktop\BGAS dailies


    2017-02-14 11:57 - 2017-02-14 11:57 - 00000000 ____D C:\Users\Ron\AppData\Local\AdAwareUpdater


    2017-02-14 11:54 - 2017-02-14 11:54 - 00000000 ____D C:\ProgramData\adaware


    2017-02-12 20:33 - 2017-02-23 06:31 - 00010250 _____ C:\Users\Ron\Desktop\PRIZEGRAB.xlsx


    2017-02-10 08:59 - 2017-02-10 08:59 - 00000055 _____ C:\Users\Ron\Desktop\Brad birthday ideas.txt


    2017-02-07 17:15 - 2017-02-07 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox


    2017-02-06 21:38 - 2017-02-06 21:38 - 00046400 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe


    2017-02-06 21:38 - 2017-02-06 21:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys


    2017-02-06 21:38 - 2017-02-06 21:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys


    2017-02-06 21:38 - 2017-02-06 21:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys


    2017-02-05 20:03 - 2017-02-05 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs


    2017-02-05 20:02 - 2017-02-05 20:02 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk


    2017-02-05 20:02 - 2017-02-05 20:02 - 00001153 _____ C:\Users\Public\Desktop\Debut Video Capture Software.lnk


    2017-02-04 21:31 - 2017-02-04 21:31 - 00002183 _____ C:\Users\Public\Desktop\Google Earth.lnk


    2017-02-04 21:31 - 2017-02-04 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth


    2017-02-01 13:03 - 2017-02-06 13:16 - 00000000 ____D C:\Users\Ron\Desktop\UPS Print Services


    2017-02-01 11:31 - 2017-02-01 11:31 - 00004096 ____H C:\Users\Ron\AppData\Local\keyfile3.drm


    2017-01-31 21:27 - 2017-01-31 21:27 - 00001792 _____ C:\Users\Public\Desktop\iTunes.lnk


    2017-01-31 21:27 - 2017-01-31 21:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes


    2017-01-31 21:25 - 2017-01-31 21:27 - 00000000 ____D C:\Program Files\iTunes


    2017-01-31 21:25 - 2017-01-31 21:25 - 00000000 ____D C:\Program Files\iPod


    2017-01-31 21:19 - 2017-01-31 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud




    ==================== One Month Modified files and folders ========




    (If an entry is included in the fixlist, the file/folder will be moved.)




    2017-02-23 06:49 - 2013-03-15 13:39 - 01000448 ___SH C:\Users\Ron\Desktop\Thumbs.db


    2017-02-23 06:29 - 2012-05-11 13:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job


    2017-02-23 06:15 - 2015-10-08 20:50 - 00000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job


    2017-02-23 06:10 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\tracing


    2017-02-23 05:46 - 2016-07-14 23:39 - 00000000 ____D C:\Users\Ron\AppData\Local\4B746940-4173-44A8-928A-9477EFAB0062.aplzod


    2017-02-23 04:51 - 2009-07-13 21:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0


    2017-02-23 04:51 - 2009-07-13 21:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0


    2017-02-22 21:15 - 2015-10-08 20:50 - 00000898 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job


    2017-02-22 20:35 - 2016-12-03 20:35 - 00000000 ____D C:\Users\Ron\AppData\Roaming\FileAdvisor


    2017-02-22 15:39 - 2014-09-28 18:19 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Audacity


    2017-02-22 15:27 - 2016-12-02 20:03 - 00000000 ____D C:\Users\Ron\AppData\Roaming\mp3tagpro


    2017-02-22 13:13 - 2016-02-20 12:44 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk


    2017-02-22 09:50 - 2015-09-09 08:50 - 00000362 _____ C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Ron).job


    2017-02-22 09:32 - 2015-05-05 03:28 - 00000000 ____D C:\Users\Ron\AppData\Local\CrashDumps


    2017-02-22 09:32 - 2013-02-21 19:02 - 00000000 ___RD C:\Users\Ron\Dropbox


    2017-02-22 09:30 - 2016-07-14 23:38 - 00000000 ___RD C:\Users\Ron\iCloudDrive


    2017-02-22 09:30 - 2010-03-11 11:10 - 00000199 _____ C:\Windows\wstdUPSWSHIP.INI


    2017-02-22 09:29 - 2012-07-23 13:04 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection


    2017-02-22 09:26 - 2011-09-17 15:11 - 00065536 _____ C:\Windows\system32\Ikeext.etl


    2017-02-22 09:26 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT


    2017-02-21 03:20 - 2016-03-20 21:39 - 00000000 ____D C:\Users\Ron\My IMS Projects


    2017-02-21 03:19 - 2011-07-24 12:36 - 00000000 ____D C:\Users\Ron\AppData\Roaming\FileZilla


    2017-02-19 22:16 - 2010-03-12 12:55 - 00001082 _____ C:\Windows\Brpfx04a.ini


    2017-02-19 22:15 - 2010-02-22 10:34 - 00000466 _____ C:\Windows\BRWMARK.INI


    2017-02-19 12:41 - 2011-06-16 20:23 - 00004104 _____ C:\Windows\System32\Tasks\Open URL by RoboForm


    2017-02-19 12:41 - 2011-03-16 22:53 - 00003486 _____ C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon


    2017-02-19 12:33 - 2011-12-16 04:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm


    2017-02-17 22:36 - 2016-02-21 01:05 - 00000000 ____D C:\Users\Ron\Desktop\TEMPORARY PICS


    2017-02-17 13:20 - 2017-01-06 14:16 - 00000000 ____D C:\Users\Ron\AppData\Local\FileZilla


    2017-02-16 23:26 - 2014-02-21 00:01 - 00000000 ____D C:\Users\Ron\BGAS


    2017-02-16 23:14 - 2016-09-27 17:38 - 00000000 ____D C:\Users\Ron\Desktop\a-KCEG UPLOADS


    2017-02-16 14:11 - 2015-08-21 21:11 - 00000000 ____D C:\Users\Ron\Wilks Home Sale


    2017-02-11 19:17 - 2016-06-05 23:41 - 00000861 _____ C:\Users\Public\Desktop\CCleaner.lnk


    2017-02-11 19:12 - 2013-02-21 19:02 - 00001269 _____ C:\Users\Ron\Desktop\Dropbox.lnk


    2017-02-10 19:55 - 2013-09-09 06:58 - 00268288 ___SH C:\Users\Ron\Thumbs.db


    2017-02-09 15:29 - 2010-11-19 11:32 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForRon


    2017-02-09 15:29 - 2010-11-19 11:32 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForRon.job


    2017-02-09 15:27 - 2013-07-26 19:45 - 00000000 ____D C:\BGAS WEBFILES


    2017-02-08 13:06 - 2017-01-08 00:52 - 00000000 ____D C:\Users\Ron\Desktop\SCRIPTS 2017


    2017-02-08 01:35 - 2016-12-02 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mp3Tag Pro 9


    2017-02-08 01:35 - 2016-12-02 20:03 - 00000000 ____D C:\Program Files (x86)\mp3Tag Pro 9


    2017-02-07 17:15 - 2015-10-08 20:49 - 00000000 ____D C:\Program Files (x86)\Dropbox


    2017-02-07 15:22 - 2017-01-05 14:50 - 00000000 ____D C:\Users\Ron\AppData\LocalLow\Mozilla


    2017-02-06 13:31 - 2010-04-06 17:27 - 00002234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk


    2017-02-05 20:11 - 2016-12-02 20:50 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software


    2017-02-05 20:03 - 2016-12-08 02:15 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Free YouTube to MP3 Converter Studio


    2017-02-05 20:03 - 2016-12-02 20:50 - 00000000 ____D C:\ProgramData\NCH Software


    2017-02-05 20:03 - 2016-12-02 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite


    2017-02-05 20:02 - 2011-09-29 09:10 - 00000000 ____D C:\Users\Ron\AppData\Roaming\NCH Software


    2017-02-05 20:02 - 2010-04-07 17:40 - 00000000 ____D C:\Program Files (x86)\NCH Software


    2017-02-04 21:31 - 2010-04-01 20:50 - 00000000 ____D C:\Program Files (x86)\Google


    2017-02-04 18:05 - 2010-01-27 01:03 - 00000000 ___RD C:\Users\Ron


    2017-02-03 02:18 - 2016-03-28 23:02 - 00000000 ____D C:\Users\Ron\Aspen Shops


    2017-02-02 13:44 - 2016-01-08 00:32 - 00002136 _____ C:\Users\Public\Desktop\FileZilla Client.lnk


    2017-02-02 13:44 - 2011-07-24 12:36 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client


    2017-02-02 02:20 - 2016-11-10 14:12 - 00000000 ____D C:\Users\Ron\Desktop\Linda - health-death


    2017-02-01 13:11 - 2016-08-31 10:34 - 00000000 ____D C:\Users\Ron\Desktop\Jam Poster images


    2017-01-31 21:25 - 2012-05-17 20:30 - 00000000 ____D C:\Program Files\Common Files\Apple


    2017-01-31 10:00 - 2010-02-21 21:18 - 00000544 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job


    2017-01-24 22:00 - 2015-06-24 10:49 - 00000000 ____D C:\TEMP




    ==================== Files in the root of some directories =======




    2013-01-19 00:09 - 2013-01-19 00:10 - 0031126 __RSH () C:\Program Files (x86)\DLS8Uninstall.log


    2013-06-19 22:54 - 2013-06-19 22:54 - 14880256 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe


    2015-12-31 23:20 - 2016-04-18 20:14 - 0601088 _____ () C:\Users\Ron\AppData\Roaming\SharedSettings.ccs


    2010-03-12 13:17 - 2014-11-05 20:43 - 0000258 _____ () C:\Users\Ron\AppData\Roaming\wklnhst.dat


    2013-01-19 16:46 - 2016-10-21 12:45 - 0114176 _____ () C:\Users\Ron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini


    2017-02-01 11:31 - 2017-02-01 11:31 - 0004096 ____H () C:\Users\Ron\AppData\Local\keyfile3.drm


    2011-07-12 04:35 - 2013-09-08 23:15 - 0000600 _____ () C:\Users\Ron\AppData\Local\PUTTY.RND


    2016-10-12 13:06 - 2016-10-12 13:06 - 0000837 _____ () C:\Users\Ron\AppData\Local\recently-used.xbel


    2010-03-19 07:32 - 2016-09-29 21:09 - 0007606 _____ () C:\Users\Ron\AppData\Local\resmon.resmoncfg


    2011-02-13 22:09 - 2011-02-13 22:09 - 0000056 ____H () C:\ProgramData\ezsidmv.dat


    2015-10-01 09:12 - 2015-10-01 09:12 - 0010392 _____ () C:\ProgramData\regid.2015-09.com.zebra_382F6BCF-CF0F-4390-94F1-6CEF82FFFB02.swidtag




    Files to move or delete:


    ====================


    C:\Users\Public\pass.dat


    C:\Users\Ron\en_res.dll


    C:\Users\Ron\es_res.dll


    C:\Users\Ron\fr_res.dll


    C:\Users\Ron\grm_res.dll


    C:\Users\Ron\it_res.dll


    C:\Users\Ron\jp_res.dll


    C:\Users\Ron\lyrics-finder.exe


    C:\Users\Ron\mfc80u.dll


    C:\Users\Ron\msvcr80.dll


    C:\Users\Ron\PCPE Setup.exe


    C:\Users\Ron\pt_res.dll


    C:\Users\Ron\ResourceReader.dll


    C:\Users\Ron\ripsetup.exe


    C:\Users\Ron\ru_res.dll


    C:\Users\Ron\zh_res.dll






    Some files in TEMP:


    ====================


    2013-11-29 18:48 - 2013-11-29 18:48 - 0000000 _____ () C:\Users\Employee Access\AppData\Local\Temp\c3bty7qd.dll


    2016-12-02 20:50 - 2016-12-02 20:50 - 0875792 _____ (NCH Software) C:\Users\Ron\AppData\Local\Temp\burnsetup.exe


    2017-02-05 20:02 - 2017-02-05 20:02 - 1681656 _____ (NCH Software) C:\Users\Ron\AppData\Local\Temp\debutsetup.exe


    2016-12-16 19:17 - 2017-02-19 12:32 - 21360360 _____ (Siber Systems) C:\Users\Ron\AppData\Local\Temp\RoboForm-Setup.exe


    2016-12-02 20:50 - 2016-12-02 20:50 - 0727784 _____ (NCH Software) C:\Users\Ron\AppData\Local\Temp\rpsetup.exe




    ==================== Bamital & volsnap ======================




    (There is no automatic fix for files that do not pass verification.)




    C:\Windows\system32\winlogon.exe => File is digitally signed


    C:\Windows\system32\wininit.exe => File is digitally signed


    C:\Windows\SysWOW64\wininit.exe => File is digitally signed


    C:\Windows\explorer.exe => File is digitally signed


    C:\Windows\SysWOW64\explorer.exe => File is digitally signed


    C:\Windows\system32\svchost.exe => File is digitally signed


    C:\Windows\SysWOW64\svchost.exe => File is digitally signed


    C:\Windows\system32\services.exe => File is digitally signed


    C:\Windows\system32\User32.dll => File is digitally signed


    C:\Windows\SysWOW64\User32.dll => File is digitally signed


    C:\Windows\system32\userinit.exe => File is digitally signed


    C:\Windows\SysWOW64\userinit.exe => File is digitally signed


    C:\Windows\system32\rpcss.dll => File is digitally signed


    C:\Windows\system32\dnsapi.dll => File is digitally signed


    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed


    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed




    LastRegBack: 2017-02-22 00:14




    ==================== End of FRST.txt ============================






















    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017


    Ran by Ron (23-02-2017 06:53:41)


    Running from C:\Users\Ron\Desktop


    Windows 7 Home Premium Service Pack 1 (X64) (2010-01-27 08:03:43)


    Boot Mode: Normal


    ==========================================================






    ==================== Accounts: =============================




    Administrator (S-1-5-21-1719432816-2042769076-3470656445-500 - Administrator - Disabled)


    Employee Access (S-1-5-21-1719432816-2042769076-3470656445-1009 - Limited - Enabled) => C:\Users\Employee Access


    Guest (S-1-5-21-1719432816-2042769076-3470656445-501 - Limited - Enabled)


    HomeGroupUser$ (S-1-5-21-1719432816-2042769076-3470656445-1002 - Limited - Enabled)


    LogMeInRemoteUser (S-1-5-21-1719432816-2042769076-3470656445-1006 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser


    Ron (S-1-5-21-1719432816-2042769076-3470656445-1001 - Administrator - Enabled) => C:\Users\Ron


    Test (S-1-5-21-1719432816-2042769076-3470656445-1007 - Administrator - Enabled) => C:\Users\Test


    UpdatusUser (S-1-5-21-1719432816-2042769076-3470656445-1008 - Limited - Enabled) => C:\Users\UpdatusUser




    ==================== Security Center ========================




    (If an entry is included in the fixlist, it will be removed.)




    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}




    ==================== Installed Programs ======================




    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)




    7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version: - )


    Ad-Aware Security Add-on (HKLM-x32\...\adawaretb) (Version: 3.5.0.2 - Lavasoft)


    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)


    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)


    Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)


    Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)


    Amazon Kindle (HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)


    ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden


    Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)


    Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)


    Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)


    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)


    Artweaver 1.0 (HKLM-x32\...\{A025CFB8-64E7-4432-824F-11E7C5ED2ECE}_is1) (Version: 1.0 - Boris Eyrich Software)


    Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)


    Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)


    AudioConverter Studio 9.1 (HKLM-x32\...\AudioConverter Studio_is1) (Version: - ManiacTools.com)


    Auto Updater 1.2.0.3 (HKLM-x32\...\AutoUpdater_is1) (Version: - )


    AutoHotkey 1.1.13.01 (HKLM\...\AutoHotkey) (Version: 1.1.13.01 - Lexikos)


    Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)


    BitTorrent (HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\BitTorrent) (Version: 7.9.7.42331 - BitTorrent Inc.)


    Blueberry PDF Form Filler (x32 Version: 1.0.0.89 - Blueberry Consultants) Hidden


    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)


    BRAdmin Professional 3 (HKLM-x32\...\{75C885D4-C758-4896-A3B4-90DA34B44C31}) (Version: 3.58.0003 - Brother)


    Brother HL-4040CDN (HKLM-x32\...\{341F242E-90A8-471E-A72B-4306040E5416}) (Version: 1.00 - Brother)


    Brother MFL-Pro Suite MFC-7840W (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.0.1.0 - Brother Industries, Ltd.)


    CCC (x32 Version: 12.00.0000 - United Parcel Service, Inc.) Hidden


    CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)


    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)


    Core FTP LE 2.1 (HKLM-x32\...\Core FTP LE 2.1) (Version: - )


    Crimson Editor SVN286 (HKLM-x32\...\Crimson Editor SVN286) (Version: SVN286 - Emerald Editor Community)


    CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)


    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden


    DAZzle (HKLM-x32\...\DAZzle) (Version: - )


    Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 3.07 - NCH Software)


    DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)


    DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden


    Dropbox (HKLM-x32\...\Dropbox) (Version: 19.4.13 - Dropbox, Inc.)


    Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden


    DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.2.0.794 - Sanford, L.P.)


    DYMO LabelWriter Drivers (HKLM\...\{CE16D92B-50F3-4FC5-B29C-13FAFEE1A6C6}) (Version: 8.3.0.443 - Sanford L.P.)


    DYMO Printable Postage (HKLM-x32\...\Printable Postage.exe) (Version: 4.0 - Endicia Internet Postage)


    Elevated Installer (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden


    Evernote v. 6.1.2 (HKLM-x32\...\{A46ABD1E-2837-11E6-9E7C-005056951CAD}) (Version: 6.1.2.2292 - Evernote Corp.)


    Express Burn Disc Burning Software (HKLM-x32\...\ExpressBurn) (Version: 5.15 - NCH Software)


    Express Rip CD Ripper Software (HKLM-x32\...\ExpressRip) (Version: 1.97 - NCH Software)


    FastStone Image Viewer 4.0 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.0 - FastStone Soft)


    Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)


    File Type Advisor 1.6 (HKLM-x32\...\File Type Advisor_is1) (Version: - )


    FileZilla Client 3.24.0 (HKLM-x32\...\FileZilla Client) (Version: 3.24.0 - Tim Kosse)


    FlipShare (HKLM-x32\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video)


    FormsComponent (x32 Version: 12.00.0000 - UPS) Hidden


    FOSS (x32 Version: 12.50.0000 - UPS) Hidden


    Free M4a to MP3 Converter 9.3 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)


    Free YouTube to MP3 Converter Studio 9.0 (HKLM-x32\...\Free YouTube to MP3 Converter Studio_is1) (Version: - mediaprolab.com)


    Gadwin PrintScreen (64-Bit) (HKLM\...\{819A52E1-0929-469A-BEB6-1AEBE0873CFC}) (Version: 5.4.2.0 - Gadwin Systems)


    Garmin Express (HKLM-x32\...\{9fbf4745-0038-4ed3-aee1-87af9b9ef8f1}) (Version: 5.1.1.0 - Garmin Ltd or its subsidiaries)


    Garmin Express (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden


    Garmin Express Tray (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden


    GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)


    GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 8.4.3.3 - Siber Systems)


    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)


    Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)


    Google Talk (remove only) (HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - )


    Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)


    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)


    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden


    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden


    Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden


    Google Web Designer (HKLM\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 1.3.10.0 - Google Inc.)


    Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)


    HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)


    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)


    HP Media Vault Pro (HKLM-x32\...\{01ACF590-90FE-43EE-906E-EC051D587CA8}) (Version: 1.2.1.16218 - Hewlett-Packard)


    HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)


    HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 9.7.3 - Hewlett-Packard Company)


    HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)


    HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)


    HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)


    HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)


    ICCHelp (HKLM-x32\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 1.0.0.2 - UPS)


    iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.)


    Inbox Toolbar (HKLM-x32\...\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1) (Version: 2.0.1.110 - Xacti, LLC)


    IP Camera (HKLM-x32\...\IP Camera) (Version: - )


    iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)


    Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)


    Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden


    Korean Fonts Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5670-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)


    LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)


    LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden


    LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )


    LastPass(uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)


    Launch-n-Go (HKLM-x32\...\{7CE12FDF-B758-46A5-A8CD-785EDFDC5B84}) (Version: 2.0 - Tethys Solutions, LLC)


    LightScribe Diagnostic Utility (HKLM-x32\...\{8FE019AA-8C1C-46D3-A6CA-E45C5E332736}) (Version: 1.18.27.10 - LightScribe)


    LightScribe System Software (HKLM-x32\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe)


    Linksys Dual Band Wireless-AC USB Adapter (HKLM-x32\...\{C094F1A2-5EDF-4550-AE67-5FC1F4D2186F}) (Version: 1.0.0.22 - Linksys LLC)


    LogMeIn (HKLM-x32\...\{34F93E31-E1A0-421C-8E86-BCF7C4193A91}) (Version: 4.0.982 - LogMeIn, Inc.)


    LogMeIn (HKLM-x32\...\{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}) (Version: 4.1.1578 - LogMeIn, Inc.)


    MAMP & MAMP PRO version 3.2.2 (HKLM-x32\...\{A62E77D4-9B74-4CA0-A254-EFE711F7A298}_is1) (Version: 3.2.2 - appsolute Gmbh)


    Mega Video Converter 2.2 (HKLM-x32\...\Mega Video Converter_is1) (Version: - Mega Video Converter)


    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)


    Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)


    Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)


    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)


    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)


    Microsoft Office Access 2003 (HKLM-x32\...\{90150409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)


    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)


    Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)


    Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - )


    Microsoft Office Outlook 2007 (HKLM-x32\...\OUTLOOKR) (Version: 12.0.6612.1000 - Microsoft Corporation)


    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)


    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)


    Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)


    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)


    Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)


    Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)


    Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)


    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)


    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)


    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)


    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)


    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)


    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)


    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)


    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)


    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)


    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)


    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)


    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)


    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)


    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)


    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)


    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)


    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)


    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)


    Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)


    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden


    Mozilla Firefox 50.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0.2 (x86 en-US)) (Version: 50.0.2 - Mozilla)


    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.2.6177 - Mozilla)


    mp3Tag Pro 9.5 (HKLM-x32\...\mp3Tag Pro_is1) (Version: - ManiacTools.com)


    MSIChecker (x32 Version: 9.00.0000 - UPS) Hidden


    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)


    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)


    MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.3.2 - MusicBrainz)


    NA1Messenger (x32 Version: 12.00.6000 - Your Company Name) Hidden


    NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.2.27.1 - NETGEAR Inc.)


    NETGEAR Powerline Utility (HKLM-x32\...\InstallShield_{2753B568-6F85-4E31-A114-A7F8D8606DDD}) (Version: 2.0.0.6 - NETGEAR Powerline)


    NETGEAR Powerline Utility (x32 Version: 2.0.0.6 - NETGEAR Powerline) Hidden


    Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.5 - )


    NRF (x32 Version: 12.00.0000 - UPS) Hidden


    NTI DriveBackup! 4 (HKLM-x32\...\{651DF20A-B6D8-4C7A-BBD8-EBC5FC7CF1C1}) (Version: 4.8.35.0 - NewTech Infosystems)


    NTI Shadow 3 (HKLM-x32\...\{E9EB5689-4F76-4E3C-A675-5ED5F52AB890}) (Version: 3.8.2.59 - NewTech Infosystems)


    NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9739 - NVIDIA Corporation)


    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.6 - NVIDIA Corporation)


    NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)


    NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)


    Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Octoshape add-in for Adobe Flash Player) (Version: - )


    ocxinstall (HKLM-x32\...\{1A2606DD-5E86-4ADA-954B-D98012A174E0}) (Version: 1.0.0.32 - apexis)


    OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)


    OutlookTempCleaner (HKLM-x32\...\{6CBD7BE6-D9C7-4856-9B40-8C67037D1A72}) (Version: 1.2.0 - HowTo-Outlook)


    Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)


    PDF reDirect (remove only) (HKLM-x32\...\PDF reDirect) (Version: v2.2.8 - EXP Systems LLC)


    PDFlite 1.0.0.0 (HKLM-x32\...\PDFlite) (Version: 1.0.0.0 - Amnis Technology Ltd)


    PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)


    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)


    PolicyManager (x32 Version: 12.00.0000 - UPS) Hidden


    Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)


    Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden


    PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)


    PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3405 - CyberLink Corp.)


    PowerDirector (x32 Version: 7.0.3405 - CyberLink Corp.) Hidden


    PreSonus Studio One 3 (HKLM-x32\...\PreSonus Studio One 3) (Version: 3.2.2.37876 - PreSonus Audio Electronics)


    PrimoPDF -- by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5.0.0.19 - Nitro PDF Software)


    PuTTY version 0.60 (HKLM-x32\...\PuTTY_is1) (Version: 0.60 - Simon Tatham)


    puzzle.watype.net/jigsawlite (HKLM-x32\...\net.watype.puzzle.jigsawlite.59CF40312C069B2E5F3F9C70D453B8E2C77D2E60.1) (Version: 0.18.2.20 - UNKNOWN)


    puzzle.watype.net/jigsawlite (x32 Version: 0.18.2 - UNKNOWN) Hidden


    PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden


    QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)


    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6531 - Realtek Semiconductor Corp.)


    Reconciler (x32 Version: 12.00.0000 - UPS) Hidden


    RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 5.35 - NCH Software)


    Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden


    Recuva (HKLM\...\Recuva) (Version: 1.49 - Piriform)


    ReportServer (x32 Version: 12.00.0000 - Your Company Name) Hidden


    RoboForm 7-9-27-7 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-27-7 - Siber Systems)


    Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)


    SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.)


    SecureTunnel Private Network (HKLM-x32\...\SecureTunnel Private Network 2.9.0) (Version: 2.9.0 - SecureTunnel.com)


    SecureTunnel Private Network (x32 Version: 2.9.0 - SecureTunnel.com) Hidden


    SiteSpinner Pro V2 (HKLM-x32\...\{8F2F5883-646E-472E-85B9-BBE5D6F37803}) (Version: 2.92.17 - Virtual Mechanics)


    Skype Web Plugin (HKLM-x32\...\{F6C18D35-D3EB-4AEA-B266-C2F11B6DB723}) (Version: 7.12.0.55 - Skype Technologies S.A.)


    Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.106 - Skype Technologies S.A.)


    SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: - NCH Software)


    StormPredator 3.6 (HKLM-x32\...\StormPredator_3.31) (Version: 3.6 - IntelliWeather, Inc)


    SupportUtility (x32 Version: 12.00.0000 - Your Company Name) Hidden


    System (x32 Version: 12.00.0000 - UPS) Hidden


    TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )


    TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)


    the LATEST VERSION OF THE GVJACKAPP (HKLM-x32\...\{GVJackAppUpdate-94F9C78F-EA53-45CA-B980-F3CBB199A2D5}_is1) (Version: - PCPhoneSoft.com)


    Tracks Live (HKLM\...\{7CDFC114-1808-4C24-B69C-9EE265F890FC}) (Version: 1.2 - Waves Audio)


    Ubuntu (HKLM-x32\...\Wubi) (Version: 12.04.1-rev273 - Ubuntu)


    UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.0.9.5 - uvnc bvba)


    UmmyVideoDownloader (HKLM-x32\...\{E028DBDA-EEE7-48A0-ADF7-D250589A02C5}_is1) (Version: 1.6.0.3 - ) <==== ATTENTION


    UnifiedPrinting (x32 Version: 12.00.0000 - UPS) Hidden


    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)


    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)


    UPS Thermal Printer Plugin - Version 8.10 (HKLM-x32\...\{BB2F9840-531D-4C8E-9F19-A101ECD9ABC0}) (Version: - )


    UPS WorldShip (HKLM-x32\...\UPS WorldShip) (Version: 12.0 - UPS)


    UPSDB (x32 Version: 12.00.0000 - UPS) Hidden


    UPSICC (x32 Version: 1.0.0.16 - UPS) Hidden


    UPSlinkHTTP (x32 Version: 1.0.0.13 - UPS) Hidden


    UPSVCMM (x32 Version: 12.00.0000 - UPS) Hidden


    Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)


    Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)


    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)


    VuePrint (HKLM-x32\...\VuePrint) (Version: - )


    WebFilteringEngine (Version: 2.2.1.0 - Lavasoft) Hidden


    WebHelp (HKLM-x32\...\{8C5BD501-AD5D-4A75-9321-076509B438FC}) (Version: 1.00.0000 - UPS)


    Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)


    Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)


    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)


    Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)


    WinMerge 2.12.4 (HKLM-x32\...\WinMerge_is1) (Version: 2.12.4 - Thingamahoochie Software)


    WMA 9 Lossless to PCM Conversion Tool (HKLM-x32\...\wmal2pcm) (Version: - )


    WorldShip (x32 Version: 12.00.0000 - UPS) Hidden


    ZebraNet Bridge 1_3_3 (HKLM-x32\...\{67A1CB41-3DCA-4872-9485-FFEDFF25C95C}) (Version: 1.3.302 - Zebra Technologies)


    ZyXEL PLA Series Utility (HKLM-x32\...\{65FB8889-07CF-4ECC-859D-927EA587A7C1}) (Version: 7.00.0004 - ZyXEL Communications Corp.)




    ==================== Custom CLSID (Whitelisted): ==========================




    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\ChromeHTML: -> <==== ATTENTION


    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File


    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{147D75F3-19D5-4810-800D-7F50A02E8B60}\InprocServer32 -> C:\Users\Ron\AppData\Local\SkypePlugin\7.12.0.55\GatewayActiveX-x64.dll (Skype Technologies S.A.)


    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File


    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File


    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File


    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File


    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File


    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {184C3844-9468-D082-12A8-3DE985889A47} => No File


    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{B9BE850C-F3F7-48AD-BB5B-A0CDA0706DB5}\localserver32 -> C:\Users\Ron\AppData\Local\SkypePlugin\7.12.0.55\GatewayVersion-x64.exe (Skype Technologies S.A.)


    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File


    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)


    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Ron\AppData\Local\SkypePlugin\7.12.0.55\EdgeCalling.exe (Skype Technologies S.A.)


    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File


    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File


    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {40DE96E7-9468-D082-B106-AFB185889A47} => No File


    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)




    ==================== Scheduled Tasks (Whitelisted) =============




    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




    Task: {018C8B41-7568-41E9-9B06-8F5E9EB86F21} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [2015-07-15] (File Type Advisor)


    Task: {0C45D057-3956-401D-9F80-E63391787284} - System32\Tasks\{DA0A0907-C0AE-4D7F-B317-61412A8F56F3} => pcalua.exe -a C:\Users\Ron\Desktop\setup.exe -d C:\Users\Ron\Desktop


    Task: {171EE4DF-0493-4CC0-A7E8-2C358D3D75E6} - System32\Tasks\{2CC58E79-14EC-4202-A6C7-D9D05FF2D1F7} => pcalua.exe -a C:\brodnt\HL-2170W\install\usa\inst\setup.exe -d C:\brodnt\HL-2170W\install\usa\inst


    Task: {1B617820-169F-4EFE-827B-E04640DD2476} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)


    Task: {1F7B9E04-3B56-42B4-9043-34B84CC81787} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxps://www.roboform.com/test-pass.html?aaa=KICMNJHMLJMMPMKJKMIMCNIMMJKJIMCNLMMJPMLJCNHMKJGMKMCNJMNMJMLJLJLJNJLJJJNJPMPMJNJICMIMCNGMCNNMIMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMNMOMLMJMJNHICMMJBJKJLIMJJNBJCMNKAJBJJNKJCMJNNICMJNDJCMKJBJJNMJCMOMFMH (the data entry has 44 more characters).


    Task: {35DE0D53-566B-4257-BEBD-8B51A6614734} - System32\Tasks\AutoUpdaterTask => C:\Program Files (x86)\Auto Updater\AutoUpdater.exe [2012-09-18] ()


    Task: {38CA567C-8D38-43E6-B376-9AF18BB37898} - System32\Tasks\{526058CB-A3FC-4B49-9384-E0C6BE1A8B2D} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation)


    Task: {45E20403-D863-4A27-A7BA-BF5249F92389} - System32\Tasks\{3541A9E2-1605-4FAD-8F96-438748432F9D} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation)


    Task: {4C8D2E40-464C-44E8-83FA-51C607B604CE} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2017-02-19] (Siber Systems)


    Task: {4FD35115-73D5-4D26-B767-FBC93DD15F5C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)


    Task: {58C0C529-BC37-4337-B0A0-C08B2F5FAF41} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)


    Task: {5A3CEBFD-A8F0-4858-9E07-7E5249B5E4C3} - System32\Tasks\HPCeeScheduleForRon => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07] (Hewlett-Packard)




    Task: {68F6F88A-2670-4CF5-BFFF-2BFFFD14F2A4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1719432816-2042769076-3470656445-1001UA => C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-28] (Google Inc.)


    Task: {7078C9F7-1CC5-4BD6-B8A0-26C5241F6879} - System32\Tasks\{9CFD2462-2C82-4C34-B8B5-EB1925AA4EBA} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation)


    Task: {7CF7CFB7-D44C-46BB-B50B-297DF727E8D6} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)


    Task: {7FC36B8F-7346-4E96-A201-FCB59358456C} - System32\Tasks\{280F04D4-7E1E-4FFB-8BA1-B9C9DF95ED4B} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2015-12-29] (Skype Technologies S.A.)


    Task: {82362E66-1F65-4AF2-95C9-7BB25D4B760E} - System32\Tasks\{52A341EC-FFC4-4969-B3CB-D11F0D781F43} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe" -c /AppMode=SETUP /Uninstall


    Task: {8FBDA4A1-2911-4DA6-8505-2E6C550E3071} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)


    Task: {9E191FCE-73EA-4502-8B5B-589C3880DF87} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)


    Task: {9EFA47FE-7763-46CB-B61B-85A5BEB2778E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)


    Task: {B5DB96E3-56F6-4106-AA61-09346EC76FB5} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe


    Task: {CB06BE51-9DF6-46F8-9035-B07468322293} - System32\Tasks\{56023160-B799-4645-B063-AFFAE4234881} => pcalua.exe -a E:\setup.exe -d E:\


    Task: {D3F54BCA-642F-4313-84B8-40C3C67C730D} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-01-16] ()


    Task: {E8025BB0-CA5C-474B-9310-02A9A80C789C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1719432816-2042769076-3470656445-1001Core => C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-28] (Google Inc.)


    Task: {E94BAD03-5685-4E6D-B696-EA09F280530F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe


    Task: {EEDEE430-FBEC-4D69-B2A5-C0A9BA413A68} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)


    Task: {F16515E8-06F1-4EA1-823C-BB85BCBA892E} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Ron) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe


    Task: {F52D2128-CD63-4D46-9204-4470FEE35DD5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-13] (Adobe Systems Incorporated)




    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)




    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe


    Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe


    Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe


    Task: C:\Windows\Tasks\HPCeeScheduleForRon.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe


    Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe 5-fh scripts\monthly.xml


    Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Ron).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe




    ==================== Shortcuts =============================




    (The entries could be listed to be restored or removed.)




    Shortcut: C:\Users\Ron\images\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm


    Shortcut: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co




    ==================== Loaded Modules (Whitelisted) ==============




    2008-08-04 23:07 - 2008-08-04 23:07 - 00064704 _____ () C:\Windows\System32\PDFreDirectMon64.dll


    2010-03-24 23:13 - 2009-07-30 18:58 - 00090624 _____ () C:\Windows\System32\Primomonnt.dll


    2011-06-18 14:27 - 2005-03-11 17:07 - 00087040 _____ () C:\Windows\System32\redmonnt.dll


    2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll


    2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


    2010-03-12 12:54 - 2005-04-22 13:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll


    2017-01-13 12:10 - 2017-01-13 12:10 - 00052400 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll


    2012-10-16 06:54 - 2012-10-16 06:54 - 01041736 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe


    2009-12-01 21:36 - 2009-12-01 21:36 - 00024576 _____ () C:\UPS\WSTD\UPSNA1Msgr.exe


    2009-12-01 21:39 - 2011-03-09 01:49 - 00422912 _____ () C:\UPS\WSTD\WSTDMessaging.exe


    2012-09-24 23:06 - 2012-09-24 23:06 - 00122696 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe


    2016-12-15 13:05 - 2016-12-15 13:05 - 09533688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareTray.exe


    2016-12-15 13:06 - 2016-12-15 13:06 - 03713272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\RCF.dll


    2016-12-15 13:06 - 2016-12-15 13:06 - 00145144 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_filesystem-vc140-mt-1_61.dll


    2016-12-15 13:06 - 2016-12-15 13:06 - 00030968 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_system-vc140-mt-1_61.dll


    2016-12-15 13:06 - 2016-12-15 13:06 - 00067832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_date_time-vc140-mt-1_61.dll


    2016-12-15 13:06 - 2016-12-15 13:06 - 00733432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_log-vc140-mt-1_61.dll


    2016-12-15 13:06 - 2016-12-15 13:06 - 00039672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_chrono-vc140-mt-1_61.dll


    2016-12-15 13:06 - 2016-12-15 13:06 - 00122104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_thread-vc140-mt-1_61.dll


    2016-12-15 13:06 - 2016-12-15 13:06 - 00525048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_locale-vc140-mt-1_61.dll


    2016-12-15 13:05 - 2016-12-15 13:05 - 02479864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\HtmlFramework.dll


    2016-12-15 13:05 - 2016-12-15 13:05 - 00871672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareTrayDefaultSkin.dll


    2012-05-10 23:24 - 2012-05-10 23:24 - 02537472 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtCore4.dll


    2012-05-09 19:34 - 2012-05-09 19:34 - 00011362 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\mingwm10.dll


    2012-05-09 19:34 - 2012-05-09 19:34 - 00043008 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll


    2012-05-10 23:24 - 2012-05-10 23:24 - 09814016 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtGui4.dll


    2012-10-11 17:57 - 2012-10-11 17:57 - 00478720 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll


    2012-10-11 17:57 - 2012-10-11 17:57 - 01553408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll


    2012-05-10 23:24 - 2012-05-10 23:24 - 01140224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtNetwork4.dll


    2012-05-10 23:24 - 2012-05-10 23:24 - 00399360 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtXml4.dll


    2012-10-11 17:57 - 2012-10-11 17:57 - 00229888 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll


    2012-10-11 17:57 - 2012-10-11 17:57 - 01062400 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll


    2012-10-16 18:41 - 2012-10-16 18:41 - 03775488 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll


    2012-10-11 17:57 - 2012-10-11 17:57 - 00500736 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll


    2012-10-11 17:57 - 2012-10-11 17:57 - 00186368 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll


    2012-10-11 17:57 - 2012-10-11 17:57 - 01132032 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll


    2012-10-11 17:57 - 2012-10-11 17:57 - 08295424 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll


    2012-10-11 17:57 - 2012-10-11 17:57 - 01188352 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll


    2012-10-11 17:57 - 2012-10-11 17:57 - 00088064 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll


    2012-10-11 17:57 - 2012-10-11 17:57 - 00641536 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll


    2012-10-11 17:57 - 2012-10-11 17:57 - 00920064 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll


    2012-10-11 17:57 - 2012-10-11 17:57 - 00438272 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll


    2012-05-10 23:24 - 2012-05-10 23:24 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif4.dll


    2012-05-10 23:24 - 2012-05-10 23:24 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico4.dll


    2012-05-10 23:24 - 2012-05-10 23:24 - 00287232 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg4.dll


    2012-10-11 17:57 - 2012-10-11 17:57 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll


    2012-10-11 17:57 - 2012-10-11 17:57 - 00150528 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll


    2012-09-24 23:06 - 2012-09-24 23:06 - 01233389 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll


    2012-10-11 17:57 - 2012-10-11 17:57 - 00082432 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.DLL


    2012-10-11 17:57 - 2012-10-11 17:57 - 00083968 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll


    2012-10-11 17:57 - 2012-10-11 17:57 - 00138752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll


    2012-10-11 17:57 - 2012-10-11 17:57 - 00702464 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll


    2012-10-11 17:57 - 2012-10-11 17:57 - 00504832 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll


    2012-10-11 17:57 - 2012-10-11 17:57 - 00116224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll


    2012-10-11 17:57 - 2012-10-11 17:57 - 00076288 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll


    2017-01-13 13:56 - 2017-01-13 13:56 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


    2016-09-01 17:13 - 2016-09-01 17:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll


    2017-01-13 13:56 - 2017-01-13 13:56 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll


    2009-12-01 21:36 - 2009-12-01 21:36 - 00045056 _____ () C:\UPS\WSTD\PolicyMgr\UPS.Components.NA1MessengerServer.dll


    2009-12-01 19:34 - 2009-12-01 19:34 - 00018944 _____ () C:\UPS\WSTD\UPSResourceManager.dll


    2009-12-01 21:37 - 2009-12-01 21:37 - 00053248 _____ () C:\UPS\WSTD\PolicyMgr\UPS.Components.PolicyHolder.dll


    2009-12-01 21:37 - 2009-12-01 21:37 - 00024576 _____ () C:\UPS\WSTD\PolicyMgr\Microsoft.ApplicationBlocks.Data.dll


    2017-02-07 17:14 - 2017-02-06 21:48 - 00801600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll


    2015-12-11 17:57 - 2017-01-13 16:53 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd


    2015-12-11 17:57 - 2017-01-13 16:53 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd


    2015-12-11 17:57 - 2017-01-13 16:53 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd


    2015-12-11 17:57 - 2017-02-06 21:50 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd


    2015-12-11 17:57 - 2017-01-13 16:53 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd


    2017-02-07 17:14 - 2017-02-06 21:50 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd


    2015-12-11 17:57 - 2017-01-13 16:54 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd


    2017-02-07 17:14 - 2017-02-06 21:50 - 01682768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd


    2017-02-07 17:14 - 2017-02-06 21:50 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd


    2017-02-07 17:14 - 2017-01-13 16:53 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd


    2017-02-07 17:14 - 2017-01-13 16:54 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd


    2017-02-07 17:14 - 2017-01-13 16:53 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll


    2015-12-11 17:57 - 2017-01-13 16:56 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd


    2016-08-05 09:54 - 2017-02-06 21:50 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd


    2017-02-07 17:14 - 2017-02-06 21:50 - 00052544 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd


    2017-02-07 17:14 - 2017-02-06 21:50 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd


    2017-02-07 17:14 - 2017-01-13 16:53 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll


    2017-02-07 17:14 - 2017-01-13 16:56 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd


    2015-12-11 17:57 - 2017-01-13 16:56 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd


    2015-12-11 17:57 - 2017-01-13 16:57 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd


    2015-12-11 17:57 - 2017-02-06 21:50 - 00381760 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd


    2015-12-11 17:57 - 2017-01-13 16:56 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd


    2016-08-05 09:54 - 2017-02-06 21:50 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd


    2015-12-11 17:57 - 2017-01-13 16:56 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd


    2015-12-11 17:57 - 2017-01-13 16:56 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd


    2015-12-11 17:57 - 2017-01-13 16:57 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd


    2015-12-11 17:57 - 2017-01-13 16:57 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd


    2015-12-11 17:57 - 2017-01-13 16:57 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd


    2015-12-11 17:57 - 2017-01-13 16:56 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd


    2015-12-11 17:57 - 2017-01-13 16:57 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd


    2017-02-07 17:14 - 2017-02-06 21:50 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd


    2017-02-07 17:14 - 2017-02-06 21:50 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd


    2016-08-05 09:54 - 2017-01-13 16:55 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd


    2017-02-07 17:14 - 2017-02-06 21:50 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd


    2015-12-11 17:57 - 2017-01-13 16:57 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd


    2017-02-07 17:14 - 2017-02-06 21:50 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd


    2015-12-11 17:57 - 2017-01-13 16:54 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd


    2017-02-07 17:14 - 2017-02-06 21:50 - 01972536 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd


    2017-02-07 17:14 - 2017-02-06 21:50 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd


    2017-02-07 17:14 - 2017-02-06 21:50 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd


    2015-12-11 17:57 - 2017-02-06 21:50 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd


    2017-02-07 17:14 - 2017-02-06 21:50 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd


    2017-02-07 17:14 - 2017-02-06 21:50 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd


    2017-02-07 17:14 - 2017-02-06 21:50 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd


    2017-01-23 14:00 - 2017-02-06 21:50 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd


    2017-01-23 14:00 - 2017-02-06 21:50 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd


    2017-01-23 14:00 - 2017-02-06 21:50 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd


    2017-01-23 14:00 - 2017-02-06 21:50 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd


    2015-12-11 17:57 - 2017-01-13 16:57 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd


    2016-02-12 03:03 - 2017-02-06 21:50 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd


    2017-02-07 17:14 - 2017-02-06 21:50 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd


    2017-02-07 17:14 - 2017-01-13 16:51 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll


    2017-02-07 17:14 - 2017-02-06 21:50 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL


    2017-02-07 17:14 - 2017-01-13 17:02 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll


    2017-02-07 17:14 - 2017-01-13 17:02 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll


    2017-02-07 17:14 - 2017-02-06 21:50 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd


    2017-02-07 17:14 - 2017-02-06 21:50 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd


    2017-02-07 17:14 - 2017-02-06 21:50 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd


    2015-12-11 17:57 - 2017-01-13 16:57 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd


    2016-08-05 09:54 - 2017-02-06 21:50 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd


    2017-02-07 17:14 - 2017-02-06 21:50 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd


    2015-11-11 15:11 - 2017-01-13 17:04 - 00697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll


    2010-03-12 12:54 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


    2016-06-01 13:39 - 2016-06-01 13:39 - 00439480 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll


    2016-06-01 13:39 - 2016-06-01 13:39 - 00321208 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll


    2015-11-11 03:41 - 2015-11-11 03:41 - 00756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL


    2017-02-06 13:30 - 2017-02-01 02:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll


    2017-02-06 13:30 - 2017-02-01 02:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll




    ==================== Alternate Data Streams (Whitelisted) =========




    (If an entry is included in the fixlist, only the ADS will be removed.)






    ==================== Safe Mode (Whitelisted) ===================




    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)




    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen => ""="Service"




    ==================== Association (Whitelisted) ===============




    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)




    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Classes\.exe: => <===== ATTENTION


    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Classes\.scr: => <===== ATTENTION


    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Classes\.bat: => <===== ATTENTION


    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Classes\.com: => <===== ATTENTION


    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Classes\.cmd: => <===== ATTENTION


    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Classes\.reg: => <===== ATTENTION




    ==================== Internet Explorer trusted/restricted ===============




    (If an entry is included in the fixlist, it will be removed from the registry.)




    IE trusted site: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\member-data.com -> hxxps://www.member-data.com




    ==================== Hosts content: ==========================




    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)




    2012-04-26 20:36 - 2013-08-22 14:56 - 00000410 ____A C:\Windows\system32\Drivers\etc\hosts




    127.0.0.1 localhost


    255.255.255.255 broadcasthost




    ==================== Other Areas ============================




    (Currently there is no automatic fix for this section.)




    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Control Panel\Desktop\\Wallpaper ->


    DNS Servers: 75.75.75.75 - 75.75.76.76


    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)


    Windows Firewall is enabled.




    ==================== MSCONFIG/TASK MANAGER disabled items ==




    MSCONFIG\Services: AdobeARMservice => 2


    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3


    MSCONFIG\Services: AgereModemAudio => 2


    MSCONFIG\Services: APC Data Service => 2


    MSCONFIG\Services: APC UPS Service => 2


    MSCONFIG\Services: Apple Mobile Device Service => 2


    MSCONFIG\Services: Bonjour Service => 2


    MSCONFIG\Services: BRA_Scheduler => 2


    MSCONFIG\Services: dbupdate => 2


    MSCONFIG\Services: dbupdatem => 3


    MSCONFIG\Services: DbxSvc => 2


    MSCONFIG\Services: GameConsoleService => 3


    MSCONFIG\Services: Garmin Device Interaction Service => 2


    MSCONFIG\Services: gupdate => 2


    MSCONFIG\Services: gupdatem => 3


    MSCONFIG\Services: gusvc => 3


    MSCONFIG\Services: hpqwmiex => 3


    MSCONFIG\Services: IDriverT => 3


    MSCONFIG\Services: iPod Service => 3


    MSCONFIG\Services: LavasoftAdAwareService11 => 2


    MSCONFIG\Services: LightScribeService => 2


    MSCONFIG\Services: LMIGuardianSvc => 2


    MSCONFIG\Services: MozillaMaintenance => 3


    MSCONFIG\Services: nvsvc => 2


    MSCONFIG\Services: nvUpdatusService => 2


    MSCONFIG\Services: SkypeUpdate => 2


    MSCONFIG\Services: TeamViewer => 2


    MSCONFIG\Services: WSWUSB6300 => 2




    ==================== FirewallRules (Whitelisted) ===============




    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




    FirewallRules: [{04CFBCA5-D46F-4261-AF05-054C15FEA067}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE


    FirewallRules: [{CF3F4ACC-ECD5-462C-B096-B9AA9AD48612}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe


    FirewallRules: [{02BE86F2-D561-42A0-AFF3-F123A0B12779}] => (Allow) svchost.exe


    FirewallRules: [{FA059FB8-007D-4D10-A57C-CC0DC49699D3}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe


    FirewallRules: [TCP Query User{96E0F301-D6AF-4D3D-B7B4-9CB51499FA9B}C:\program files (x86)\hewlett-packard\hp media vault pro\hpmvtray.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp media vault pro\hpmvtray.exe


    FirewallRules: [uDP Query User{D4E22FA9-D054-4F1C-8CE2-34EEFB651F6C}C:\program files (x86)\hewlett-packard\hp media vault pro\hpmvtray.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp media vault pro\hpmvtray.exe


    FirewallRules: [TCP Query User{53F41E42-E181-4A21-9590-E46DB8A5A190}C:\program files (x86)\hewlett-packard\hp media vault pro\nascfg.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp media vault pro\nascfg.exe


    FirewallRules: [uDP Query User{745AB414-2463-4574-B036-8EFA75FBFA22}C:\program files (x86)\hewlett-packard\hp media vault pro\nascfg.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp media vault pro\nascfg.exe


    FirewallRules: [{A5CA82CD-A30D-4D0D-BC53-AFDFF78FDE3B}] => (Allow) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe


    FirewallRules: [{B3EA48C0-18EF-460F-8101-8B0AF4C13CA8}] => (Allow) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe


    FirewallRules: [{EBAF833E-9F01-4B24-99B2-EF4647509BA3}] => (Allow) LPort=1434


    FirewallRules: [{E4120D3E-A9C6-4892-B966-264C6BC48A67}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe


    FirewallRules: [{9899B5CC-1AC4-4253-B36C-D2A27E7D796B}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe


    FirewallRules: [{77F7158E-CEF0-41E4-BEA6-CF042B55A7BA}] => (Allow) LPort=54925


    FirewallRules: [{F9AC21CC-ABFB-46E9-9142-C422AD900BD8}] => (Allow) LPort=2869


    FirewallRules: [{AF9F98ED-72A3-4D41-BEE5-9A5921F0D6C8}] => (Allow) LPort=1900


    FirewallRules: [{121C20F9-71F5-4E8F-BD65-86309D27865E}] => (Allow) C:\Program Files\UltraVNC\vncviewer.exe


    FirewallRules: [{C845D225-7045-4CB8-AAF6-4C19AE653FA6}] => (Allow) C:\Program Files\UltraVNC\vncviewer.exe


    FirewallRules: [{58967C13-CDF9-4F3E-97D2-D1DED470D1FA}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe


    FirewallRules: [{5EDA4F80-FD2D-49B5-9409-AB6412D13910}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe


    FirewallRules: [{84CAE729-C8E8-4B5B-B202-4F9A88BBF192}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe


    FirewallRules: [{EEDD2655-0487-4562-83BB-F92117D01005}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe


    FirewallRules: [{7FCC12D4-2597-4725-AFAE-47EA39AE5769}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe


    FirewallRules: [{125DD76A-7F2C-4637-A34B-28AE6BBAC108}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe


    FirewallRules: [{4B3E40A2-5249-44A5-80C2-5489728F1408}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe


    FirewallRules: [{D9AC19C1-0DAD-45FA-A6B5-6F5689434355}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe


    FirewallRules: [{B74BF052-ABE8-4877-B1F1-2FD1395213AC}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe


    FirewallRules: [{BB9E8922-E01B-4497-BAB6-BA0DE0DB1363}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe


    FirewallRules: [{1575BDC3-DF99-4EC0-91D8-1603AD9B0E67}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe


    FirewallRules: [{8B2BAFE7-F941-44F1-8D55-8D2C80E66CE7}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe


    FirewallRules: [{41C7AE45-BAD3-4A6F-AFC4-5CC0FF1510C7}] => (Allow) LPort=24726


    FirewallRules: [{96402590-1298-4881-846A-F7EB65EF211B}] => (Allow) LPort=24727


    FirewallRules: [{CF4E4349-0AFF-4356-93E1-178C84805906}] => (Allow) svchost.exe


    FirewallRules: [{EAA09862-6215-482A-B8A2-A6C7C83F23AC}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe


    FirewallRules: [TCP Query User{B249BE15-7982-4ACA-8447-C4F896C7997D}C:\windows\syswow64\ipcamera.exe] => (Allow) C:\windows\syswow64\ipcamera.exe


    FirewallRules: [uDP Query User{BF8F1B0C-8CD1-48B1-A22A-777DF22F1B88}C:\windows\syswow64\ipcamera.exe] => (Allow) C:\windows\syswow64\ipcamera.exe


    FirewallRules: [TCP Query User{22FF9D9F-11F8-499A-8B51-A68B23F4DC03}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe


    FirewallRules: [uDP Query User{94364BE9-2099-4CE7-BFEF-F83A8B6B1DFC}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe


    FirewallRules: [TCP Query User{FF22984D-FC8C-4728-B939-96B73E0276A9}C:\program files (x86)\samsung\intelli-studio\istudio.exe] => (Block) C:\program files (x86)\samsung\intelli-studio\istudio.exe


    FirewallRules: [uDP Query User{1006FE27-8BC6-4D74-BA72-A5BF703774BF}C:\program files (x86)\samsung\intelli-studio\istudio.exe] => (Block) C:\program files (x86)\samsung\intelli-studio\istudio.exe


    FirewallRules: [{B73FA5C0-B373-4929-B790-DF3A59970FE2}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe


    FirewallRules: [{AB15C78D-3377-475E-A700-3768463CCFF6}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe


    FirewallRules: [{0C5953A3-404B-48CF-AC3D-36B2F74079C3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe


    FirewallRules: [{65AEBF1F-2B29-4B47-AE8E-3D653EAFF55C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe


    FirewallRules: [{E4E747B7-FA5C-453E-B4DD-B9F7272188D3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    FirewallRules: [{C624922B-2A83-496A-B626-D0B3AD93FC82}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    FirewallRules: [{DE027B55-E711-4D09-97BA-B103C7238FF7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe


    FirewallRules: [{EB32C7CE-C687-4FF6-B3EB-B615F6A381DF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe


    FirewallRules: [{0F9D9F04-614F-4A7E-958A-59F422F756D0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe


    FirewallRules: [{4B3071DE-6D84-4271-B303-770B2C3D3B39}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe


    FirewallRules: [{91BD0D73-8E06-4F8F-93F5-205738B06BCA}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe


    FirewallRules: [{2902C0CE-9285-498E-ACCB-3B3FAE66530E}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe


    FirewallRules: [{E36AFE51-4C82-4EDA-B626-F17326893986}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe


    FirewallRules: [{1B7919B3-BEBB-421C-9019-7CCE21C37F8A}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe


    FirewallRules: [{727E9DD5-A32C-418E-9C18-3C88F0D5B27C}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe


    FirewallRules: [{DD32FDDC-EE86-46F5-A917-5D1494C338E7}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe


    FirewallRules: [{63E501F5-CBD5-458C-94FF-97F93EF55289}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe


    FirewallRules: [{109A1587-7F54-49AC-97B6-A677BACF145D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe


    FirewallRules: [{34D57141-8198-452A-8C4C-545989FE1BCF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe


    FirewallRules: [{57019B5F-F3C3-4987-83D0-20078E3E80CB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe


    FirewallRules: [{6C809256-F108-4F94-94DB-6C37A8407BBD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe


    FirewallRules: [{5E2B95F8-5265-4AAF-8A6D-05F7ADEB4C0C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe


    FirewallRules: [{53D9A3E1-C3C9-4047-B990-E8643367EE8F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe


    FirewallRules: [{E09EE821-C50D-4C5A-B645-C4D5B95CB311}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe


    FirewallRules: [{BC13EABF-79A6-40EB-8457-9BB3AA57130F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe


    FirewallRules: [{EC33304A-89A8-477B-9766-EAFC22B367FF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    FirewallRules: [{BA2DAC2C-6E7B-4EF7-B306-554D8B3D161D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    FirewallRules: [{234154C8-8698-482D-BDF4-9DD665CB03E2}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe


    FirewallRules: [{6FE39A68-60CC-4A90-9993-6642BCB6FA83}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe


    FirewallRules: [{9644C4AA-1CDB-43E5-AC42-1B991B935B3D}] => (Allow) C:\Users\Ron\AppData\Roaming\BitTorrent\BitTorrent.exe


    FirewallRules: [{08A19798-139F-46E4-82B4-27E6161ED1BC}] => (Allow) C:\Users\Ron\AppData\Roaming\BitTorrent\BitTorrent.exe


    FirewallRules: [{FFAFD776-7CF2-4644-9B06-F40778DADA97}] => (Allow) C:\Users\Ron\AppData\Roaming\BitTorrent\BitTorrent.exe


    FirewallRules: [{EF9903A1-EB6D-46EA-B231-8E2EF08169F5}] => (Allow) C:\Users\Ron\AppData\Roaming\BitTorrent\BitTorrent.exe


    FirewallRules: [{98DED0C1-5934-4C91-BC20-DA050893EDA5}] => (Allow) C:\Users\Ron\AppData\Roaming\BitTorrent\BitTorrent.exe


    FirewallRules: [{F429B5AF-9034-4A9B-98EA-B0A9F8DB2377}] => (Allow) C:\Users\Ron\AppData\Roaming\BitTorrent\BitTorrent.exe


    FirewallRules: [TCP Query User{58829809-6052-4801-9F84-F51F3DB7D882}C:\program files (x86)\zebralink\zebranet bridge\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\zebralink\zebranet bridge\jre\bin\javaw.exe


    FirewallRules: [uDP Query User{6211E949-E850-4C49-8FF8-3A28FAD9A819}C:\program files (x86)\zebralink\zebranet bridge\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\zebralink\zebranet bridge\jre\bin\javaw.exe


    FirewallRules: [TCP Query User{63F4F807-1D24-442A-94BC-39FF19A77785}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe


    FirewallRules: [uDP Query User{3F1C97F7-306F-4F22-947D-2303C282BF62}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe


    FirewallRules: [TCP Query User{A4285092-38F4-4068-9DF2-32EEF72A6943}C:\mamp\bin\apache\bin\httpd.exe] => (Allow) C:\mamp\bin\apache\bin\httpd.exe


    FirewallRules: [uDP Query User{F96AE503-12BD-4681-B331-37D7B701D20A}C:\mamp\bin\apache\bin\httpd.exe] => (Allow) C:\mamp\bin\apache\bin\httpd.exe


    FirewallRules: [TCP Query User{E8D1ECE3-C62A-4A51-8D3C-EE2697173DAA}C:\mamp\bin\mysql\bin\mysqld.exe] => (Allow) C:\mamp\bin\mysql\bin\mysqld.exe


    FirewallRules: [uDP Query User{19CB9674-82E0-41E9-BBEE-A8FCBEC9B614}C:\mamp\bin\mysql\bin\mysqld.exe] => (Allow) C:\mamp\bin\mysql\bin\mysqld.exe


    FirewallRules: [{22E5D8EF-CD8C-4849-BF01-190C6D90BB37}] => (Allow) C:\Program Files\iTunes\iTunes.exe


    FirewallRules: [{88CB1EA0-AD13-4286-9A40-63347529240C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    FirewallRules: [{B94F20FB-6F7B-4827-BED3-B668CEBC1E9E}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe


    DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\NASCfg.exe] => Enabled:HP Media Vault Configuration


    DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\NASDriveMapper.exe] => Enabled:HP Media Vault DriveMapper


    DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\HPMVTray.exe] => Enabled:HP Media Vault Monitor


    DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\NASSelector.exe] => Enabled:HP Media Vault Selector


    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\NASDriveMapper.exe] => Enabled:HP Media Vault DriveMapper


    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\NASCfg.exe] => Enabled:HP Media Vault Configuration


    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\HPMVTray.exe] => Enabled:HP Media Vault Monitor


    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\NASSelector.exe] => Enabled:HP Media Vault Selector




    ==================== Restore Points =========================




    14-02-2017 11:54:42 AA11


    22-02-2017 00:21:26 Scheduled Checkpoint


    22-02-2017 13:37:41 Windows Update




    ==================== Faulty Device Manager Devices =============




    Name: SBRE


    Description: SBRE


    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}


    Manufacturer:


    Service: SBRE


    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)


    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.


    Devices stay in this state if they have been prepared for removal.


    After you remove the device, this error disappears.Remove the device, and this error should be resolved.




    Name: BitDefender Firewall NDIS 6 Filter Driver


    Description: BitDefender Firewall NDIS 6 Filter Driver


    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}


    Manufacturer:


    Service: BdfNdisf


    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)


    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.


    Devices stay in this state if they have been prepared for removal.


    After you remove the device, this error disappears.Remove the device, and this error should be resolved.




    Name: bdftdif


    Description: bdftdif


    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}


    Manufacturer:


    Service: bdftdif


    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)


    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.


    Devices stay in this state if they have been prepared for removal.


    After you remove the device, this error disappears.Remove the device, and this error should be resolved.






    ==================== Event log errors: =========================




    Application errors:


    ==================


    Error: (02/22/2017 11:23:57 AM) (Source: Application Hang) (EventID: 1002) (User: )


    Description: The program iexplore.exe version 11.0.9600.18538 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.




    Process ID: e5c




    Start Time: 01d28d29392a80a0




    Termination Time: 0




    Application Path: C:\Program Files\Internet Explorer\iexplore.exe




    Report Id:




    Error: (02/22/2017 09:31:37 AM) (Source: Application Error) (EventID: 1000) (User: )


    Description: Faulting application name: iCloudDrive.exe, version: 1.6.10.167, time stamp: 0x58791a03


    Faulting module name: iCloudDrive_main.dll, version: 1.6.10.167, time stamp: 0x587e6920


    Exception code: 0xc0000005


    Fault offset: 0x0010025c


    Faulting process id: 0x7b4


    Faulting application start time: 0x01d28d28c2cef8f0


    Faulting application path: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe


    Faulting module path: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive_main.dll


    Report Id: 612cfe70-f91c-11e6-8e85-90e6ba591fe0




    Error: (02/22/2017 09:26:51 AM) (Source: DbxSvc) (EventID: 320) (User: )


    Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.




    Error: (02/22/2017 09:18:33 AM) (Source: Application Hang) (EventID: 1002) (User: )


    Description: The program iexplore.exe version 11.0.9600.18538 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.




    Process ID: 3334




    Start Time: 01d28d2331c01790




    Termination Time: 0




    Application Path: C:\Program Files\Internet Explorer\iexplore.exe




    Report Id:




    Error: (02/20/2017 01:00:01 AM) (Source: Windows Backup) (EventID: 4103) (User: )


    Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).




    Error: (02/18/2017 10:16:51 PM) (Source: Application Hang) (EventID: 1002) (User: )


    Description: The program SiteSpinnerProV2.exe version 2.9.2.17 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.




    Process ID: 1fa0




    Start Time: 01d28a549d3c0118




    Termination Time: 63




    Application Path: C:\Program Files (x86)\Virtual Mechanics\SiteSpinner Pro V2\bin\SiteSpinnerProV2.exe




    Report Id: 8e605e59-f662-11e6-8fe7-90e6ba591fe0




    Error: (02/17/2017 10:58:49 PM) (Source: Application Error) (EventID: 1000) (User: )


    Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.7601.17610, time stamp: 0x4dc0c63a


    Faulting module name: mspst32.dll_unloaded, version: 0.0.0.0, time stamp: 0x511ab2ea


    Exception code: 0xc0000005


    Fault offset: 0x6e986515


    Faulting process id: 0x2690


    Faulting application start time: 0x01d289abe8433810


    Faulting application path: C:\Windows\sysWow64\SearchProtocolHost.exe


    Faulting module path: mspst32.dll


    Report Id: 50ff13b0-f59f-11e6-8fe7-90e6ba591fe0




    Error: (02/16/2017 02:11:49 PM) (Source: Microsoft Office 12) (EventID: 2001) (User: )


    Description: Rejected Safe Mode action : Microsoft Office Outlook.




    Error: (02/15/2017 12:24:16 PM) (Source: DbxSvc) (EventID: 320) (User: )


    Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.




    Error: (02/14/2017 12:05:16 PM) (Source: DbxSvc) (EventID: 320) (User: )


    Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.






    System errors:


    =============


    Error: (02/22/2017 09:28:57 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)


    Description: The following fatal alert was received: 20.




    Error: (02/22/2017 05:25:32 PM) (Source: DCOM) (EventID: 10000) (User: )


    Description: Unable to start a DCOM Server: {5F246A9A-A919-11D3-AB60-00C04FA3014E}. The error:


    "740"


    Happened while starting this command:


    C:\Program Files (x86)\Photoshop6.0\Photoshp.exe -Embedding




    Error: (02/22/2017 09:46:53 AM) (Source: DCOM) (EventID: 10010) (User: )


    Description: The server {9E6E74C7-0E85-4D14-8851-7635E2C1C528} did not register with DCOM within the required timeout.




    Error: (02/22/2017 09:28:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)


    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID


    {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}


    and APPID


    {344ED43D-D086-4961-86A6-1106F4ACAD9B}


    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.




    Error: (02/22/2017 09:27:08 AM) (Source: Service Control Manager) (EventID: 7026) (User: )


    Description: The following boot-start or system-start driver(s) failed to load:


    BdfNdisf


    bdftdif


    cdrom


    SBRE




    Error: (02/22/2017 08:50:10 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)


    Description: The following fatal alert was received: 40.




    Error: (02/21/2017 08:58:01 PM) (Source: DCOM) (EventID: 10010) (User: )


    Description: The server {9E6E74C7-0E85-4D14-8851-7635E2C1C528} did not register with DCOM within the required timeout.




    Error: (02/20/2017 10:12:19 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)


    Description: The following fatal alert was received: 20.




    Error: (02/20/2017 07:17:06 PM) (Source: DCOM) (EventID: 10010) (User: )


    Description: The server {9E6E74C7-0E85-4D14-8851-7635E2C1C528} did not register with DCOM within the required timeout.




    Error: (02/19/2017 05:17:06 PM) (Source: DCOM) (EventID: 10010) (User: )


    Description: The server {9E6E74C7-0E85-4D14-8851-7635E2C1C528} did not register with DCOM within the required timeout.






    CodeIntegrity:


    ===================================


    Date: 2015-08-03 17:53:44.366


    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.




    Date: 2015-08-03 17:53:44.354


    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.




    Date: 2015-08-03 17:53:44.337


    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.




    Date: 2015-08-03 17:53:44.321


    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.




    Date: 2015-08-03 17:53:44.240


    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.




    Date: 2015-08-03 17:53:44.233


    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.




    Date: 2015-08-03 17:53:44.227


    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.




    Date: 2015-08-03 17:53:44.221


    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.




    Date: 2015-08-03 17:53:43.443


    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.




    Date: 2015-08-03 17:53:43.428


    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.






    ==================== Memory info ===========================




    Processor: AMD Athlon II X2 240 Processor


    Percentage of memory in use: 83%


    Total physical RAM: 3839.3 MB


    Available physical RAM: 648.63 MB


    Total Virtual: 12837.49 MB


    Available Virtual: 8020.92 MB




    ==================== Drives ================================




    Drive c: (COMPAQ) (Fixed) (Total:455.94 GB) (Free:251.17 GB) NTFS


    Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.72 GB) (Free:1.42 GB) NTFS ==>[system with boot components (obtained from drive)]




    ==================== MBR & Partition Table ==================




    ========================================================


    Disk: 0 (Size: 465.8 GB) (Disk ID: 1549F232)


    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)


    Partition 2: (Not Active) - (Size=455.9 GB) - (Type=07 NTFS)


    Partition 3: (Not Active) - (Size=9.7 GB) - (Type=07 NTFS)




    ==================== End of Addition.txt ============================


    0
  • Support

    There are several bad search engines and add-ons in the browsers.

    Please, save AdwCleaner on the desktop: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

    Turn off all programs, including browsers.
    Double-click on AdwCleaner to start the program.

    Click on the Scan button.
    Wait until the search has finished.

    Click on the Log file button.
    A report will be displayed, copy its content and paste into your reply.
    If the report isn't displayed, it's available as C:\AdwCleaner\AdwCleaner[s1].txt.



    There are also left-overs from Ad-Aware version 10 and those can disturb (un)installation of newer versions of Ad-Aware. But we'll take care of them when the adware is gone.

    I can't see any service or driver of Ad-Aware 11.

    0
  • Customer

    # AdwCleaner v6.043 - Logfile created 23/02/2017 at 23:42:29


    # Updated on 27/01/2017 by Malwarebytes


    # Database : 2017-02-23.4 [server]


    # Operating System : Windows 7 Home Premium Service Pack 1 (X64)


    # Username : Ron - SEMICHI


    # Running from : C:\Users\Ron\Desktop\adwcleaner_6.043.exe


    # Mode: Scan










    ***** [ Services ] *****




    Service Found: swdumon






    ***** [ Folders ] *****




    Folder Found: C:\Users\Ron\AppData\Local\Babylon


    Folder Found: C:\Users\Ron\AppData\Local\Conduit


    Folder Found: C:\Users\Ron\AppData\Local\PackageAware


    Folder Found: C:\Users\Ron\AppData\Local\slimware utilities inc


    Folder Found: C:\Users\Ron\AppData\Local\SlimWare Utilities Inc


    Folder Found: C:\Users\Ron\AppData\LocalLow\adawaretb


    Folder Found: C:\Users\Ron\AppData\LocalLow\Conduit


    Folder Found: C:\Users\Ron\AppData\LocalLow\Inbox Toolbar


    Folder Found: C:\Users\Ron\AppData\LocalLow\PriceGong


    Folder Found: C:\Users\Ron\AppData\Roaming\AdvertismentImages


    Folder Found: C:\Users\Ron\AppData\Roaming\Babylon


    Folder Found: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Auto Updater


    Folder Found: C:\Users\Employee Access\AppData\LocalLow\adawaretb


    Folder Found: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\adawaretb


    Folder Found: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Inbox Toolbar


    Folder Found: C:\ProgramData\Auto Updater


    Folder Found: C:\ProgramData\blekko toolbars


    Folder Found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar


    Folder Found: C:\Users\Public\Documents\Downloaded Installers


    Folder Found: C:\Program Files (x86)\adawaretb


    Folder Found: C:\Program Files (x86)\Auto Updater


    Folder Found: C:\Program Files (x86)\Conduit


    Folder Found: C:\Program Files (x86)\Inbox Toolbar


    Folder Found: C:\Program Files (x86)\Toolbar Cleaner


    Folder Found: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}


    Folder Found: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack


    Folder Found: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla


    Folder Found: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole


    Folder Found: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\madakpajlmcpaodhfbekojajlhbdklol






    ***** [ Files ] *****




    File Found: C:\Users\Ron\AppData\Local\Microsoft\Internet Explorer\DOMStore\IWRI2Z9F\fromdoctopdf.dl.myway[1].xml


    File Found: C:\Windows\SysNative\drivers\swdumon.sys


    File Found: C:\user.js






    ***** [ DLL ] *****




    No malicious DLLs found.






    ***** [ WMI ] *****




    No malicious keys found.






    ***** [ Shortcuts ] *****




    Shortcut infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Help.lnk ( /showurl hxxp://www2.inbox.com/faq.aspx )


    Shortcut infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Inbox.com.lnk ( /showurl hxxp://www.inbox.com/homepage.aspx?tbid=80105&iwk=318&lng=en )


    Shortcut infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Settings.lnk ( /showurl hxxp://www2.inbox.com/settings/settings.aspx?lng=en )






    ***** [ Scheduled Tasks ] *****




    Task Found: SlimCleaner Plus (Scheduled Scan - Ron)


    Task Found: SlimCleaner Plus (Scheduled Scan - Ron)






    ***** [ Registry ] *****




    Key Found: HKLM\SOFTWARE\Classes\Toolbar.CT3209604


    Key Found: HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr


    Key Found: HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1


    Key Found: HKLM\SOFTWARE\Classes\Inbox.AppServer


    Key Found: HKLM\SOFTWARE\Classes\Inbox.IBX404


    Key Found: HKLM\SOFTWARE\Classes\Inbox.JSServer


    Key Found: HKLM\SOFTWARE\Classes\Inbox.JSServer2


    Key Found: HKLM\SOFTWARE\Classes\Inbox.Toolbar


    Key Found: HKLM\SOFTWARE\Classes\Prod.cap


    Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector


    Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector.1


    Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho


    Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1


    Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib


    Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1


    Key Found: [x64] HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr


    Key Found: [x64] HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1


    Key Found: [x64] HKLM\SOFTWARE\Classes\Inbox.AppServer


    Key Found: [x64] HKLM\SOFTWARE\Classes\Inbox.IBX404


    Key Found: [x64] HKLM\SOFTWARE\Classes\Inbox.JSServer


    Key Found: [x64] HKLM\SOFTWARE\Classes\Inbox.JSServer2


    Key Found: [x64] HKLM\SOFTWARE\Classes\Inbox.Toolbar


    Key Found: [x64] HKLM\SOFTWARE\Classes\Prod.cap


    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector


    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1


    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho


    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1


    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib


    Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1


    Key Found: HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}


    Key Found: HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}


    Key Found: HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}


    Key Found: HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}


    Key Found: HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}


    Key Found: HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}


    Key Found: HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}


    Key Found: HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}


    Key Found: HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}


    Key Found: HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}


    Key Found: HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}


    Key Found: HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}


    Key Found: HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}


    Key Found: HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}


    Key Found: HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}


    Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}


    Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}


    Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}


    Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}


    Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}


    Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}


    Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}


    Key Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}


    Value Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]


    Key Found: HKU\.DEFAULT\Software\IGearSettings


    Key Found: HKU\.DEFAULT\Software\Auslogics


    Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Inbox Toolbar


    Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\InstallCore


    Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\SlimWare Utilities Inc


    Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Zugo


    Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\AppDataLow\Software\adawarebp


    Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\AppDataLow\Software\adawaretb


    Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\AppDataLow\Software\ConduitSearchScopes


    Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\AppDataLow\Software\PriceGong


    Key Found: HKU\S-1-5-18\Software\IGearSettings


    Key Found: HKU\S-1-5-18\Software\Auslogics


    Key Found: HKCU\Software\Inbox Toolbar


    Key Found: HKCU\Software\InstallCore


    Key Found: HKCU\Software\SlimWare Utilities Inc


    Key Found: HKCU\Software\Zugo


    Key Found: HKCU\Software\AppDataLow\Software\adawarebp


    Key Found: HKCU\Software\AppDataLow\Software\adawaretb


    Key Found: HKCU\Software\AppDataLow\Software\ConduitSearchScopes


    Key Found: HKCU\Software\AppDataLow\Software\PriceGong


    Key Found: HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.


    Key Found: HKLM\SOFTWARE\adawaretb


    Key Found: HKLM\SOFTWARE\Babylon


    Key Found: HKLM\SOFTWARE\Conduit


    Key Found: HKLM\SOFTWARE\Freeze.com


    Key Found: HKLM\SOFTWARE\Inbox Toolbar


    Key Found: HKLM\SOFTWARE\InstallIQ


    Key Found: HKLM\SOFTWARE\SlimWare Utilities Inc


    Key Found: HKLM\SOFTWARE\Toolbar Cleaner


    Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1


    Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb


    Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoUpdater_is1


    Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner


    Key Found: [x64] HKCU\Software\Inbox Toolbar


    Key Found: [x64] HKCU\Software\InstallCore


    Key Found: [x64] HKCU\Software\SlimWare Utilities Inc


    Key Found: [x64] HKCU\Software\Zugo


    Key Found: [x64] HKCU\Software\AppDataLow\Software\adawarebp


    Key Found: [x64] HKCU\Software\AppDataLow\Software\adawaretb


    Key Found: [x64] HKCU\Software\AppDataLow\Software\ConduitSearchScopes


    Key Found: [x64] HKCU\Software\AppDataLow\Software\PriceGong


    Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\SearchScopes\{07FD3917-1596-4165-9C39-D78089ED0FD1}


    Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}


    Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}


    Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}


    Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\SearchScopes\{7C560F43-CF86-4D10-BF85-D534839184F1}


    Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\SearchScopes\{831AD50D-2C35-4C64-8FEE-E154A489B122}


    Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{07FD3917-1596-4165-9C39-D78089ED0FD1}


    Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}


    Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}


    Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}


    Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7C560F43-CF86-4D10-BF85-D534839184F1}


    Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{831AD50D-2C35-4C64-8FEE-E154A489B122}


    Key Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{07FD3917-1596-4165-9C39-D78089ED0FD1}


    Key Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}


    Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{07FD3917-1596-4165-9C39-D78089ED0FD1}


    Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}


    Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}


    Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}


    Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7C560F43-CF86-4D10-BF85-D534839184F1}


    Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{831AD50D-2C35-4C64-8FEE-E154A489B122}


    Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{07FD3917-1596-4165-9C39-D78089ED0FD1}


    Key Found: HKLM\SOFTWARE\Classes\AppID\escort.DLL


    Key Found: HKLM\SOFTWARE\Classes\PROTOCOLS\handler\inbox


    Key Found: HKLM\SOFTWARE\Classes\protocols\handler\inbox


    Key Found: HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla


    Key Found: HKLM\SOFTWARE\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole






    ***** [ Web browsers ] *****




    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "browser.babylon.HPOnNewTab" - "search.babylon.com"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "browser.search.order.1" - "Search the web (Babylon)"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "browser.search.selectedEngine" - "blekko"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.admin" - false


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.aflt" - "babsst"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.babExt" - ""


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.babTrack" - "affID=109930"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.bbDpng" - 30


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.dfltSrch" - false


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.hmpg" - false


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.id" - "64107edb000000000000c0c1c06054e4"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.instlDay" - "15420"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.instlRef" - "sst"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.lastDP" - 30


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.lastVrsnTs" - "1.5.3.1721:52:39"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.mntrFFxVrsn" - "17.0"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.newTab" - true


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.newTabUrl" - "hxxp://search.babylon.com/?babsrc=NT_bb"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.noFFXTlbr" - false


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.prdct" - "BabylonToolbar"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.propectorlck" - 92904910


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.prtkDS" - 1


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.prtkHmpg" - 1


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.prtnrId" - "babylon"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.ptch_0717" - true


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.smplGrp" - "tzb"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.srcExt" - "ss"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.tlbrId" - "tb9"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.vrsn" - "1.5.3.17"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.vrsnTs" - "1.5.3.1721:52:39"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.vrsni" - "1.5.3.17"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.aflt" - "babsst"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.babExt" - ""


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.babTrack" - "affID=109930"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.hardId" - "64107edb000000000000c0c1c06054e4"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.id" - "64107edb000000000000c0c1c06054e4"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.instlDay" - "15420"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.instlRef" - "sst"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.newTab" - true


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.newTabUrl" - "hxxp://search.babylon.com/?AF=109930&babsrc=NT_ss&mntrId=64107edb00000000


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.prdct" - "BabylonToolbar"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.prtnrId" - "babylon"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.smplGrp" - "none"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.srcExt" - "ss"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.tlbrId" - "tb9"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.vrsn" - "1.5.3.17"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.vrsnTs" - "1.5.3.1721:52:39"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.vrsni" - "1.5.3.17"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.babTrack" - "affID=109930"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.babExt" - ""


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.srcExt" - "ss"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.id" - "64107edb000000000000c0c1c06054e4"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.hardId" - "64107edb000000000000c0c1c06054e4"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.instlDay" - "15420"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.vrsn" - "1.5.3.17"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.vrsni" - "1.5.3.17"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.vrsnTs" - "1.5.3.1721:52:39"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.prtnrId" - "babylon"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.prdct" - "BabylonToolbar"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.aflt" - "babsst"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.smplGrp" - "none"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.tlbrId" - "tb9"


    Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.instlRef" - "sst"


    Chrome pref Found: [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com_


    Chrome pref Found: [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com


    Chrome pref Found: [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com


    Chrome pref Found: [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - bopakagnckmlgajfccecajhnimjiiedh


    Chrome pref Found: [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - jmfkcklnlgedgbglfkkgedjfmejoahla


    Chrome pref Found: [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - madakpajlmcpaodhfbekojajlhbdklol


    Chrome pref Found: [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - oejkcgajlodefenbbjdnaiahmbnnoole




    *************************




    C:\AdwCleaner\AdwCleaner[s0].txt - [23697 Bytes] - [23/02/2017 23:42:29]




    ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [23771 Bytes] ##########

    0
  • Support

    A lot to delete there.

    If you still use Inbox and Slimware utilities, you probably need to reinstall them afterwards.

     

    1. Please, turn off all programs, including browsers.
    Double-click on AdwCleaner to start the program.

    Click on the Scan button.
    Wait until the search has finished.

    Click on the Clean button.

    Click on OK.
    Click on OK on any message that pops up.
    The computer will be restarted.

    A report will be displayed, copy its content and paste into your reply.
    If the report isn't displayed, it exist as C:\AdwCleaner\AdwCleaner[C0].txt.

     

    2. Please, start FRST

    Select Addition.txt and then let the program scan the computer.

    Attach the two new log files and to do that you need to click on the More Reply Options button first.

     

     

    3. Run an online scan with Eset (easiest with Internet Explorer) by following the instruction on http://support.eset.com/kb2921/ .

    Select Enable detection of potentially unwanted applications.
    Click Advanced Settings.

    Deselect Remove found threats (important due to false positives).

    Select:
    Scan Archives
    Enable detection of potentially unsafe applications
    Enable detection of suspicious applications
    Enable Anti-Stealth Technology

    Click Start.

    When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your reply.

    0
  • Customer

    Sorry it took a few days to locate a usb drive and make a full backup before performing this operation.

     

    # AdwCleaner v6.043 - Logfile created 27/02/2017 at 21:19:16

    # Updated on 27/01/2017 by Malwarebytes

    # Database : 2017-02-28.1 [server]

    # Operating System : Windows 7 Home Premium Service Pack 1 (X64)

    # Username : Ron - SEMICHI

    # Running from : C:\Users\Ron\Desktop\adwcleaner_6.043.exe

    # Mode: Clean





    ***** [ Services ] *****


    [-] Service deleted: swdumon



    ***** [ Folders ] *****


    [-] Folder deleted: C:\Users\Ron\AppData\Local\Babylon

    [-] Folder deleted: C:\Users\Ron\AppData\Local\Conduit

    [-] Folder deleted: C:\Users\Ron\AppData\Local\PackageAware

    [-] Folder deleted: C:\Users\Ron\AppData\Local\slimware utilities inc

    [#] Folder deleted on reboot: C:\Users\Ron\AppData\Local\SlimWare Utilities Inc

    [-] Folder deleted: C:\Users\Ron\AppData\LocalLow\adawaretb

    [-] Folder deleted: C:\Users\Ron\AppData\LocalLow\Conduit

    [-] Folder deleted: C:\Users\Ron\AppData\LocalLow\Inbox Toolbar

    [-] Folder deleted: C:\Users\Ron\AppData\LocalLow\PriceGong

    [-] Folder deleted: C:\Users\Ron\AppData\Roaming\AdvertismentImages

    [-] Folder deleted: C:\Users\Ron\AppData\Roaming\Babylon

    [-] Folder deleted: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Auto Updater

    [-] Folder deleted: C:\Users\Employee Access\AppData\LocalLow\adawaretb

    [-] Folder deleted: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\adawaretb

    [-] Folder deleted: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Inbox Toolbar

    [-] Folder deleted: C:\ProgramData\Auto Updater

    [-] Folder deleted: C:\ProgramData\blekko toolbars

    [-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar

    [-] Folder deleted: C:\Users\Public\Documents\Downloaded Installers

    [-] Folder deleted: C:\Program Files (x86)\adawaretb

    [-] Folder deleted: C:\Program Files (x86)\Auto Updater

    [-] Folder deleted: C:\Program Files (x86)\Conduit

    [-] Folder deleted: C:\Program Files (x86)\Inbox Toolbar

    [-] Folder deleted: C:\Program Files (x86)\Toolbar Cleaner

    [-] Folder deleted: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}

    [-] Folder deleted: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack

    [-] Folder deleted: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla

    [-] Folder deleted: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole

    [-] Folder deleted: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\madakpajlmcpaodhfbekojajlhbdklol



    ***** [ Files ] *****


    [-] File deleted: C:\Users\Ron\AppData\Local\Microsoft\Internet Explorer\DOMStore\IWRI2Z9F\fromdoctopdf.dl.myway[1].xml

    [-] File deleted: C:\Windows\SysNative\drivers\swdumon.sys

    [-] File deleted: C:\user.js



    ***** [ DLL ] *****




    ***** [ WMI ] *****




    ***** [ Shortcuts ] *****


    [!] Shortcut not deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Help.lnk

    [!] Shortcut not deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Inbox.com.lnk

    [!] Shortcut not deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Settings.lnk



    ***** [ Scheduled Tasks ] *****


    [-] Task deleted: SlimCleaner Plus (Scheduled Scan - Ron)

    [-] Task deleted: SlimCleaner Plus (Scheduled Scan - Ron)



    ***** [ Registry ] *****


    [-] Key deleted: HKLM\SOFTWARE\Classes\Toolbar.CT3209604

    [-] Key deleted: HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

    [-] Key deleted: HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

    [-] Key deleted: HKLM\SOFTWARE\Classes\Inbox.AppServer

    [-] Key deleted: HKLM\SOFTWARE\Classes\Inbox.IBX404

    [-] Key deleted: HKLM\SOFTWARE\Classes\Inbox.JSServer

    [-] Key deleted: HKLM\SOFTWARE\Classes\Inbox.JSServer2

    [-] Key deleted: HKLM\SOFTWARE\Classes\Inbox.Toolbar

    [-] Key deleted: HKLM\SOFTWARE\Classes\Prod.cap

    [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector

    [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1

    [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho

    [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1

    [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib

    [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1

    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Inbox.AppServer

    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Inbox.IBX404

    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Inbox.JSServer

    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Inbox.JSServer2

    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Inbox.Toolbar

    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Prod.cap

    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector

    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1

    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho

    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1

    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib

    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1

    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}

    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}

    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}

    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}

    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}

    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}

    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}

    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}

    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}

    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}

    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}

    [-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]

    [-] Key deleted: HKU\.DEFAULT\Software\IGearSettings

    [-] Key deleted: HKU\.DEFAULT\Software\Auslogics

    [-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Inbox Toolbar

    [-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\InstallCore

    [-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\SlimWare Utilities Inc

    [-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Zugo

    [-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\AppDataLow\Software\adawarebp

    [-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\AppDataLow\Software\adawaretb

    [-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\AppDataLow\Software\ConduitSearchScopes

    [-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\AppDataLow\Software\PriceGong

    [-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1007\Software\AppDataLow\Software\adawarebp

    [-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1009\Software\AppDataLow\Software\adawarebp

    [-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1009\Software\AppDataLow\Software\adawaretb

    [#] Key deleted on reboot: HKU\S-1-5-18\Software\IGearSettings

    [#] Key deleted on reboot: HKU\S-1-5-18\Software\Auslogics

    [#] Key deleted on reboot: HKCU\Software\Inbox Toolbar

    [#] Key deleted on reboot: HKCU\Software\InstallCore

    [#] Key deleted on reboot: HKCU\Software\SlimWare Utilities Inc

    [#] Key deleted on reboot: HKCU\Software\Zugo

    [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\adawarebp

    [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\adawaretb

    [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\ConduitSearchScopes

    [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\PriceGong

    [-] Key deleted: HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.

    [-] Key deleted: HKLM\SOFTWARE\adawaretb

    [-] Key deleted: HKLM\SOFTWARE\Babylon

    [-] Key deleted: HKLM\SOFTWARE\Conduit

    [-] Key deleted: HKLM\SOFTWARE\Freeze.com

    [-] Key deleted: HKLM\SOFTWARE\Inbox Toolbar

    [-] Key deleted: HKLM\SOFTWARE\InstallIQ

    [-] Key deleted: HKLM\SOFTWARE\SlimWare Utilities Inc

    [-] Key deleted: HKLM\SOFTWARE\Toolbar Cleaner

    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1

    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb

    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoUpdater_is1

    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

    [#] Key deleted on reboot: [x64] HKCU\Software\Inbox Toolbar

    [#] Key deleted on reboot: [x64] HKCU\Software\InstallCore

    [#] Key deleted on reboot: [x64] HKCU\Software\SlimWare Utilities Inc

    [#] Key deleted on reboot: [x64] HKCU\Software\Zugo

    [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\adawarebp

    [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\adawaretb

    [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\ConduitSearchScopes

    [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\PriceGong

    [-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\SearchScopes\{07FD3917-1596-4165-9C39-D78089ED0FD1}

    [-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

    [-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}

    [-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

    [-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\SearchScopes\{7C560F43-CF86-4D10-BF85-D534839184F1}

    [-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\SearchScopes\{831AD50D-2C35-4C64-8FEE-E154A489B122}

    [-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1009\Software\Microsoft\Internet Explorer\SearchScopes\{07FD3917-1596-4165-9C39-D78089ED0FD1}

    [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{07FD3917-1596-4165-9C39-D78089ED0FD1}

    [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

    [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}

    [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

    [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7C560F43-CF86-4D10-BF85-D534839184F1}

    [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{831AD50D-2C35-4C64-8FEE-E154A489B122}

    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{07FD3917-1596-4165-9C39-D78089ED0FD1}

    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}

    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{07FD3917-1596-4165-9C39-D78089ED0FD1}

    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}

    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7C560F43-CF86-4D10-BF85-D534839184F1}

    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{831AD50D-2C35-4C64-8FEE-E154A489B122}

    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{07FD3917-1596-4165-9C39-D78089ED0FD1}

    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\escort.DLL

    [-] Key deleted: HKLM\SOFTWARE\Classes\PROTOCOLS\handler\inbox

    [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\protocols\handler\inbox

    [-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla

    [-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole



    ***** [ Web browsers ] *****


    [-] Chrome preferences cleaned: "browser.babylon.HPOnNewTab" - "search.babylon.com"

    [-] Chrome preferences cleaned: "browser.search.order.1" - "Search the web (Babylon)"

    [-] Chrome preferences cleaned: "browser.search.selectedEngine" - "blekko"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar.admin" - false

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar.aflt" - "babsst"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar.babExt" - ""

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar.babTrack" - "affID=109930"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar.bbDpng" - 30

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar.dfltSrch" - false

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar.hmpg" - false

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar.id" - "64107edb000000000000c0c1c06054e4"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar.instlDay" - "15420"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar.instlRef" - "sst"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar.lastDP" - 30

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar.lastVrsnTs" - "1.5.3.1721:52:39"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar.mntrFFxVrsn" - "17.0"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar.newTab" - true

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar.newTabUrl" - "hxxp://search.babylon.com/?babsrc=NT_bb"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar.noFFXTlbr" - false

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar.prdct" - "BabylonToolbar"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar.propectorlck" - 92904910

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar.prtkDS" - 1

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar.prtkHmpg" - 1

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar.prtnrId" - "babylon"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar.ptch_0717" - true

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar.smplGrp" - "tzb"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar.srcExt" - "ss"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar.tlbrId" - "tb9"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar.vrsn" - "1.5.3.17"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar.vrsnTs" - "1.5.3.1721:52:39"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar.vrsni" - "1.5.3.17"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.aflt" - "babsst"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.babExt" - ""

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.babTrack" - "affID=109930"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.hardId" - "64107edb000000000000c0c1c06054e4"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.id" - "64107edb000000000000c0c1c06054e4"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.instlDay" - "15420"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.instlRef" - "sst"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.newTab" - true

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.newTabUrl" - "hxxp://search.babylon.com/?AF=109930&babsrc=NT_ss&mntrId=64107edb000000000000c0c1c06054e4"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.prdct" - "BabylonToolbar"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.prtnrId" - "babylon"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.smplGrp" - "none"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.srcExt" - "ss"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.tlbrId" - "tb9"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.vrsn" - "1.5.3.17"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.vrsnTs" - "1.5.3.1721:52:39"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.vrsni" - "1.5.3.17"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.babTrack" - "affID=109930"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.babExt" - ""

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.srcExt" - "ss"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.id" - "64107edb000000000000c0c1c06054e4"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.hardId" - "64107edb000000000000c0c1c06054e4"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.instlDay" - "15420"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.vrsn" - "1.5.3.17"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.vrsni" - "1.5.3.17"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.vrsnTs" - "1.5.3.1721:52:39"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.prtnrId" - "babylon"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.prdct" - "BabylonToolbar"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.aflt" - "babsst"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.smplGrp" - "none"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.tlbrId" - "tb9"

    [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.instlRef" - "sst"

    [-] [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Deleted: ask.com_

    [-] [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Deleted: aol.com

    [-] [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Deleted: ask.com

    [-] [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: bopakagnckmlgajfccecajhnimjiiedh

    [-] [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: jmfkcklnlgedgbglfkkgedjfmejoahla

    [-] [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: madakpajlmcpaodhfbekojajlhbdklol

    [-] [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: oejkcgajlodefenbbjdnaiahmbnnoole



    *************************


    :: "Tracing" keys deleted

    :: Winsock settings cleared


    *************************


    C:\AdwCleaner\AdwCleaner[C0].txt - [20679 Bytes] - [27/02/2017 21:19:16]

    C:\AdwCleaner\AdwCleaner[s0].txt - [23967 Bytes] - [23/02/2017 23:42:29]

    C:\AdwCleaner\AdwCleaner[s1].txt - [24503 Bytes] - [27/02/2017 21:14:10]


    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [20901 Bytes] ##########







    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-02-2017 01

    Ran by Ron (administrator) on SEMICHI (27-02-2017 21:34:36)

    Running from C:\Users\Ron\Desktop

    Loaded Profiles: Ron (Available Profiles: Ron & LogMeInRemoteUser & Test & UpdatusUser & Employee Access)

    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

    Internet Explorer Version 11 (Default browser: Chrome)

    Boot Mode: Normal



    ==================== Processes (Whitelisted) =================


    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    (Microsoft Corporation) C:\Windows\System32\CISVC.EXE

    (Microsoft Corporation) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe

    (Microsoft Corporation) C:\Program Files (x86)\MICROSOFT SQL SERVER\90\Shared\sqlbrowser.exe

    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

    (File Type Advisor) C:\Program Files (x86)\File Type Advisor\fileadvisor.exe

    (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe

    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

    () C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe

    (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe

    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe

    (Google) C:\Users\Ron\AppData\Roaming\Google\Google Talk\googletalk.exe

    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe

    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

    (Gadwin Systems) C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen64.exe

    (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

    () C:\UPS\WSTD\UPSNA1Msgr.exe

    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

    (Tethys Solutions, LLC) C:\Program Files (x86)\Launch-n-Go\HotKey.exe

    (Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

    (Tethys Solutions, LLC) C:\Program Files (x86)\Launch-n-Go\HotKey.exe

    (Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe

    () C:\UPS\WSTD\WSTDMessaging.exe

    (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe

    (Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

    (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe

    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe

    (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe

    (Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe

    (Microsoft Corporation) C:\Windows\splwow64.exe

    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

    (Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe

    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

    () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe

    (Microsoft Corporation) C:\Windows\System32\taskmgr.exe

    (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe

    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

    (Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe

    (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe

    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

    (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe


    ==================== Registry (Whitelisted) ====================


    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


    HKLM\...\Run: [seagull Drivers] => ssdal_nc.exe startup

    HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.)

    HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2010-09-17] (LogMeIn, Inc.)

    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)

    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)

    HKLM-x32\...\Run: [] => [X]

    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2016-03-26] (Apple Inc.)

    HKLM-x32\...\Run: [NortonOnlineBackupReminder] => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

    HKLM-x32\...\Run: [NA1Messenger] => C:\UPS\WSTD\UPSNA1Msgr.exe [24576 2009-12-01] ()

    HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)

    HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)

    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26781320 2017-02-21] (Dropbox, Inc.)

    HKLM-x32\...\Run: [DLSService] => C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe [55808 2009-09-29] (Sanford, L.P.)

    HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)

    HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)

    HKLM-x32\...\Run: [brMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)

    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2017-01-13] (Apple Inc.)

    HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)

    HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-04-01] (Google Inc.)

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1041736 2012-10-16] ()

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-01-17] (Apple Inc.)

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-01-17] (Apple Inc.)

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [googletalk] => C:\Users\Ron\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [Google Update] => C:\Users\Ron\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [eM Client] => "C:\Program Files (x86)\eM Client\MailClient.exe" /startup

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [eFax 4.4] => "C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" /R

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-01-17] (Apple Inc.)

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1084688 2016-04-21] (Apple Inc.)

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [Gadwin PrintScreen (64-bit)] => C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen64.exe [14439584 2014-10-15] (Gadwin Systems)

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2017-02-19] (Siber Systems)

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\MountPoints2: {b0312b54-e9fc-11e4-beed-90e6ba591fe0} - F:\autorun.exe

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\MountPoints2: {ecfc6d99-6036-11e2-bea1-90e6ba591fe0} - F:\iStudio.exe

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\MountPoints2: {ecfc6fce-6036-11e2-bea1-90e6ba591fe0} - F:\iLinker.exe

    HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)

    ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)

    ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)

    ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)

    ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)

    ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)

    ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)

    ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)

    ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)

    ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)

    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)

    ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)

    ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)

    ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)

    ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)

    ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)

    ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)

    ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)

    ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)

    ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)

    ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)

    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)

    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)

    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)

    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2016-02-22]

    ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)

    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2013-06-19]

    ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)

    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launch-n-Go Hotkeys.lnk [2010-04-30]

    ShortcutTarget: Launch-n-Go Hotkeys.lnk -> C:\Program Files (x86)\Launch-n-Go\HotKey.exe (Tethys Solutions, LLC)

    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-06-09]

    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (No File)

    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk [2009-11-12]

    ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)

    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk [2010-03-11]

    ShortcutTarget: UPS WorldShip Messaging Utility.lnk -> C:\UPS\WSTD\WSTDMessaging.exe ()

    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk [2010-03-11]

    ShortcutTarget: UPS WorldShip PLD Reminder Utility.lnk -> C:\UPS\WSTD\wstdPldReminder.exe (UPS)

    Startup: C:\Users\Employee Access\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2013-11-14]

    ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

    Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk [2012-07-12]

    ShortcutTarget: eFax 4.4.lnk -> C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe (No File)

    Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2012-03-29]

    ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

    Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OUTLOOK.EXE - Shortcut.lnk [2016-09-12]

    ShortcutTarget: OUTLOOK.EXE - Shortcut.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)

    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION


    ==================== Internet (Whitelisted) ====================


    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

    Tcpip\..\Interfaces\{0E97319C-1499-443F-8DA1-F948B1EEF128}: [DhcpNameServer] 75.75.75.75 75.75.76.76

    Tcpip\..\Interfaces\{54A572E2-5771-4B92-B793-AB9A69B0E820}: [DhcpNameServer] 75.75.75.75 75.75.76.76

    Tcpip\..\Interfaces\{EC8C1B85-DABD-4F8E-B5DF-520CE2B95ECA}: [DhcpNameServer] 192.168.1.1


    Internet Explorer:

    ==================

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =

    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

    SearchScopes: HKLM -> {BA2C68D5-0C58-4043-8FC8-7AC3A4725332} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox

    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

    SearchScopes: HKLM-x32 -> {BA2C68D5-0C58-4043-8FC8-7AC3A4725332} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox

    SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {8816804E-C5E1-411B-ACCC-DEB9C0021740} URL =

    SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {BA2C68D5-0C58-4043-8FC8-7AC3A4725332} URL =

    BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-02-19] (Siber Systems Inc.)

    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)

    BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-02-19] (Siber Systems Inc.)

    BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-19] (Oracle Corporation)

    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

    BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-06-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)

    BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-19] (Oracle Corporation)

    Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-02-19] (Siber Systems Inc.)

    Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2013-06-19] (LastPass)

    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)

    Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)

    Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-02-19] (Siber Systems Inc.)

    Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2013-06-19] (LastPass)

    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)

    Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

    Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-02-19] (Siber Systems Inc.)

    Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)

    Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> No Name - {B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} - No File

    Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

    DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

    DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab

    DPF: HKLM-x32 {106E49CF-797A-11D2-81A2-00E02C015623} hxxp://www.alternatiff.com/distribution/alternatiff-ax-w32-2.0.4.cab

    DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB

    DPF: HKLM-x32 {49232000-16E4-426C-A231-62846947304B} hxxps://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab

    DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

    DPF: HKLM-x32 {74F4F118-91E6-4AFC-B8D2-04066781F239} hxxps://www.member-data.com/rdc/EZTwainX.cab

    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1074

    Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)


    FireFox:

    ========

    FF ProfilePath: C:\Users\Ron\AppData\Roaming\Mozilla\SeaMonkey\Profiles\6k0syyf3.default [2017-02-27]

    FF Extension: (ChatZilla) - C:\Users\Ron\AppData\Roaming\Mozilla\SeaMonkey\Profiles\6k0syyf3.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2015-04-22] [not signed]

    FF Extension: (JavaScript Debugger) - C:\Users\Ron\AppData\Roaming\Mozilla\SeaMonkey\Profiles\6k0syyf3.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2013-10-01] [not signed]

    FF ProfilePath: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default [2017-02-27]

    FF user.js: detected! => C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js [2017-02-27]

    FF Homepage: Mozilla\Firefox\Profiles\4luj5tdd.default -> hxxps://www.aspenshopsonline.com/a_1419control/login.php

    FF Keyword.URL: Mozilla\Firefox\Profiles\4luj5tdd.default -> hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

    FF NetworkProxy: Mozilla\Firefox\Profiles\4luj5tdd.default -> type", 0

    FF Extension: (iCloud Bookmarks) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\firefoxdav@icloud.com [2014-02-26] [not signed]

    FF Extension: (SaveFrom.net - helper) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\helper-sig@savefrom.net.xpi [2016-04-26]

    FF Extension: (Add Google Search To New Tab Page) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\newtabgoogle@graememcc.co.uk.xpi [2014-05-16] [not signed]

    FF Extension: (AmazonSmile 1Button for Firefox) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\smile1Button@amazon.com.xpi [2014-06-20] [not signed]

    FF Extension: (LastPass) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\support@lastpass.com [2014-08-20] [not signed]

    FF Extension: (DNS Flusher) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\{7d575baa-b543-11dc-8314-0800200c9a66}.xpi [2014-09-20] [not signed]

    FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG10\Firefox4

    FF Extension: (AVG Safe Search) - C:\Program Files (x86)\AVG\AVG10\Firefox4 [2012-09-17] [not signed]

    FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi

    FF Extension: (RoboForm Toolbar) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2017-02-19]

    FF HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Firefox\Extensions: [{D8555115-7DE9-11E1-826D-B8AC6F996F26}] - C:\Users\Ron\AppData\Local\{D8555115-7DE9-11E1-826D-B8AC6F996F26}

    FF Extension: (Translate This!) - C:\Users\Ron\AppData\Local\{D8555115-7DE9-11E1-826D-B8AC6F996F26} [2012-04-03] [not signed]

    FF HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi

    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] ()

    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)

    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]

    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()

    FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-19] (Oracle Corporation)

    FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-19] (Oracle Corporation)

    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)

    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

    FF Plugin-x32: @mozilla.zeniko.ch/PDFLite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [2014-02-26] (Simon Bünzli)

    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

    FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

    FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

    FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: @mozilla.zeniko.ch/PDFLite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [2014-02-26] (Simon Bünzli)

    FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Ron\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)

    FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: @talk.google.com/O1DPlugin -> C:\Users\Ron\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)

    FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

    FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

    FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: SkypePlugin -> C:\Users\Ron\AppData\Local\SkypePlugin\7.12.0.55\npGatewayNpapi.dll [2015-12-08] (Skype Technologies S.A.)

    FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: SkypePlugin64 -> C:\Users\Ron\AppData\Local\SkypePlugin\7.12.0.55\npGatewayNpapi-x64.dll [2015-12-08] (Skype Technologies S.A.)

    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2011-03-18] (Coupons, Inc.)

    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPEltr32.dll [2008-07-28] (UPS)

    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2011-03-18] (Coupons, Inc.)

    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)

    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-09-30] (Apple Inc.)

    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-09-30] (Apple Inc.)

    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-09-30] (Apple Inc.)

    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-09-30] (Apple Inc.)

    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-09-30] (Apple Inc.)

    FF Plugin ProgramFiles/Appdata: C:\Users\Ron\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)

    FF Plugin ProgramFiles/Appdata: C:\Users\Ron\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)


    Chrome:

    =======

    CHR DefaultProfile: Default

    CHR HomePage: Default -> hxxp://www.google.com/

    CHR StartupUrls: Default -> "hxxp://www.google.com/"

    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\gcswf32.dll => No File

    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File

    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File

    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File

    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File

    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File

    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File

    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File

    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File

    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll => No File

    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File

    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File

    CHR Plugin: (RoboForm Plugin for Google Chrome/Opera/etc.) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\plugin/rf-np-plugin.dll (Siber Systems Inc.)

    CHR Plugin: (AVG Internet Security) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll => No File

    CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll => No File

    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll => No File

    CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

    CHR Profile: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default [2017-02-27]

    CHR Extension: (Entanglement Web App) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2013-10-16]

    CHR Extension: (iCloud Bookmarks) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2016-04-24]

    CHR Extension: (LastPass: Free Password Manager) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-02-24]

    CHR Extension: (Poppit!) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-11-21]

    CHR Extension: (Chrome Web Store Payments) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-21]

    CHR Extension: (Chrome Media Router) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]

    CHR Extension: (RoboForm Password Manager) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2017-02-16]

    CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-07]

    CHR HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx

    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

    CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - C:\Program Files (x86)\LastPass\lpchrome.crx [2013-06-19]

    CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-07]


    ==================== Services (Whitelisted) ====================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    S4 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)

    S4 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)

    S4 BRA_Scheduler; C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [99328 2015-01-14] () [File not signed]

    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)

    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)

    R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46408 2017-02-09] (Dropbox, Inc.)

    S4 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()

    S4 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]

    S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1039376 2017-01-16] (Garmin Ltd. or its subsidiaries)

    S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]

    S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [File not signed]

    S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2013-06-07] (LogMeIn, Inc.)

    S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2013-06-07] (LogMeIn, Inc.)

    S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2010-11-08] (LogMeIn, Inc.)

    R2 MSSQL$UPSWSDBSERVER; c:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)

    S4 RunSwUSB; C:\Windows\runSW.exe [48856 2013-10-18] ()

    S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)

    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

    S4 WSWUSB6300; C:\Program Files (x86)\Linksys WUSB6300\WifiSvc.exe [312144 2013-07-22] () [File not signed]


    ===================== Drivers (Whitelisted) ======================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [35456 2012-10-24] () [File not signed]

    R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-01] (GFI Software)

    S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-30] (Broadcom Corporation)

    R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.)

    S4 LMIRfsClientNP; no ImagePath

    R3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-13] (Microsoft Corporation)

    S3 NPF; C:\Windows\System32\drivers\NPF.sys [40464 2007-11-06] (CACE Technologies)

    S3 PcaSp50; C:\Windows\System32\Drivers\PcaSp50.sys [45624 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA))

    S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2978520 2014-01-10] (Realtek Semiconductor Corporation )

    R3 SPorts; C:\Windows\System32\DRIVERS\SPorts.sys [122880 2009-08-17] ()

    S1 BdfNdisf; \??\c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [X]

    S1 bdftdif; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdftdif.sys [X]

    S3 dbx; system32\DRIVERS\dbx.sys [X]

    S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]


    ==================== NetSvcs (Whitelisted) ===================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



    ==================== One Month Created files and folders ========


    (If an entry is included in the fixlist, the file/folder will be moved.)


    2017-02-27 21:33 - 2017-02-27 21:33 - 00000000 ____D C:\Users\Ron\Desktop\FRST-OlderVersion

    2017-02-27 21:32 - 2017-02-27 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox

    2017-02-25 22:50 - 2017-02-25 22:50 - 00000000 ____D C:\Users\Public\Obituary

    2017-02-25 22:33 - 2017-02-25 22:33 - 00000000 ____D C:\Users\Ron\Launch-n-Go

    2017-02-25 22:33 - 2017-02-25 22:33 - 00000000 ____D C:\Users\Ron\Instructiion Manuals

    2017-02-25 22:32 - 2017-02-25 22:32 - 00000000 ____D C:\Users\Ron\Family Documents

    2017-02-25 22:26 - 2017-02-25 22:27 - 00000000 ____D C:\Users\Ron\Desktop\signature images

    2017-02-25 22:25 - 2017-02-25 22:25 - 00000000 ____D C:\Users\Ron\Farm

    2017-02-25 22:22 - 2017-02-25 22:22 - 00001630 _____ C:\Users\Ron\Software licenses for GreatSitkin.txt

    2017-02-25 19:29 - 2017-02-25 19:30 - 00000118 _____ C:\Users\Ron\Desktop\2017 BGAS POLL.txt

    2017-02-25 17:20 - 2017-02-25 17:20 - 06971584 _____ (Tim Kosse) C:\Users\Ron\Downloads\FileZilla_3.24.1_win64-setup.exe

    2017-02-24 15:48 - 2017-02-24 15:48 - 00000000 ____D C:\Users\Test\AppData\Local\ElevatedDiagnostics

    2017-02-24 15:32 - 2017-02-24 15:32 - 00000000 ____D C:\Users\Employee Access\AppData\Roaming\Sun

    2017-02-24 15:28 - 2017-02-24 15:29 - 00000000 ____D C:\Users\Employee Access\AppData\Local\Dropbox

    2017-02-24 15:14 - 2017-02-24 15:14 - 00101580 _____ C:\Windows\ntbtlog.txt

    2017-02-24 00:08 - 2017-02-24 00:10 - 00000000 ____D C:\brodnt

    2017-02-23 23:40 - 2017-02-27 21:19 - 00000000 ____D C:\AdwCleaner

    2017-02-23 23:36 - 2017-02-23 23:36 - 04015056 _____ C:\Users\Ron\Desktop\adwcleaner_6.043.exe

    2017-02-23 06:53 - 2017-02-23 06:55 - 00081564 _____ C:\Users\Ron\Desktop\Addition.txt

    2017-02-23 06:50 - 2017-02-27 21:37 - 00041570 _____ C:\Users\Ron\Desktop\FRST.txt

    2017-02-23 06:50 - 2017-02-27 21:34 - 00000000 ____D C:\FRST

    2017-02-23 06:49 - 2017-02-27 21:33 - 02423296 _____ (Farbar) C:\Users\Ron\Desktop\FRST64.exe

    2017-02-22 09:00 - 2017-02-22 09:00 - 00000000 ____D C:\ProgramData\Lavasoft

    2017-02-21 11:49 - 2017-02-21 11:49 - 00046184 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys

    2017-02-21 11:49 - 2017-02-21 11:49 - 00046184 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys

    2017-02-18 19:20 - 2017-02-18 19:20 - 00000321 _____ C:\Users\Ron\Downloads\Buffalo_Grass_Acoustic_Society.vcf

    2017-02-16 23:26 - 2017-02-17 15:34 - 00000000 ____D C:\Users\Ron\Desktop\BGAS dailies

    2017-02-14 11:57 - 2017-02-14 11:57 - 00000000 ____D C:\Users\Ron\AppData\Local\AdAwareUpdater

    2017-02-14 11:54 - 2017-02-14 11:54 - 00000000 ____D C:\ProgramData\adaware

    2017-02-12 20:33 - 2017-02-23 06:31 - 00010250 _____ C:\Users\Ron\Desktop\PRIZEGRAB.xlsx

    2017-02-10 08:59 - 2017-02-10 08:59 - 00000055 _____ C:\Users\Ron\Desktop\Brad birthday ideas.txt

    2017-02-09 01:33 - 2017-02-09 01:33 - 00046408 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe

    2017-02-09 01:33 - 2017-02-09 01:33 - 00046184 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys

    2017-02-05 20:03 - 2017-02-05 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs

    2017-02-05 20:02 - 2017-02-05 20:02 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk

    2017-02-05 20:02 - 2017-02-05 20:02 - 00001153 _____ C:\Users\Public\Desktop\Debut Video Capture Software.lnk

    2017-02-04 21:31 - 2017-02-04 21:31 - 00002183 _____ C:\Users\Public\Desktop\Google Earth.lnk

    2017-02-04 21:31 - 2017-02-04 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

    2017-02-01 13:03 - 2017-02-06 13:16 - 00000000 ____D C:\Users\Ron\Desktop\UPS Print Services

    2017-02-01 11:31 - 2017-02-01 11:31 - 00004096 ____H C:\Users\Ron\AppData\Local\keyfile3.drm

    2017-01-31 21:27 - 2017-01-31 21:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

    2017-01-31 21:25 - 2017-01-31 21:27 - 00000000 ____D C:\Program Files\iTunes

    2017-01-31 21:25 - 2017-01-31 21:25 - 00000000 ____D C:\Program Files\iPod

    2017-01-31 21:19 - 2017-01-31 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud


    ==================== One Month Modified files and folders ========


    (If an entry is included in the fixlist, the file/folder will be moved.)


    2017-02-27 21:34 - 2016-07-14 23:39 - 00000000 ____D C:\Users\Ron\AppData\Local\4B746940-4173-44A8-928A-9477EFAB0062.aplzod

    2017-02-27 21:33 - 2013-02-21 19:02 - 00000000 ___RD C:\Users\Ron\Dropbox

    2017-02-27 21:32 - 2015-10-08 20:49 - 00000000 ____D C:\Program Files (x86)\Dropbox

    2017-02-27 21:30 - 2012-05-11 13:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

    2017-02-27 21:29 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\tracing

    2017-02-27 21:27 - 2016-07-14 23:38 - 00000000 ___RD C:\Users\Ron\iCloudDrive

    2017-02-27 21:27 - 2015-05-05 03:28 - 00000000 ____D C:\Users\Ron\AppData\Local\CrashDumps

    2017-02-27 21:23 - 2012-07-23 13:04 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection

    2017-02-27 21:22 - 2015-10-08 20:50 - 00000898 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job

    2017-02-27 21:22 - 2011-09-17 15:11 - 00065536 _____ C:\Windows\system32\Ikeext.etl

    2017-02-27 21:22 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

    2017-02-27 21:21 - 2012-05-08 10:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

    2017-02-27 21:15 - 2015-10-08 20:50 - 00000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job

    2017-02-27 20:35 - 2016-12-03 20:35 - 00000000 ____D C:\Users\Ron\AppData\Roaming\FileAdvisor

    2017-02-27 14:17 - 2017-01-05 14:50 - 00000000 ____D C:\Users\Ron\AppData\LocalLow\Mozilla

    2017-02-27 14:17 - 2016-08-23 16:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

    2017-02-27 13:43 - 2016-09-27 17:38 - 00000000 ____D C:\Users\Ron\Desktop\a-KCEG UPLOADS

    2017-02-27 13:05 - 2016-03-20 21:39 - 00000000 ____D C:\Users\Ron\My IMS Projects

    2017-02-27 04:15 - 2009-07-13 21:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

    2017-02-27 04:15 - 2009-07-13 21:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

    2017-02-26 23:59 - 2011-07-24 12:36 - 00000000 ____D C:\Users\Ron\AppData\Roaming\FileZilla

    2017-02-26 19:00 - 2009-07-13 22:13 - 00857162 _____ C:\Windows\system32\PerfStringBackup.INI

    2017-02-26 19:00 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf

    2017-02-25 23:24 - 2015-08-07 11:26 - 00000000 ____D C:\MANUALS

    2017-02-25 22:35 - 2015-08-01 18:17 - 00000000 ____D C:\Users\Ron\MEDICAL-HEALTH

    2017-02-25 22:33 - 2010-01-27 01:03 - 00000000 ___RD C:\Users\Ron

    2017-02-25 22:26 - 2013-03-15 13:39 - 01013248 ___SH C:\Users\Ron\Desktop\Thumbs.db

    2017-02-25 22:26 - 2010-03-11 11:01 - 00000000 ____D C:\UPS

    2017-02-24 15:50 - 2010-03-11 11:10 - 00000199 _____ C:\Windows\wstdUPSWSHIP.INI

    2017-02-24 15:28 - 2013-11-14 17:44 - 00095744 _____ C:\Users\Employee Access\AppData\Local\GDIPFONTCACHEV1.DAT

    2017-02-24 03:09 - 2013-07-21 02:01 - 00000000 ____D C:\Windows\system32\MRT

    2017-02-24 03:02 - 2010-02-22 07:35 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

    2017-02-23 23:01 - 2014-09-28 18:19 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Audacity

    2017-02-23 12:29 - 2016-03-28 23:02 - 00000000 ____D C:\Users\Ron\Aspen Shops

    2017-02-23 08:13 - 2010-03-12 12:48 - 00000000 ____D C:\Users\Ron\AppData\Local\ElevatedDiagnostics

    2017-02-23 08:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF

    2017-02-23 07:13 - 2010-03-12 12:09 - 00000000 ____D C:\Program Files (x86)\Passkeeper

    2017-02-22 15:27 - 2016-12-02 20:03 - 00000000 ____D C:\Users\Ron\AppData\Roaming\mp3tagpro

    2017-02-22 13:13 - 2016-02-20 12:44 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

    2017-02-19 22:16 - 2010-03-12 12:55 - 00001082 _____ C:\Windows\Brpfx04a.ini

    2017-02-19 22:15 - 2010-02-22 10:34 - 00000466 _____ C:\Windows\BRWMARK.INI

    2017-02-19 12:41 - 2011-06-16 20:23 - 00004104 _____ C:\Windows\System32\Tasks\Open URL by RoboForm

    2017-02-19 12:41 - 2011-03-16 22:53 - 00003486 _____ C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon

    2017-02-19 12:33 - 2011-12-16 04:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm

    2017-02-17 22:36 - 2016-02-21 01:05 - 00000000 ____D C:\Users\Ron\Desktop\TEMPORARY PICS

    2017-02-17 13:20 - 2017-01-06 14:16 - 00000000 ____D C:\Users\Ron\AppData\Local\FileZilla

    2017-02-16 23:26 - 2014-02-21 00:01 - 00000000 ____D C:\Users\Ron\BGAS

    2017-02-16 14:11 - 2015-08-21 21:11 - 00000000 ____D C:\Users\Ron\Wilks Home Sale

    2017-02-11 19:17 - 2016-06-05 23:41 - 00000861 _____ C:\Users\Public\Desktop\CCleaner.lnk

    2017-02-11 19:12 - 2013-02-21 19:02 - 00001269 _____ C:\Users\Ron\Desktop\Dropbox.lnk

    2017-02-10 19:55 - 2013-09-09 06:58 - 00268288 ___SH C:\Users\Ron\Thumbs.db

    2017-02-09 15:29 - 2010-11-19 11:32 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForRon

    2017-02-09 15:29 - 2010-11-19 11:32 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForRon.job

    2017-02-09 15:27 - 2013-07-26 19:45 - 00000000 ____D C:\BGAS WEBFILES

    2017-02-08 13:06 - 2017-01-08 00:52 - 00000000 ____D C:\Users\Ron\Desktop\SCRIPTS 2017

    2017-02-08 01:35 - 2016-12-02 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mp3Tag Pro 9

    2017-02-08 01:35 - 2016-12-02 20:03 - 00000000 ____D C:\Program Files (x86)\mp3Tag Pro 9

    2017-02-06 13:31 - 2010-04-06 17:27 - 00002234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

    2017-02-05 20:11 - 2016-12-02 20:50 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software

    2017-02-05 20:03 - 2016-12-08 02:15 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Free YouTube to MP3 Converter Studio

    2017-02-05 20:03 - 2016-12-02 20:50 - 00000000 ____D C:\ProgramData\NCH Software

    2017-02-05 20:03 - 2016-12-02 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite

    2017-02-05 20:02 - 2011-09-29 09:10 - 00000000 ____D C:\Users\Ron\AppData\Roaming\NCH Software

    2017-02-05 20:02 - 2010-04-07 17:40 - 00000000 ____D C:\Program Files (x86)\NCH Software

    2017-02-04 21:31 - 2010-04-01 20:50 - 00000000 ____D C:\Program Files (x86)\Google

    2017-02-02 13:44 - 2016-01-08 00:32 - 00002136 _____ C:\Users\Public\Desktop\FileZilla Client.lnk

    2017-02-02 13:44 - 2011-07-24 12:36 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client

    2017-02-02 02:20 - 2016-11-10 14:12 - 00000000 ____D C:\Users\Ron\Desktop\Linda - health-death

    2017-02-01 13:11 - 2016-08-31 10:34 - 00000000 ____D C:\Users\Ron\Desktop\Jam Poster images

    2017-01-31 21:25 - 2012-05-17 20:30 - 00000000 ____D C:\Program Files\Common Files\Apple

    2017-01-31 10:00 - 2010-02-21 21:18 - 00000544 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job


    ==================== Files in the root of some directories =======


    2013-01-19 00:09 - 2013-01-19 00:10 - 0031126 __RSH () C:\Program Files (x86)\DLS8Uninstall.log

    2013-06-19 22:54 - 2013-06-19 22:54 - 14880256 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe

    2015-12-31 23:20 - 2016-04-18 20:14 - 0601088 _____ () C:\Users\Ron\AppData\Roaming\SharedSettings.ccs

    2010-03-12 13:17 - 2014-11-05 20:43 - 0000258 _____ () C:\Users\Ron\AppData\Roaming\wklnhst.dat

    2013-01-19 16:46 - 2016-10-21 12:45 - 0114176 _____ () C:\Users\Ron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    2017-02-01 11:31 - 2017-02-01 11:31 - 0004096 ____H () C:\Users\Ron\AppData\Local\keyfile3.drm

    2011-07-12 04:35 - 2013-09-08 23:15 - 0000600 _____ () C:\Users\Ron\AppData\Local\PUTTY.RND

    2016-10-12 13:06 - 2016-10-12 13:06 - 0000837 _____ () C:\Users\Ron\AppData\Local\recently-used.xbel

    2010-03-19 07:32 - 2016-09-29 21:09 - 0007606 _____ () C:\Users\Ron\AppData\Local\resmon.resmoncfg

    2011-02-13 22:09 - 2011-02-13 22:09 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

    2015-10-01 09:12 - 2015-10-01 09:12 - 0010392 _____ () C:\ProgramData\regid.2015-09.com.zebra_382F6BCF-CF0F-4390-94F1-6CEF82FFFB02.swidtag


    Files to move or delete:

    ====================

    C:\Users\Public\pass.dat

    C:\Users\Ron\en_res.dll

    C:\Users\Ron\es_res.dll

    C:\Users\Ron\fr_res.dll

    C:\Users\Ron\grm_res.dll

    C:\Users\Ron\it_res.dll

    C:\Users\Ron\jp_res.dll

    C:\Users\Ron\lyrics-finder.exe

    C:\Users\Ron\mfc80u.dll

    C:\Users\Ron\msvcr80.dll

    C:\Users\Ron\PCPE Setup.exe

    C:\Users\Ron\pt_res.dll

    C:\Users\Ron\ResourceReader.dll

    C:\Users\Ron\ripsetup.exe

    C:\Users\Ron\ru_res.dll

    C:\Users\Ron\zh_res.dll



    Some files in TEMP:

    ====================

    2013-11-29 18:48 - 2013-11-29 18:48 - 0000000 _____ () C:\Users\Employee Access\AppData\Local\Temp\c3bty7qd.dll

    2016-12-02 20:50 - 2016-12-02 20:50 - 0875792 _____ (NCH Software) C:\Users\Ron\AppData\Local\Temp\burnsetup.exe

    2017-02-05 20:02 - 2017-02-05 20:02 - 1681656 _____ (NCH Software) C:\Users\Ron\AppData\Local\Temp\debutsetup.exe

    2016-12-16 19:17 - 2017-02-19 12:32 - 21360360 _____ (Siber Systems) C:\Users\Ron\AppData\Local\Temp\RoboForm-Setup.exe

    2016-12-02 20:50 - 2016-12-02 20:50 - 0727784 _____ (NCH Software) C:\Users\Ron\AppData\Local\Temp\rpsetup.exe


    ==================== Bamital & volsnap ======================


    (There is no automatic fix for files that do not pass verification.)


    C:\Windows\system32\winlogon.exe => File is digitally signed

    C:\Windows\system32\wininit.exe => File is digitally signed

    C:\Windows\SysWOW64\wininit.exe => File is digitally signed

    C:\Windows\explorer.exe => File is digitally signed

    C:\Windows\SysWOW64\explorer.exe => File is digitally signed

    C:\Windows\system32\svchost.exe => File is digitally signed

    C:\Windows\SysWOW64\svchost.exe => File is digitally signed

    C:\Windows\system32\services.exe => File is digitally signed

    C:\Windows\system32\User32.dll => File is digitally signed

    C:\Windows\SysWOW64\User32.dll => File is digitally signed

    C:\Windows\system32\userinit.exe => File is digitally signed

    C:\Windows\SysWOW64\userinit.exe => File is digitally signed

    C:\Windows\system32\rpcss.dll => File is digitally signed

    C:\Windows\system32\dnsapi.dll => File is digitally signed

    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2017-02-22 00:14\


    ==================== End of FRST.txt ============================








    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2017 01

    Ran by Ron (27-02-2017 21:38:43)

    Running from C:\Users\Ron\Desktop

    Windows 7 Home Premium Service Pack 1 (X64) (2010-01-27 08:03:43)

    Boot Mode: Normal

    ==========================================================



    ==================== Accounts: =============================


    Administrator (S-1-5-21-1719432816-2042769076-3470656445-500 - Administrator - Disabled)

    Employee Access (S-1-5-21-1719432816-2042769076-3470656445-1009 - Limited - Enabled) => C:\Users\Employee Access

    Guest (S-1-5-21-1719432816-2042769076-3470656445-501 - Limited - Enabled)

    HomeGroupUser$ (S-1-5-21-1719432816-2042769076-3470656445-1002 - Limited - Enabled)

    LogMeInRemoteUser (S-1-5-21-1719432816-2042769076-3470656445-1006 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser

    Ron (S-1-5-21-1719432816-2042769076-3470656445-1001 - Administrator - Enabled) => C:\Users\Ron

    Test (S-1-5-21-1719432816-2042769076-3470656445-1007 - Administrator - Enabled) => C:\Users\Test

    UpdatusUser (S-1-5-21-1719432816-2042769076-3470656445-1008 - Limited - Enabled) => C:\Users\UpdatusUser


    ==================== Security Center ========================


    (If an entry is included in the fixlist, it will be removed.)


    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    ==================== Installed Programs ======================


    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


    7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version: - )

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)

    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)

    Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)

    Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)

    Amazon Kindle (HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)

    ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden

    Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)

    Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)

    Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)

    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)

    Artweaver 1.0 (HKLM-x32\...\{A025CFB8-64E7-4432-824F-11E7C5ED2ECE}_is1) (Version: 1.0 - Boris Eyrich Software)

    Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)

    Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)

    AudioConverter Studio 9.1 (HKLM-x32\...\AudioConverter Studio_is1) (Version: - ManiacTools.com)

    AutoHotkey 1.1.13.01 (HKLM\...\AutoHotkey) (Version: 1.1.13.01 - Lexikos)

    Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)

    BitTorrent (HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\BitTorrent) (Version: 7.9.7.42331 - BitTorrent Inc.)

    Blueberry PDF Form Filler (x32 Version: 1.0.0.89 - Blueberry Consultants) Hidden

    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

    BRAdmin Professional 3 (HKLM-x32\...\{75C885D4-C758-4896-A3B4-90DA34B44C31}) (Version: 3.58.0003 - Brother)

    Brother HL-4040CDN (HKLM-x32\...\{341F242E-90A8-471E-A72B-4306040E5416}) (Version: 1.00 - Brother)

    Brother MFL-Pro Suite MFC-7840W (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.0.1.0 - Brother Industries, Ltd.)

    CCC (x32 Version: 12.00.0000 - United Parcel Service, Inc.) Hidden

    CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)

    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

    Core FTP LE 2.1 (HKLM-x32\...\Core FTP LE 2.1) (Version: - )

    Crimson Editor SVN286 (HKLM-x32\...\Crimson Editor SVN286) (Version: SVN286 - Emerald Editor Community)

    CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)

    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

    DAZzle (HKLM-x32\...\DAZzle) (Version: - )

    Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 3.07 - NCH Software)

    DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)

    DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden

    Dropbox (HKLM-x32\...\Dropbox) (Version: 20.4.19 - Dropbox, Inc.)

    Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden

    DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.2.0.794 - Sanford, L.P.)

    DYMO LabelWriter Drivers (HKLM\...\{CE16D92B-50F3-4FC5-B29C-13FAFEE1A6C6}) (Version: 8.3.0.443 - Sanford L.P.)

    DYMO Printable Postage (HKLM-x32\...\Printable Postage.exe) (Version: 4.0 - Endicia Internet Postage)

    Elevated Installer (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden

    Evernote v. 6.1.2 (HKLM-x32\...\{A46ABD1E-2837-11E6-9E7C-005056951CAD}) (Version: 6.1.2.2292 - Evernote Corp.)

    Express Burn Disc Burning Software (HKLM-x32\...\ExpressBurn) (Version: 5.15 - NCH Software)

    Express Rip CD Ripper Software (HKLM-x32\...\ExpressRip) (Version: 1.97 - NCH Software)

    FastStone Image Viewer 4.0 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.0 - FastStone Soft)

    Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)

    File Type Advisor 1.6 (HKLM-x32\...\File Type Advisor_is1) (Version: - )

    FileZilla Client 3.24.0 (HKLM-x32\...\FileZilla Client) (Version: 3.24.0 - Tim Kosse)

    FlipShare (HKLM-x32\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video)

    FormsComponent (x32 Version: 12.00.0000 - UPS) Hidden

    FOSS (x32 Version: 12.50.0000 - UPS) Hidden

    Free M4a to MP3 Converter 9.3 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)

    Free YouTube to MP3 Converter Studio 9.0 (HKLM-x32\...\Free YouTube to MP3 Converter Studio_is1) (Version: - mediaprolab.com)

    Gadwin PrintScreen (64-Bit) (HKLM\...\{819A52E1-0929-469A-BEB6-1AEBE0873CFC}) (Version: 5.4.2.0 - Gadwin Systems)

    Garmin Express (HKLM-x32\...\{9fbf4745-0038-4ed3-aee1-87af9b9ef8f1}) (Version: 5.1.1.0 - Garmin Ltd or its subsidiaries)

    Garmin Express (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden

    Garmin Express Tray (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden

    GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)

    GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 8.4.3.3 - Siber Systems)

    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)

    Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)

    Google Talk (remove only) (HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - )

    Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)

    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)

    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

    Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden

    Google Web Designer (HKLM\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 1.3.10.0 - Google Inc.)

    Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)

    HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)

    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)

    HP Media Vault Pro (HKLM-x32\...\{01ACF590-90FE-43EE-906E-EC051D587CA8}) (Version: 1.2.1.16218 - Hewlett-Packard)

    HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)

    HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 9.7.3 - Hewlett-Packard Company)

    HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)

    HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)

    HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)

    HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)

    ICCHelp (HKLM-x32\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 1.0.0.2 - UPS)

    iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.)

    IP Camera (HKLM-x32\...\IP Camera) (Version: - )

    iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)

    Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)

    Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

    Korean Fonts Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5670-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)

    LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)

    LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden

    LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )

    LastPass(uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)

    Launch-n-Go (HKLM-x32\...\{7CE12FDF-B758-46A5-A8CD-785EDFDC5B84}) (Version: 2.0 - Tethys Solutions, LLC)

    LightScribe Diagnostic Utility (HKLM-x32\...\{8FE019AA-8C1C-46D3-A6CA-E45C5E332736}) (Version: 1.18.27.10 - LightScribe)

    LightScribe System Software (HKLM-x32\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe)

    Linksys Dual Band Wireless-AC USB Adapter (HKLM-x32\...\{C094F1A2-5EDF-4550-AE67-5FC1F4D2186F}) (Version: 1.0.0.22 - Linksys LLC)

    LogMeIn (HKLM-x32\...\{34F93E31-E1A0-421C-8E86-BCF7C4193A91}) (Version: 4.0.982 - LogMeIn, Inc.)

    LogMeIn (HKLM-x32\...\{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}) (Version: 4.1.1578 - LogMeIn, Inc.)

    MAMP & MAMP PRO version 3.2.2 (HKLM-x32\...\{A62E77D4-9B74-4CA0-A254-EFE711F7A298}_is1) (Version: 3.2.2 - appsolute Gmbh)

    Mega Video Converter 2.2 (HKLM-x32\...\Mega Video Converter_is1) (Version: - Mega Video Converter)

    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)

    Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)

    Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)

    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

    Microsoft Office Access 2003 (HKLM-x32\...\{90150409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

    Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

    Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - )

    Microsoft Office Outlook 2007 (HKLM-x32\...\OUTLOOKR) (Version: 12.0.6612.1000 - Microsoft Corporation)

    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)

    Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)

    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

    Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)

    Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)

    Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)

    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)

    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)

    Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

    Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)

    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)

    mp3Tag Pro 9.5 (HKLM-x32\...\mp3Tag Pro_is1) (Version: - ManiacTools.com)

    MSIChecker (x32 Version: 9.00.0000 - UPS) Hidden

    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

    MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.3.2 - MusicBrainz)

    NA1Messenger (x32 Version: 12.00.6000 - Your Company Name) Hidden

    NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.2.27.1 - NETGEAR Inc.)

    NETGEAR Powerline Utility (HKLM-x32\...\InstallShield_{2753B568-6F85-4E31-A114-A7F8D8606DDD}) (Version: 2.0.0.6 - NETGEAR Powerline)

    NETGEAR Powerline Utility (x32 Version: 2.0.0.6 - NETGEAR Powerline) Hidden

    Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.5 - )

    NRF (x32 Version: 12.00.0000 - UPS) Hidden

    NTI DriveBackup! 4 (HKLM-x32\...\{651DF20A-B6D8-4C7A-BBD8-EBC5FC7CF1C1}) (Version: 4.8.35.0 - NewTech Infosystems)

    NTI Shadow 3 (HKLM-x32\...\{E9EB5689-4F76-4E3C-A675-5ED5F52AB890}) (Version: 3.8.2.59 - NewTech Infosystems)

    NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9739 - NVIDIA Corporation)

    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.6 - NVIDIA Corporation)

    NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)

    NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)

    Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Octoshape add-in for Adobe Flash Player) (Version: - )

    ocxinstall (HKLM-x32\...\{1A2606DD-5E86-4ADA-954B-D98012A174E0}) (Version: 1.0.0.32 - apexis)

    OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)

    OutlookTempCleaner (HKLM-x32\...\{6CBD7BE6-D9C7-4856-9B40-8C67037D1A72}) (Version: 1.2.0 - HowTo-Outlook)

    Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)

    PDF reDirect (remove only) (HKLM-x32\...\PDF reDirect) (Version: v2.2.8 - EXP Systems LLC)

    PDFlite 1.0.0.0 (HKLM-x32\...\PDFlite) (Version: 1.0.0.0 - Amnis Technology Ltd)

    PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)

    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

    PolicyManager (x32 Version: 12.00.0000 - UPS) Hidden

    Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)

    Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden

    PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)

    PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3405 - CyberLink Corp.)

    PowerDirector (x32 Version: 7.0.3405 - CyberLink Corp.) Hidden

    PreSonus Studio One 3 (HKLM-x32\...\PreSonus Studio One 3) (Version: 3.2.2.37876 - PreSonus Audio Electronics)

    PrimoPDF -- by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5.0.0.19 - Nitro PDF Software)

    PuTTY version 0.60 (HKLM-x32\...\PuTTY_is1) (Version: 0.60 - Simon Tatham)

    puzzle.watype.net/jigsawlite (HKLM-x32\...\net.watype.puzzle.jigsawlite.59CF40312C069B2E5F3F9C70D453B8E2C77D2E60.1) (Version: 0.18.2.20 - UNKNOWN)

    puzzle.watype.net/jigsawlite (x32 Version: 0.18.2 - UNKNOWN) Hidden

    PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden

    QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)

    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6531 - Realtek Semiconductor Corp.)

    Reconciler (x32 Version: 12.00.0000 - UPS) Hidden

    RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 5.35 - NCH Software)

    Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden

    Recuva (HKLM\...\Recuva) (Version: 1.49 - Piriform)

    ReportServer (x32 Version: 12.00.0000 - Your Company Name) Hidden

    RoboForm 7-9-27-7 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-27-7 - Siber Systems)

    Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)

    SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.)

    SecureTunnel Private Network (HKLM-x32\...\SecureTunnel Private Network 2.9.0) (Version: 2.9.0 - SecureTunnel.com)

    SecureTunnel Private Network (x32 Version: 2.9.0 - SecureTunnel.com) Hidden

    SiteSpinner Pro V2 (HKLM-x32\...\{8F2F5883-646E-472E-85B9-BBE5D6F37803}) (Version: 2.92.17 - Virtual Mechanics)

    Skype Web Plugin (HKLM-x32\...\{F6C18D35-D3EB-4AEA-B266-C2F11B6DB723}) (Version: 7.12.0.55 - Skype Technologies S.A.)

    Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.106 - Skype Technologies S.A.)

    SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: - NCH Software)

    StormPredator 3.6 (HKLM-x32\...\StormPredator_3.31) (Version: 3.6 - IntelliWeather, Inc)

    SupportUtility (x32 Version: 12.00.0000 - Your Company Name) Hidden

    System (x32 Version: 12.00.0000 - UPS) Hidden

    TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )

    TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)

    the LATEST VERSION OF THE GVJACKAPP (HKLM-x32\...\{GVJackAppUpdate-94F9C78F-EA53-45CA-B980-F3CBB199A2D5}_is1) (Version: - PCPhoneSoft.com)

    Tracks Live (HKLM\...\{7CDFC114-1808-4C24-B69C-9EE265F890FC}) (Version: 1.2 - Waves Audio)

    Ubuntu (HKLM-x32\...\Wubi) (Version: 12.04.1-rev273 - Ubuntu)

    UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.0.9.5 - uvnc bvba)

    UmmyVideoDownloader (HKLM-x32\...\{E028DBDA-EEE7-48A0-ADF7-D250589A02C5}_is1) (Version: 1.6.0.3 - ) <==== ATTENTION

    UnifiedPrinting (x32 Version: 12.00.0000 - UPS) Hidden

    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

    UPS Thermal Printer Plugin - Version 8.10 (HKLM-x32\...\{BB2F9840-531D-4C8E-9F19-A101ECD9ABC0}) (Version: - )

    UPS WorldShip (HKLM-x32\...\UPS WorldShip) (Version: 12.0 - UPS)

    UPSDB (x32 Version: 12.00.0000 - UPS) Hidden

    UPSICC (x32 Version: 1.0.0.16 - UPS) Hidden

    UPSlinkHTTP (x32 Version: 1.0.0.13 - UPS) Hidden

    UPSVCMM (x32 Version: 12.00.0000 - UPS) Hidden

    Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)

    Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)

    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)

    VuePrint (HKLM-x32\...\VuePrint) (Version: - )

    WebFilteringEngine (Version: 2.2.1.0 - Lavasoft) Hidden

    WebHelp (HKLM-x32\...\{8C5BD501-AD5D-4A75-9321-076509B438FC}) (Version: 1.00.0000 - UPS)

    Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)

    Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

    Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

    WinMerge 2.12.4 (HKLM-x32\...\WinMerge_is1) (Version: 2.12.4 - Thingamahoochie Software)

    WMA 9 Lossless to PCM Conversion Tool (HKLM-x32\...\wmal2pcm) (Version: - )

    WorldShip (x32 Version: 12.00.0000 - UPS) Hidden

    ZebraNet Bridge 1_3_3 (HKLM-x32\...\{67A1CB41-3DCA-4872-9485-FFEDFF25C95C}) (Version: 1.3.302 - Zebra Technologies)

    ZyXEL PLA Series Utility (HKLM-x32\...\{65FB8889-07CF-4ECC-859D-927EA587A7C1}) (Version: 7.00.0004 - ZyXEL Communications Corp.)


    ==================== Custom CLSID (Whitelisted): ==========================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\ChromeHTML: -> <==== ATTENTION

    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File

    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{147D75F3-19D5-4810-800D-7F50A02E8B60}\InprocServer32 -> C:\Users\Ron\AppData\Local\SkypePlugin\7.12.0.55\GatewayActiveX-x64.dll (Skype Technologies S.A.)

    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File

    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File

    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File

    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File

    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File

    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {184C3844-9468-D082-12A8-3DE985889A47} => No File

    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{B9BE850C-F3F7-48AD-BB5B-A0CDA0706DB5}\localserver32 -> C:\Users\Ron\AppData\Local\SkypePlugin\7.12.0.55\GatewayVersion-x64.exe (Skype Technologies S.A.)

    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File

    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)

    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Ron\AppData\Local\SkypePlugin\7.12.0.55\EdgeCalling.exe (Skype Technologies S.A.)

    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File

    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File

    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {40DE96E7-9468-D082-B106-AFB185889A47} => No File

    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)


    ==================== Scheduled Tasks (Whitelisted) =============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    Task: {018C8B41-7568-41E9-9B06-8F5E9EB86F21} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [2015-07-15] (File Type Advisor)

    Task: {0C45D057-3956-401D-9F80-E63391787284} - System32\Tasks\{DA0A0907-C0AE-4D7F-B317-61412A8F56F3} => pcalua.exe -a C:\Users\Ron\Desktop\setup.exe -d C:\Users\Ron\Desktop

    Task: {171EE4DF-0493-4CC0-A7E8-2C358D3D75E6} - System32\Tasks\{2CC58E79-14EC-4202-A6C7-D9D05FF2D1F7} => pcalua.exe -a C:\brodnt\HL-2170W\install\usa\inst\setup.exe -d C:\brodnt\HL-2170W\install\usa\inst

    Task: {1B617820-169F-4EFE-827B-E04640DD2476} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

    Task: {1F7B9E04-3B56-42B4-9043-34B84CC81787} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxps://www.roboform.com/test-pass.html?aaa=KICMNJHMLJMMPMKJKMIMCNIMMJKJIMCNLMMJPMLJCNHMKJGMKMCNJMNMJMLJLJLJNJLJJJNJPMPMJNJICMIMCNGMCNNMIMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMNMOMLMJMJNHICMMJBJKJLIMJJNBJCMNKAJBJJNKJCMJNNICMJNDJCMKJBJJNMJCMOMFMH (the data entry has 44 more characters).

    Task: {35DE0D53-566B-4257-BEBD-8B51A6614734} - System32\Tasks\AutoUpdaterTask => C:\Program Files (x86)\Auto Updater\AutoUpdater.exe

    Task: {38CA567C-8D38-43E6-B376-9AF18BB37898} - System32\Tasks\{526058CB-A3FC-4B49-9384-E0C6BE1A8B2D} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation)

    Task: {45E20403-D863-4A27-A7BA-BF5249F92389} - System32\Tasks\{3541A9E2-1605-4FAD-8F96-438748432F9D} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation)

    Task: {4C8D2E40-464C-44E8-83FA-51C607B604CE} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2017-02-19] (Siber Systems)

    Task: {4FD35115-73D5-4D26-B767-FBC93DD15F5C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)

    Task: {58C0C529-BC37-4337-B0A0-C08B2F5FAF41} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)

    Task: {5A3CEBFD-A8F0-4858-9E07-7E5249B5E4C3} - System32\Tasks\HPCeeScheduleForRon => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07] (Hewlett-Packard)


    Task: {68F6F88A-2670-4CF5-BFFF-2BFFFD14F2A4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1719432816-2042769076-3470656445-1001UA => C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-28] (Google Inc.)

    Task: {7078C9F7-1CC5-4BD6-B8A0-26C5241F6879} - System32\Tasks\{9CFD2462-2C82-4C34-B8B5-EB1925AA4EBA} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation)

    Task: {7CF7CFB7-D44C-46BB-B50B-297DF727E8D6} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)

    Task: {7FC36B8F-7346-4E96-A201-FCB59358456C} - System32\Tasks\{280F04D4-7E1E-4FFB-8BA1-B9C9DF95ED4B} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2015-12-29] (Skype Technologies S.A.)

    Task: {82362E66-1F65-4AF2-95C9-7BB25D4B760E} - System32\Tasks\{52A341EC-FFC4-4969-B3CB-D11F0D781F43} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe" -c /AppMode=SETUP /Uninstall

    Task: {8FBDA4A1-2911-4DA6-8505-2E6C550E3071} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)

    Task: {9E191FCE-73EA-4502-8B5B-589C3880DF87} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)

    Task: {9EFA47FE-7763-46CB-B61B-85A5BEB2778E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

    Task: {B5DB96E3-56F6-4106-AA61-09346EC76FB5} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe

    Task: {CB06BE51-9DF6-46F8-9035-B07468322293} - System32\Tasks\{56023160-B799-4645-B063-AFFAE4234881} => pcalua.exe -a E:\setup.exe -d E:\

    Task: {D3F54BCA-642F-4313-84B8-40C3C67C730D} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-01-16] ()

    Task: {E8025BB0-CA5C-474B-9310-02A9A80C789C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1719432816-2042769076-3470656445-1001Core => C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-28] (Google Inc.)

    Task: {E94BAD03-5685-4E6D-B696-EA09F280530F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe

    Task: {EEDEE430-FBEC-4D69-B2A5-C0A9BA413A68} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)

    Task: {F52D2128-CD63-4D46-9204-4470FEE35DD5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-13] (Adobe Systems Incorporated)


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

    Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

    Task: C:\Windows\Tasks\HPCeeScheduleForRon.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe 5-fh scripts\monthly.xml


    ==================== Shortcuts =============================


    (The entries could be listed to be restored or removed.)


    Shortcut: C:\Users\Ron\images\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm

    Shortcut: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co


    ==================== Loaded Modules (Whitelisted) ==============


    2008-08-04 23:07 - 2008-08-04 23:07 - 00064704 _____ () C:\Windows\System32\PDFreDirectMon64.dll

    2010-03-24 23:13 - 2009-07-30 18:58 - 00090624 _____ () C:\Windows\System32\Primomonnt.dll

    2011-06-18 14:27 - 2005-03-11 17:07 - 00087040 _____ () C:\Windows\System32\redmonnt.dll

    2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

    2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

    2010-03-12 12:54 - 2005-04-22 13:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll

    2017-01-13 12:10 - 2017-01-13 12:10 - 00052400 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll

    2012-10-16 06:54 - 2012-10-16 06:54 - 01041736 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe

    2009-12-01 21:36 - 2009-12-01 21:36 - 00024576 _____ () C:\UPS\WSTD\UPSNA1Msgr.exe

    2009-12-01 21:39 - 2011-03-09 01:49 - 00422912 _____ () C:\UPS\WSTD\WSTDMessaging.exe

    2012-09-24 23:06 - 2012-09-24 23:06 - 00122696 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe

    2012-05-10 23:24 - 2012-05-10 23:24 - 02537472 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtCore4.dll

    2012-05-09 19:34 - 2012-05-09 19:34 - 00011362 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\mingwm10.dll

    2012-05-09 19:34 - 2012-05-09 19:34 - 00043008 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll

    2012-05-10 23:24 - 2012-05-10 23:24 - 09814016 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtGui4.dll

    2012-10-11 17:57 - 2012-10-11 17:57 - 00478720 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll

    2012-10-11 17:57 - 2012-10-11 17:57 - 01553408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll

    2012-05-10 23:24 - 2012-05-10 23:24 - 01140224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtNetwork4.dll

    2012-05-10 23:24 - 2012-05-10 23:24 - 00399360 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtXml4.dll

    2012-10-11 17:57 - 2012-10-11 17:57 - 00229888 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll

    2012-10-11 17:57 - 2012-10-11 17:57 - 01062400 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll

    2012-10-16 18:41 - 2012-10-16 18:41 - 03775488 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll

    2012-10-11 17:57 - 2012-10-11 17:57 - 00500736 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll

    2012-10-11 17:57 - 2012-10-11 17:57 - 00186368 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll

    2012-10-11 17:57 - 2012-10-11 17:57 - 01132032 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll

    2012-10-11 17:57 - 2012-10-11 17:57 - 08295424 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll

    2012-10-11 17:57 - 2012-10-11 17:57 - 01188352 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll

    2012-10-11 17:57 - 2012-10-11 17:57 - 00088064 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll

    2012-10-11 17:57 - 2012-10-11 17:57 - 00641536 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll

    2012-10-11 17:57 - 2012-10-11 17:57 - 00920064 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll

    2012-10-11 17:57 - 2012-10-11 17:57 - 00438272 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll

    2012-05-10 23:24 - 2012-05-10 23:24 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif4.dll

    2012-05-10 23:24 - 2012-05-10 23:24 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico4.dll

    2012-05-10 23:24 - 2012-05-10 23:24 - 00287232 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg4.dll

    2012-10-11 17:57 - 2012-10-11 17:57 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll

    2012-10-11 17:57 - 2012-10-11 17:57 - 00150528 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll

    2012-09-24 23:06 - 2012-09-24 23:06 - 01233389 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll

    2012-10-11 17:57 - 2012-10-11 17:57 - 00082432 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.DLL

    2012-10-11 17:57 - 2012-10-11 17:57 - 00083968 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll

    2012-10-11 17:57 - 2012-10-11 17:57 - 00138752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll

    2012-10-11 17:57 - 2012-10-11 17:57 - 00702464 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll

    2012-10-11 17:57 - 2012-10-11 17:57 - 00504832 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll

    2012-10-11 17:57 - 2012-10-11 17:57 - 00116224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll

    2012-10-11 17:57 - 2012-10-11 17:57 - 00076288 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll

    2017-01-13 13:56 - 2017-01-13 13:56 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

    2016-09-01 17:13 - 2016-09-01 17:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

    2017-01-13 13:56 - 2017-01-13 13:56 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll

    2009-12-01 21:36 - 2009-12-01 21:36 - 00045056 _____ () C:\UPS\WSTD\PolicyMgr\UPS.Components.NA1MessengerServer.dll

    2009-12-01 19:34 - 2009-12-01 19:34 - 00018944 _____ () C:\UPS\WSTD\UPSResourceManager.dll

    2009-12-01 21:37 - 2009-12-01 21:37 - 00053248 _____ () C:\UPS\WSTD\PolicyMgr\UPS.Components.PolicyHolder.dll

    2009-12-01 21:37 - 2009-12-01 21:37 - 00024576 _____ () C:\UPS\WSTD\PolicyMgr\Microsoft.ApplicationBlocks.Data.dll

    2010-03-12 12:54 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

    2016-06-01 13:39 - 2016-06-01 13:39 - 00439480 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll

    2016-06-01 13:39 - 2016-06-01 13:39 - 00321208 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll

    2015-11-11 03:41 - 2015-11-11 03:41 - 00756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

    2017-02-06 13:30 - 2017-02-01 02:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll

    2017-02-06 13:30 - 2017-02-01 02:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll

    2017-02-27 21:31 - 2017-02-21 11:58 - 00802112 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll

    2015-12-11 17:57 - 2017-01-25 14:03 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd

    2015-12-11 17:57 - 2017-01-25 14:03 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd

    2015-12-11 17:57 - 2017-01-25 14:03 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd

    2015-12-11 17:57 - 2017-02-21 12:01 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd

    2015-12-11 17:57 - 2017-01-25 14:03 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd

    2017-02-27 21:31 - 2017-02-21 12:01 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd

    2015-12-11 17:57 - 2017-01-25 14:04 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd

    2017-02-27 21:31 - 2017-02-21 12:01 - 01682768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd

    2017-02-27 21:31 - 2017-02-21 12:01 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd

    2017-02-27 21:31 - 2017-01-25 14:03 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd

    2017-02-27 21:31 - 2017-01-25 14:04 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd

    2017-02-27 21:31 - 2017-01-25 14:03 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll

    2015-12-11 17:57 - 2017-01-25 14:06 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd

    2016-08-05 09:54 - 2017-02-21 12:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd

    2017-02-27 21:31 - 2017-02-21 12:01 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd

    2017-02-27 21:31 - 2017-02-21 12:01 - 00052544 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd

    2015-12-11 17:57 - 2017-01-25 14:06 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd

    2017-02-27 21:31 - 2017-01-25 14:03 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll

    2017-02-27 21:31 - 2017-01-25 14:06 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd

    2015-12-11 17:57 - 2017-01-25 14:06 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd

    2015-12-11 17:57 - 2017-02-21 12:01 - 00381760 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd

    2015-12-11 17:57 - 2017-01-25 14:06 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd

    2016-08-05 09:54 - 2017-02-21 12:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd

    2015-12-11 17:57 - 2017-01-25 14:06 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd

    2015-12-11 17:57 - 2017-01-25 14:06 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd

    2015-12-11 17:57 - 2017-01-25 14:06 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd

    2015-12-11 17:57 - 2017-01-25 14:06 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd

    2015-12-11 17:57 - 2017-01-25 14:06 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd

    2015-12-11 17:57 - 2017-01-25 14:06 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd

    2015-12-11 17:57 - 2017-01-25 14:06 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd

    2017-02-27 21:31 - 2017-02-21 12:01 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd

    2017-02-27 21:31 - 2017-02-21 12:01 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd

    2016-08-05 09:54 - 2017-01-25 14:05 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd

    2017-02-27 21:31 - 2017-02-21 12:01 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd

    2015-12-11 17:57 - 2017-01-25 14:06 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd

    2017-02-27 21:31 - 2017-02-21 12:01 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd

    2015-12-11 17:57 - 2017-01-25 14:04 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd

    2017-02-27 21:31 - 2017-02-21 12:01 - 01972536 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd

    2017-02-27 21:31 - 2017-02-21 12:01 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd

    2017-02-27 21:31 - 2017-02-21 12:01 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd

    2017-02-27 21:32 - 2017-02-21 12:01 - 00053072 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd

    2015-12-11 17:57 - 2017-02-21 12:01 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd

    2017-02-27 21:31 - 2017-02-21 12:01 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd

    2017-02-27 21:31 - 2017-02-21 12:01 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd

    2017-02-27 21:31 - 2017-02-21 12:01 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd

    2017-01-23 14:00 - 2017-02-21 12:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd

    2017-01-23 14:00 - 2017-02-21 12:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd

    2017-01-23 14:00 - 2017-02-21 12:01 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd

    2017-01-23 14:00 - 2017-02-21 12:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd

    2015-12-11 17:57 - 2017-01-25 14:06 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd

    2016-02-12 03:03 - 2017-02-21 12:01 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd

    2017-02-27 21:31 - 2017-02-21 12:01 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd

    2017-02-27 21:31 - 2017-01-25 14:01 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll

    2017-02-27 21:31 - 2017-02-21 12:01 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL

    2017-02-27 21:31 - 2017-01-25 14:11 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll

    2017-02-27 21:31 - 2017-01-25 14:11 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll

    2017-02-27 21:31 - 2017-02-21 12:01 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd

    2017-02-27 21:31 - 2017-02-21 12:01 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd

    2017-02-27 21:31 - 2017-02-21 12:01 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd

    2015-12-11 17:57 - 2017-01-25 14:06 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd

    2016-08-05 09:54 - 2017-02-21 12:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd

    2017-02-27 21:31 - 2017-02-21 12:01 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd


    ==================== Alternate Data Streams (Whitelisted) =========


    (If an entry is included in the fixlist, only the ADS will be removed.)



    ==================== Safe Mode (Whitelisted) ===================


    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen => ""="Service"


    ==================== Association (Whitelisted) ===============


    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Classes\.exe: => <===== ATTENTION

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Classes\.scr: => <===== ATTENTION

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Classes\.bat: => <===== ATTENTION

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Classes\.com: => <===== ATTENTION

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Classes\.cmd: => <===== ATTENTION

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Classes\.reg: => <===== ATTENTION


    ==================== Internet Explorer trusted/restricted ===============


    (If an entry is included in the fixlist, it will be removed from the registry.)


    IE trusted site: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\member-data.com -> hxxps://www.member-data.com


    ==================== Hosts content: ==========================


    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)


    2012-04-26 20:36 - 2013-08-22 14:56 - 00000410 ____A C:\Windows\system32\Drivers\etc\hosts


    127.0.0.1 localhost

    255.255.255.255 broadcasthost


    ==================== Other Areas ============================


    (Currently there is no automatic fix for this section.)


    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Control Panel\Desktop\\Wallpaper ->

    DNS Servers: 75.75.75.75 - 75.75.76.76

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

    Windows Firewall is enabled.


    ==================== MSCONFIG/TASK MANAGER disabled items ==


    MSCONFIG\Services: AdobeARMservice => 2

    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3

    MSCONFIG\Services: AgereModemAudio => 2

    MSCONFIG\Services: APC Data Service => 2

    MSCONFIG\Services: APC UPS Service => 2

    MSCONFIG\Services: Apple Mobile Device Service => 2

    MSCONFIG\Services: Bonjour Service => 2

    MSCONFIG\Services: BRA_Scheduler => 2

    MSCONFIG\Services: dbupdate => 2

    MSCONFIG\Services: dbupdatem => 3

    MSCONFIG\Services: DbxSvc => 2

    MSCONFIG\Services: GameConsoleService => 3

    MSCONFIG\Services: Garmin Device Interaction Service => 2

    MSCONFIG\Services: gupdate => 2

    MSCONFIG\Services: gupdatem => 3

    MSCONFIG\Services: gusvc => 3

    MSCONFIG\Services: hpqwmiex => 3

    MSCONFIG\Services: IDriverT => 3

    MSCONFIG\Services: iPod Service => 3

    MSCONFIG\Services: LavasoftAdAwareService11 => 2

    MSCONFIG\Services: LightScribeService => 2

    MSCONFIG\Services: LMIGuardianSvc => 2

    MSCONFIG\Services: MozillaMaintenance => 3

    MSCONFIG\Services: nvsvc => 2

    MSCONFIG\Services: nvUpdatusService => 2

    MSCONFIG\Services: SkypeUpdate => 2

    MSCONFIG\Services: TeamViewer => 2

    MSCONFIG\Services: WSWUSB6300 => 2


    ==================== FirewallRules (Whitelisted) ===============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    FirewallRules: [{04CFBCA5-D46F-4261-AF05-054C15FEA067}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE

    FirewallRules: [{CF3F4ACC-ECD5-462C-B096-B9AA9AD48612}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

    FirewallRules: [{02BE86F2-D561-42A0-AFF3-F123A0B12779}] => (Allow) svchost.exe

    FirewallRules: [{FA059FB8-007D-4D10-A57C-CC0DC49699D3}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe

    FirewallRules: [TCP Query User{96E0F301-D6AF-4D3D-B7B4-9CB51499FA9B}C:\program files (x86)\hewlett-packard\hp media vault pro\hpmvtray.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp media vault pro\hpmvtray.exe

    FirewallRules: [uDP Query User{D4E22FA9-D054-4F1C-8CE2-34EEFB651F6C}C:\program files (x86)\hewlett-packard\hp media vault pro\hpmvtray.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp media vault pro\hpmvtray.exe

    FirewallRules: [TCP Query User{53F41E42-E181-4A21-9590-E46DB8A5A190}C:\program files (x86)\hewlett-packard\hp media vault pro\nascfg.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp media vault pro\nascfg.exe

    FirewallRules: [uDP Query User{745AB414-2463-4574-B036-8EFA75FBFA22}C:\program files (x86)\hewlett-packard\hp media vault pro\nascfg.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp media vault pro\nascfg.exe

    FirewallRules: [{A5CA82CD-A30D-4D0D-BC53-AFDFF78FDE3B}] => (Allow) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe

    FirewallRules: [{B3EA48C0-18EF-460F-8101-8B0AF4C13CA8}] => (Allow) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe

    FirewallRules: [{EBAF833E-9F01-4B24-99B2-EF4647509BA3}] => (Allow) LPort=1434

    FirewallRules: [{E4120D3E-A9C6-4892-B966-264C6BC48A67}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe

    FirewallRules: [{9899B5CC-1AC4-4253-B36C-D2A27E7D796B}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe

    FirewallRules: [{77F7158E-CEF0-41E4-BEA6-CF042B55A7BA}] => (Allow) LPort=54925

    FirewallRules: [{F9AC21CC-ABFB-46E9-9142-C422AD900BD8}] => (Allow) LPort=2869

    FirewallRules: [{AF9F98ED-72A3-4D41-BEE5-9A5921F0D6C8}] => (Allow) LPort=1900

    FirewallRules: [{121C20F9-71F5-4E8F-BD65-86309D27865E}] => (Allow) C:\Program Files\UltraVNC\vncviewer.exe

    FirewallRules: [{C845D225-7045-4CB8-AAF6-4C19AE653FA6}] => (Allow) C:\Program Files\UltraVNC\vncviewer.exe

    FirewallRules: [{58967C13-CDF9-4F3E-97D2-D1DED470D1FA}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe

    FirewallRules: [{5EDA4F80-FD2D-49B5-9409-AB6412D13910}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe

    FirewallRules: [{84CAE729-C8E8-4B5B-B202-4F9A88BBF192}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe

    FirewallRules: [{EEDD2655-0487-4562-83BB-F92117D01005}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe

    FirewallRules: [{7FCC12D4-2597-4725-AFAE-47EA39AE5769}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe

    FirewallRules: [{125DD76A-7F2C-4637-A34B-28AE6BBAC108}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe

    FirewallRules: [{4B3E40A2-5249-44A5-80C2-5489728F1408}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe

    FirewallRules: [{D9AC19C1-0DAD-45FA-A6B5-6F5689434355}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe

    FirewallRules: [{B74BF052-ABE8-4877-B1F1-2FD1395213AC}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe

    FirewallRules: [{BB9E8922-E01B-4497-BAB6-BA0DE0DB1363}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe

    FirewallRules: [{1575BDC3-DF99-4EC0-91D8-1603AD9B0E67}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe

    FirewallRules: [{8B2BAFE7-F941-44F1-8D55-8D2C80E66CE7}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe

    FirewallRules: [{41C7AE45-BAD3-4A6F-AFC4-5CC0FF1510C7}] => (Allow) LPort=24726

    FirewallRules: [{96402590-1298-4881-846A-F7EB65EF211B}] => (Allow) LPort=24727

    FirewallRules: [{CF4E4349-0AFF-4356-93E1-178C84805906}] => (Allow) svchost.exe

    FirewallRules: [{EAA09862-6215-482A-B8A2-A6C7C83F23AC}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe

    FirewallRules: [TCP Query User{B249BE15-7982-4ACA-8447-C4F896C7997D}C:\windows\syswow64\ipcamera.exe] => (Allow) C:\windows\syswow64\ipcamera.exe

    FirewallRules: [uDP Query User{BF8F1B0C-8CD1-48B1-A22A-777DF22F1B88}C:\windows\syswow64\ipcamera.exe] => (Allow) C:\windows\syswow64\ipcamera.exe

    FirewallRules: [TCP Query User{22FF9D9F-11F8-499A-8B51-A68B23F4DC03}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe

    FirewallRules: [uDP Query User{94364BE9-2099-4CE7-BFEF-F83A8B6B1DFC}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe

    FirewallRules: [TCP Query User{FF22984D-FC8C-4728-B939-96B73E0276A9}C:\program files (x86)\samsung\intelli-studio\istudio.exe] => (Block) C:\program files (x86)\samsung\intelli-studio\istudio.exe

    FirewallRules: [uDP Query User{1006FE27-8BC6-4D74-BA72-A5BF703774BF}C:\program files (x86)\samsung\intelli-studio\istudio.exe] => (Block) C:\program files (x86)\samsung\intelli-studio\istudio.exe

    FirewallRules: [{B73FA5C0-B373-4929-B790-DF3A59970FE2}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe

    FirewallRules: [{AB15C78D-3377-475E-A700-3768463CCFF6}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe

    FirewallRules: [{0C5953A3-404B-48CF-AC3D-36B2F74079C3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

    FirewallRules: [{65AEBF1F-2B29-4B47-AE8E-3D653EAFF55C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

    FirewallRules: [{E4E747B7-FA5C-453E-B4DD-B9F7272188D3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    FirewallRules: [{C624922B-2A83-496A-B626-D0B3AD93FC82}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    FirewallRules: [{DE027B55-E711-4D09-97BA-B103C7238FF7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

    FirewallRules: [{EB32C7CE-C687-4FF6-B3EB-B615F6A381DF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

    FirewallRules: [{0F9D9F04-614F-4A7E-958A-59F422F756D0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

    FirewallRules: [{4B3071DE-6D84-4271-B303-770B2C3D3B39}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

    FirewallRules: [{91BD0D73-8E06-4F8F-93F5-205738B06BCA}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe

    FirewallRules: [{2902C0CE-9285-498E-ACCB-3B3FAE66530E}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe

    FirewallRules: [{E36AFE51-4C82-4EDA-B626-F17326893986}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe

    FirewallRules: [{1B7919B3-BEBB-421C-9019-7CCE21C37F8A}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe

    FirewallRules: [{727E9DD5-A32C-418E-9C18-3C88F0D5B27C}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe

    FirewallRules: [{DD32FDDC-EE86-46F5-A917-5D1494C338E7}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe

    FirewallRules: [{63E501F5-CBD5-458C-94FF-97F93EF55289}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe

    FirewallRules: [{109A1587-7F54-49AC-97B6-A677BACF145D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

    FirewallRules: [{34D57141-8198-452A-8C4C-545989FE1BCF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

    FirewallRules: [{57019B5F-F3C3-4987-83D0-20078E3E80CB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

    FirewallRules: [{6C809256-F108-4F94-94DB-6C37A8407BBD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

    FirewallRules: [{5E2B95F8-5265-4AAF-8A6D-05F7ADEB4C0C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

    FirewallRules: [{53D9A3E1-C3C9-4047-B990-E8643367EE8F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

    FirewallRules: [{E09EE821-C50D-4C5A-B645-C4D5B95CB311}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

    FirewallRules: [{BC13EABF-79A6-40EB-8457-9BB3AA57130F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

    FirewallRules: [{EC33304A-89A8-477B-9766-EAFC22B367FF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    FirewallRules: [{BA2DAC2C-6E7B-4EF7-B306-554D8B3D161D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    FirewallRules: [{234154C8-8698-482D-BDF4-9DD665CB03E2}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

    FirewallRules: [{6FE39A68-60CC-4A90-9993-6642BCB6FA83}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

    FirewallRules: [{9644C4AA-1CDB-43E5-AC42-1B991B935B3D}] => (Allow) C:\Users\Ron\AppData\Roaming\BitTorrent\BitTorrent.exe

    FirewallRules: [{08A19798-139F-46E4-82B4-27E6161ED1BC}] => (Allow) C:\Users\Ron\AppData\Roaming\BitTorrent\BitTorrent.exe

    FirewallRules: [{FFAFD776-7CF2-4644-9B06-F40778DADA97}] => (Allow) C:\Users\Ron\AppData\Roaming\BitTorrent\BitTorrent.exe

    FirewallRules: [{EF9903A1-EB6D-46EA-B231-8E2EF08169F5}] => (Allow) C:\Users\Ron\AppData\Roaming\BitTorrent\BitTorrent.exe

    FirewallRules: [{98DED0C1-5934-4C91-BC20-DA050893EDA5}] => (Allow) C:\Users\Ron\AppData\Roaming\BitTorrent\BitTorrent.exe

    FirewallRules: [{F429B5AF-9034-4A9B-98EA-B0A9F8DB2377}] => (Allow) C:\Users\Ron\AppData\Roaming\BitTorrent\BitTorrent.exe

    FirewallRules: [TCP Query User{58829809-6052-4801-9F84-F51F3DB7D882}C:\program files (x86)\zebralink\zebranet bridge\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\zebralink\zebranet bridge\jre\bin\javaw.exe

    FirewallRules: [uDP Query User{6211E949-E850-4C49-8FF8-3A28FAD9A819}C:\program files (x86)\zebralink\zebranet bridge\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\zebralink\zebranet bridge\jre\bin\javaw.exe

    FirewallRules: [TCP Query User{63F4F807-1D24-442A-94BC-39FF19A77785}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe

    FirewallRules: [uDP Query User{3F1C97F7-306F-4F22-947D-2303C282BF62}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe

    FirewallRules: [TCP Query User{A4285092-38F4-4068-9DF2-32EEF72A6943}C:\mamp\bin\apache\bin\httpd.exe] => (Allow) C:\mamp\bin\apache\bin\httpd.exe

    FirewallRules: [uDP Query User{F96AE503-12BD-4681-B331-37D7B701D20A}C:\mamp\bin\apache\bin\httpd.exe] => (Allow) C:\mamp\bin\apache\bin\httpd.exe

    FirewallRules: [TCP Query User{E8D1ECE3-C62A-4A51-8D3C-EE2697173DAA}C:\mamp\bin\mysql\bin\mysqld.exe] => (Allow) C:\mamp\bin\mysql\bin\mysqld.exe

    FirewallRules: [uDP Query User{19CB9674-82E0-41E9-BBEE-A8FCBEC9B614}C:\mamp\bin\mysql\bin\mysqld.exe] => (Allow) C:\mamp\bin\mysql\bin\mysqld.exe

    FirewallRules: [{22E5D8EF-CD8C-4849-BF01-190C6D90BB37}] => (Allow) C:\Program Files\iTunes\iTunes.exe

    FirewallRules: [{88CB1EA0-AD13-4286-9A40-63347529240C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    FirewallRules: [{D2415291-4194-454E-AE6B-DE3A025BF02E}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

    DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\NASCfg.exe] => Enabled:HP Media Vault Configuration

    DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\NASDriveMapper.exe] => Enabled:HP Media Vault DriveMapper

    DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\HPMVTray.exe] => Enabled:HP Media Vault Monitor

    DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\NASSelector.exe] => Enabled:HP Media Vault Selector

    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\NASDriveMapper.exe] => Enabled:HP Media Vault DriveMapper

    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\NASCfg.exe] => Enabled:HP Media Vault Configuration

    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\HPMVTray.exe] => Enabled:HP Media Vault Monitor

    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\NASSelector.exe] => Enabled:HP Media Vault Selector


    ==================== Restore Points =========================


    22-02-2017 00:21:26 Scheduled Checkpoint

    22-02-2017 13:37:41 Windows Update

    24-02-2017 03:00:15 Windows Update

    25-02-2017 23:54:48 Windows Backup

    26-02-2017 12:26:07 Windows Backup


    ==================== Faulty Device Manager Devices =============


    Name: SBRE

    Description: SBRE

    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

    Manufacturer:

    Service: SBRE

    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

    Devices stay in this state if they have been prepared for removal.

    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    Name: BitDefender Firewall NDIS 6 Filter Driver

    Description: BitDefender Firewall NDIS 6 Filter Driver

    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

    Manufacturer:

    Service: BdfNdisf

    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

    Devices stay in this state if they have been prepared for removal.

    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    Name: bdftdif

    Description: bdftdif

    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

    Manufacturer:

    Service: bdftdif

    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

    Devices stay in this state if they have been prepared for removal.

    After you remove the device, this error disappears.Remove the device, and this error should be resolved.



    ==================== Event log errors: =========================


    Application errors:

    ==================

    Error: (02/27/2017 09:32:18 PM) (Source: DbxSvc) (EventID: 270) (User: )

    Description: (-2145452013) The system could not find the filter specified.


    Error: (02/27/2017 09:25:09 PM) (Source: Application Error) (EventID: 1000) (User: )

    Description: Faulting application name: iCloudDrive.exe, version: 1.6.10.167, time stamp: 0x58791a03

    Faulting module name: iCloudDrive_main.dll, version: 1.6.10.167, time stamp: 0x587e6920

    Exception code: 0xc0000005

    Fault offset: 0x0010025c

    Faulting process id: 0xfd0

    Faulting application start time: 0x01d2917a5da4e150

    Faulting application path: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe

    Faulting module path: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive_main.dll

    Report Id: e34a2a90-fd6d-11e6-b9b8-90e6ba591fe0


    Error: (02/27/2017 09:22:22 PM) (Source: DbxSvc) (EventID: 320) (User: )

    Description: (-2147024894) The system cannot find the file specified.


    Error: (02/27/2017 01:00:08 AM) (Source: Windows Backup) (EventID: 4103) (User: )

    Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).


    Error: (02/26/2017 04:39:31 AM) (Source: Windows Backup) (EventID: 4104) (User: )

    Description: The backup was not successful. The error is: There is not enough free space on the backup storage location to back up the data. (0x80780048).


    Error: (02/24/2017 03:24:55 PM) (Source: DbxSvc) (EventID: 320) (User: )

    Description: (-2147024894) The system cannot find the file specified.


    Error: (02/24/2017 03:06:17 PM) (Source: DbxSvc) (EventID: 320) (User: )

    Description: (-2147024894) The system cannot find the file specified.


    Error: (02/23/2017 10:55:24 PM) (Source: Application Error) (EventID: 1000) (User: )

    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18538, time stamp: 0x582749db

    Faulting module name: MSHTML.dll, version: 11.0.9600.18538, time stamp: 0x58275c38

    Exception code: 0xc0000005

    Fault offset: 0x002094df

    Faulting process id: 0xcfc

    Faulting application start time: 0x01d28e6134fd11d0

    Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

    Faulting module path: C:\Windows\system32\MSHTML.dll

    Report Id: d53cedb8-fa55-11e6-951c-90e6ba591fe0


    Error: (02/23/2017 08:13:16 AM) (Source: Application Error) (EventID: 1000) (User: )

    Description: Faulting application name: iCloudDrive.exe, version: 1.6.10.167, time stamp: 0x58791a03

    Faulting module name: iCloudDrive_main.dll, version: 1.6.10.167, time stamp: 0x587e6920

    Exception code: 0xc0000005

    Fault offset: 0x0010025c

    Faulting process id: 0x7d0

    Faulting application start time: 0x01d28de6a315efa0

    Faulting application path: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe

    Faulting module path: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive_main.dll

    Report Id: 993d6840-f9da-11e6-951c-90e6ba591fe0


    Error: (02/23/2017 08:07:22 AM) (Source: DbxSvc) (EventID: 320) (User: )

    Description: (-2147024894) The system cannot find the file specified.



    System errors:

    =============

    Error: (02/27/2017 09:32:28 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

    Description: The Windows Update service hung on starting.


    Error: (02/27/2017 09:29:57 PM) (Source: DCOM) (EventID: 10010) (User: )

    Description: The server {9E6E74C7-0E85-4D14-8851-7635E2C1C528} did not register with DCOM within the required timeout.


    Error: (02/27/2017 09:23:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID

    {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}

    and APPID

    {344ED43D-D086-4961-86A6-1106F4ACAD9B}

    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.


    Error: (02/27/2017 09:22:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

    Description: The following boot-start or system-start driver(s) failed to load:

    BdfNdisf

    bdftdif

    cdrom

    SBRE


    Error: (02/27/2017 09:16:29 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:

    An instance of the service is already running.


    Error: (02/27/2017 09:16:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

    Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.


    Error: (02/27/2017 09:16:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

    Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.


    Error: (02/27/2017 09:15:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

    Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).


    Error: (02/27/2017 09:15:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

    Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.


    Error: (02/27/2017 09:15:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

    Description: The SQL Server (UPSWSDBSERVER) service terminated unexpectedly. It has done this 1 time(s).



    CodeIntegrity:

    ===================================

    Date: 2015-08-03 17:53:44.366

    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


    Date: 2015-08-03 17:53:44.354

    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


    Date: 2015-08-03 17:53:44.337

    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


    Date: 2015-08-03 17:53:44.321

    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


    Date: 2015-08-03 17:53:44.240

    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


    Date: 2015-08-03 17:53:44.233

    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


    Date: 2015-08-03 17:53:44.227

    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


    Date: 2015-08-03 17:53:44.221

    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


    Date: 2015-08-03 17:53:43.443

    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


    Date: 2015-08-03 17:53:43.428

    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.



    ==================== Memory info ===========================


    Processor: AMD Athlon II X2 240 Processor

    Percentage of memory in use: 73%

    Total physical RAM: 3839.3 MB

    Available physical RAM: 1019.51 MB

    Total Virtual: 12837.49 MB

    Available Virtual: 10276.55 MB


    ==================== Drives ================================


    Drive c: (COMPAQ) (Fixed) (Total:455.94 GB) (Free:247.87 GB) NTFS

    Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.72 GB) (Free:1.42 GB) NTFS ==>[system with boot components (obtained from drive)]


    ==================== MBR & Partition Table ==================


    ========================================================

    Disk: 0 (Size: 465.8 GB) (Disk ID: 1549F232)

    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

    Partition 2: (Not Active) - (Size=455.9 GB) - (Type=07 NTFS)

    Partition 3: (Not Active) - (Size=9.7 GB) - (Type=07 NTFS)


    ==================== End of Addition.txt ============================



    ESET:



    C:\AdwCleaner\quarantine\files\asbffvqtenrfkfwyzdljdjjbakekpigx\adawaretb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application

    C:\AdwCleaner\quarantine\files\asbffvqtenrfkfwyzdljdjjbakekpigx\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application

    C:\AdwCleaner\quarantine\files\ionsgdvrxwkendvgxswbvknbiwrpduxx\Inbox.dll a variant of Win32/Toolbar.Inbox.J potentially unwanted application

    C:\AdwCleaner\quarantine\files\ugfnrbjlopcyrfaxiehwkhwrbqfqnbzc\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application

    C:\AdwCleaner\quarantine\files\ukfkcibqcccpsahasxbkkzzbzbzeqryo\Setup\BExternal.dll a variant of Win32/Toolbar.Babylon.F potentially unwanted application

    C:\AdwCleaner\quarantine\files\ukfkcibqcccpsahasxbkkzzbzbzeqryo\Setup\IECookieLow.dll a variant of Win32/Toolbar.Babylon.E potentially unwanted application

    C:\AdwCleaner\quarantine\files\ukfkcibqcccpsahasxbkkzzbzbzeqryo\Setup\Setup.exe a variant of Win32/Toolbar.Babylon.E potentially unwanted application

    C:\AdwCleaner\quarantine\files\urzytymfgkylsssvcajphxjqxmoyuqnx\adawaretb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application

    C:\AdwCleaner\quarantine\files\urzytymfgkylsssvcajphxjqxmoyuqnx\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application

    C:\DYMO Label\Downloads\Primo PDF\FreewarePrimoPDF.exe Win32/OpenCandy potentially unsafe application

    C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application

    C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawaretb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application

    C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application

    C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll a variant of Win32/Adware.Coupons.AA application

    C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll a variant of Win32/Adware.Coupons.AA application

    C:\Program Files (x86)\NCH Swift Sound\SoundTap\soundtap.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application

    C:\Program Files (x86)\NCH Swift Sound\SoundTap\stsetup_v2.00.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application

    C:\Program Files (x86)\NCH Swift Sound\SoundTap\uninst.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application

    C:\Users\Ron\Desktop\ccsetup525.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

    C:\Users\Ron\Downloads\cnet_tintii-2_5_2_exe.exe a variant of Win32/InstallCore.D potentially unwanted application

    C:\Users\Ron\Downloads\FlashPlayerPro.exe a variant of Win32/InstallCore.AFF.gen potentially unwanted application

    C:\Users\Ron\Downloads\MusicSetup(1).exe a variant of Win32/Toolbar.Inbox.L potentially unwanted application,Win32/Toolbar.Crawler.B potentially unwanted application

    C:\Users\Ron\Downloads\MusicSetup.exe a variant of Win32/Toolbar.Inbox.L potentially unwanted application,Win32/Toolbar.Crawler.B potentially unwanted application

    C:\Users\Ron\Downloads\pdflite_d3759449.exe a variant of Win32/InstallIQ.A potentially unwanted application

    C:\Users\Ron\Downloads\rcsetup149.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

    C:\Users\Ron\Downloads\setup-cnet.exe Win32/Toolbar.Zugo.A potentially unwanted application,a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application,Win32/Toolbar.Zugo.E potentially unwanted application,Win32/Toolbar.Zugo potentially unwanted application

    C:\Users\Ron\Downloads\UmmyVD-Web-Loader-[130-yt-WcvWd3y74Bc].exe a variant of Win32/Magicbit.D potentially unwanted application

    Autostart locations virus





    0
  • Support

    1. Eset's scanner found these adware in the computer:

    C:\DYMO Label\Downloads\Primo PDF
    C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    C:\Program Files (x86)\NCH Swift Sound\SoundTap

    You've to decide if you want to keep them anyway or if you want to uninstall them.


    2. These installation files are in the Downloads folder and they'll try to install adware during the installation or are unwanted in some other sense:

    C:\Users\Ron\Desktop\ccsetup525.exe
    C:\Users\Ron\Downloads\cnet_tintii-2_5_2_exe.exe
    C:\Users\Ron\Downloads\FlashPlayerPro.exe
    C:\Users\Ron\Downloads\MusicSetup(1).exe
    C:\Users\Ron\Downloads\MusicSetup.exe
    C:\Users\Ron\Downloads\pdflite_d3759449.exe
    C:\Users\Ron\Downloads\rcsetup149.exe
    C:\Users\Ron\Downloads\setup-cnet.exe
    C:\Users\Ron\Downloads\UmmyVD-Web-Loader-[130-yt-WcvWd3y74Bc].exe

    You've to decide if you want to keep them or not.


    3. Please, start Notepad.
    Copy all text that is in the box:


    CreateRestorePoint:
    CloseProcesses:
    HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (No File)
    ShortcutTarget: eFax 4.4.lnk -> C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe (No File)
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {8816804E-C5E1-411B-ACCC-DEB9C0021740} URL =
    SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {BA2C68D5-0C58-4043-8FC8-7AC3A4725332} URL =
    Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> No Name - {B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} - No File
    Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG10\Firefox4
    FF Extension: (AVG Safe Search) - C:\Program Files (x86)\AVG\AVG10\Firefox4 [2012-09-17] [not signed]
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\gcswf32.dll => No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll => No File
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File
    CHR Plugin: (AVG Internet Security) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll => No File
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [35456 2012-10-24] () [File not signed]
    R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-01] (GFI Software)
    S1 BdfNdisf; \??\c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [X]
    S1 bdftdif; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdftdif.sys [X]
    S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
    C:\ProgramData\Ad-Aware Browsing Protection
    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\ChromeHTML: -> <==== ATTENTION
    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {184C3844-9468-D082-12A8-3DE985889A47} => No File
    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {40DE96E7-9468-D082-B106-AFB185889A47} => No File
    Task: {82362E66-1F65-4AF2-95C9-7BB25D4B760E} - System32\Tasks\{52A341EC-FFC4-4969-B3CB-D11F0D781F43} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe" -c /AppMode=SETUP /Uninstall
    Task: {B5DB96E3-56F6-4106-AA61-09346EC76FB5} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
    Task: {CB06BE51-9DF6-46F8-9035-B07468322293} - System32\Tasks\{56023160-B799-4645-B063-AFFAE4234881} => pcalua.exe -a E:\setup.exe -d E:\
    MSCONFIG\Services: LavasoftAdAwareService11 => 2
    FirewallRules: [{58967C13-CDF9-4F3E-97D2-D1DED470D1FA}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe
    FirewallRules: [{5EDA4F80-FD2D-49B5-9409-AB6412D13910}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe
    FirewallRules: [{84CAE729-C8E8-4B5B-B202-4F9A88BBF192}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
    FirewallRules: [{EEDD2655-0487-4562-83BB-F92117D01005}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
    FirewallRules: [{7FCC12D4-2597-4725-AFAE-47EA39AE5769}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe
    FirewallRules: [{125DD76A-7F2C-4637-A34B-28AE6BBAC108}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe
    FirewallRules: [{4B3E40A2-5249-44A5-80C2-5489728F1408}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
    FirewallRules: [{D9AC19C1-0DAD-45FA-A6B5-6F5689434355}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
    FirewallRules: [{B74BF052-ABE8-4877-B1F1-2FD1395213AC}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe
    FirewallRules: [{BB9E8922-E01B-4497-BAB6-BA0DE0DB1363}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe
    FirewallRules: [{1575BDC3-DF99-4EC0-91D8-1603AD9B0E67}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
    FirewallRules: [{8B2BAFE7-F941-44F1-8D55-8D2C80E66CE7}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
    FirewallRules: [{B73FA5C0-B373-4929-B790-DF3A59970FE2}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe
    FirewallRules: [{AB15C78D-3377-475E-A700-3768463CCFF6}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe
    C:\Program Files (x86)\Lavasoft\
    Reboot:

    and paste in Notepad. Check that no files have been split on two lines.
    Save the file as fixlist.txt on the desktop.

    Exit all programs.
    Start FRST, please.
    Click the Fix button.
    Wait until the tool has finished.

    It creates a log file, called Fixlog.txt, on the desktop.
    Please, paste the content of that file in your reply.

     

     

    4. Do you see anything related to Ad-Aware now?

    0
  • Customer

    Fix result of Farbar Recovery Scan Tool (x64) Version: 27-02-2017 01

    Ran by Ron (28-02-2017 13:55:56) Run:1

    Running from C:\Users\Ron\Desktop

    Loaded Profiles: Ron (Available Profiles: Ron & LogMeInRemoteUser & Test & UpdatusUser & Employee Access)

    Boot Mode: Normal

    ==============================================


    fixlist content:

    *****************

    CreateRestorePoint:

    CloseProcesses:

    HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)

    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (No File)

    ShortcutTarget: eFax 4.4.lnk -> C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe (No File)

    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {8816804E-C5E1-411B-ACCC-DEB9C0021740} URL =

    SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {BA2C68D5-0C58-4043-8FC8-7AC3A4725332} URL =

    Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

    Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> No Name - {B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} - No File

    Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

    FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG10\Firefox4

    FF Extension: (AVG Safe Search) - C:\Program Files (x86)\AVG\AVG10\Firefox4 [2012-09-17] [not signed]

    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\gcswf32.dll => No File

    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File

    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File

    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File

    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File

    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File

    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File

    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File

    CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File

    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll => No File

    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File

    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File

    CHR Plugin: (AVG Internet Security) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll => No File

    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

    S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [35456 2012-10-24] () [File not signed]

    R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-01] (GFI Software)

    S1 BdfNdisf; \??\c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [X]

    S1 bdftdif; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdftdif.sys [X]

    S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]

    C:\ProgramData\Ad-Aware Browsing Protection

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\ChromeHTML: -> <==== ATTENTION

    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File

    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File

    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File

    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File

    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File

    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File

    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {184C3844-9468-D082-12A8-3DE985889A47} => No File

    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File

    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File

    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File

    CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {40DE96E7-9468-D082-B106-AFB185889A47} => No File

    Task: {82362E66-1F65-4AF2-95C9-7BB25D4B760E} - System32\Tasks\{52A341EC-FFC4-4969-B3CB-D11F0D781F43} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe" -c /AppMode=SETUP /Uninstall

    Task: {B5DB96E3-56F6-4106-AA61-09346EC76FB5} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe

    Task: {CB06BE51-9DF6-46F8-9035-B07468322293} - System32\Tasks\{56023160-B799-4645-B063-AFFAE4234881} => pcalua.exe -a E:\setup.exe -d E:\

    MSCONFIG\Services: LavasoftAdAwareService11 => 2

    FirewallRules: [{58967C13-CDF9-4F3E-97D2-D1DED470D1FA}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe

    FirewallRules: [{5EDA4F80-FD2D-49B5-9409-AB6412D13910}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe

    FirewallRules: [{84CAE729-C8E8-4B5B-B202-4F9A88BBF192}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe

    FirewallRules: [{EEDD2655-0487-4562-83BB-F92117D01005}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe

    FirewallRules: [{7FCC12D4-2597-4725-AFAE-47EA39AE5769}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe

    FirewallRules: [{125DD76A-7F2C-4637-A34B-28AE6BBAC108}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe

    FirewallRules: [{4B3E40A2-5249-44A5-80C2-5489728F1408}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe

    FirewallRules: [{D9AC19C1-0DAD-45FA-A6B5-6F5689434355}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe

    FirewallRules: [{B74BF052-ABE8-4877-B1F1-2FD1395213AC}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe

    FirewallRules: [{BB9E8922-E01B-4497-BAB6-BA0DE0DB1363}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe

    FirewallRules: [{1575BDC3-DF99-4EC0-91D8-1603AD9B0E67}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe

    FirewallRules: [{8B2BAFE7-F941-44F1-8D55-8D2C80E66CE7}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe

    FirewallRules: [{B73FA5C0-B373-4929-B790-DF3A59970FE2}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe

    FirewallRules: [{AB15C78D-3377-475E-A700-3768463CCFF6}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe

    C:\Program Files (x86)\Lavasoft\

    Reboot:

    *****************


    Restore point was successfully created.

    Processes closed successfully.

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Ad-Aware Browsing Protection => value removed successfully

    C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe => not found.

    C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe => not found.

    HKLM\SOFTWARE\Policies\Google => key removed successfully

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8816804E-C5E1-411B-ACCC-DEB9C0021740} => key removed successfully

    HKCR\CLSID\{8816804E-C5E1-411B-ACCC-DEB9C0021740} => key not found.

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BA2C68D5-0C58-4043-8FC8-7AC3A4725332} => key removed successfully

    HKCR\CLSID\{BA2C68D5-0C58-4043-8FC8-7AC3A4725332} => key not found.

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value removed successfully

    HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => key not found.

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} => value removed successfully

    HKCR\CLSID\{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} => key not found.

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully

    HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.

    HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4} => value removed successfully

    C:\Program Files (x86)\AVG\AVG10\Firefox4 => moved successfully

    HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully

    C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\gcswf32.dll => not found.

    C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => not found.

    C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => not found.

    C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => not found.

    C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => not found.

    C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => not found.

    C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => not found.

    C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => not found.

    C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => not found.

    c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll => not found.

    C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => not found.

    C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => not found.

    C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll => not found.

    HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => key removed successfully

    HKLM\System\CurrentControlSet\Services\gfiark => key removed successfully

    gfiark => service removed successfully

    gfibto => Service stopped successfully.

    HKLM\System\CurrentControlSet\Services\gfibto => key removed successfully

    gfibto => service removed successfully

    HKLM\System\CurrentControlSet\Services\BdfNdisf => key removed successfully

    BdfNdisf => service removed successfully

    HKLM\System\CurrentControlSet\Services\bdftdif => key removed successfully

    bdftdif => service removed successfully

    HKLM\System\CurrentControlSet\Services\SBRE => key removed successfully

    SBRE => service removed successfully

    C:\ProgramData\Ad-Aware Browsing Protection => moved successfully

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\ChromeHTML => key removed successfully

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => key removed successfully

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key removed successfully

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key removed successfully

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => key removed successfully

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98} => key removed successfully

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key removed successfully

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B} => key removed successfully

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => key removed successfully

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => key removed successfully

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => key removed successfully

    HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850} => key removed successfully

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82362E66-1F65-4AF2-95C9-7BB25D4B760E} => key removed successfully

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82362E66-1F65-4AF2-95C9-7BB25D4B760E} => key removed successfully

    C:\Windows\System32\Tasks\{52A341EC-FFC4-4969-B3CB-D11F0D781F43} => moved successfully

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{52A341EC-FFC4-4969-B3CB-D11F0D781F43} => key removed successfully

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5DB96E3-56F6-4106-AA61-09346EC76FB5} => key removed successfully

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5DB96E3-56F6-4106-AA61-09346EC76FB5} => key removed successfully

    C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan => moved successfully

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Antivirus Scheduled Scan => key removed successfully

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB06BE51-9DF6-46F8-9035-B07468322293} => key removed successfully

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB06BE51-9DF6-46F8-9035-B07468322293} => key removed successfully

    C:\Windows\System32\Tasks\{56023160-B799-4645-B063-AFFAE4234881} => moved successfully

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{56023160-B799-4645-B063-AFFAE4234881} => key removed successfully

    HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LavasoftAdAwareService11 => key removed successfully

    HKLM\System\CurrentControlSet\Services\LavasoftAdAwareService11 => key not found.

    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{58967C13-CDF9-4F3E-97D2-D1DED470D1FA} => value removed successfully

    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5EDA4F80-FD2D-49B5-9409-AB6412D13910} => value removed successfully

    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{84CAE729-C8E8-4B5B-B202-4F9A88BBF192} => value removed successfully

    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EEDD2655-0487-4562-83BB-F92117D01005} => value removed successfully

    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7FCC12D4-2597-4725-AFAE-47EA39AE5769} => value removed successfully

    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{125DD76A-7F2C-4637-A34B-28AE6BBAC108} => value removed successfully

    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4B3E40A2-5249-44A5-80C2-5489728F1408} => value removed successfully

    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D9AC19C1-0DAD-45FA-A6B5-6F5689434355} => value removed successfully

    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B74BF052-ABE8-4877-B1F1-2FD1395213AC} => value removed successfully

    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BB9E8922-E01B-4497-BAB6-BA0DE0DB1363} => value removed successfully

    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1575BDC3-DF99-4EC0-91D8-1603AD9B0E67} => value removed successfully

    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8B2BAFE7-F941-44F1-8D55-8D2C80E66CE7} => value removed successfully

    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B73FA5C0-B373-4929-B790-DF3A59970FE2} => value removed successfully

    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AB15C78D-3377-475E-A700-3768463CCFF6} => value removed successfully

    C:\Program Files (x86)\Lavasoft => moved successfully



    The system needed a reboot.


    ==== End of Fixlog 13:56:52 ====

    0
  • Support

    Good!

     

    Do you see anything related to Ad-Aware/adaware antivirus now?

    If not, you can try to install adaware antivirus.

    0
  • Customer

    Yes. There are still Adaware files on the C: drive.


    I did a windows file search using AdAware as the keyword got the following hits:




    Folder: C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613


    Folder C:\Program Files\Lavasoft\Ad-Aware Antivirus


    Folder C:\Program Files\Lavasoft\Ad-Aware Antivirus\AdAwareProxyEngine


    Folder C:\Program Files\Lavasoft\Ad-Aware Antivirus\AdAwareProxyEngine\1.0.0.8




    Foler: C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.129.0\extern\


    file: C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.129.0\extern\Ad-Aware.xml




    folder: C:\AdAwareProxyEngine


    folder: C:\AdwCleaner\quarantine\files


    folder: C:\Adaware SecureSearch Toolbar


    folder: C:\Adaware SecureSearch Toolbar\Chrome




    There are also still several items associated with FRST but I assume those can be deleted.




    There may have been other folders that matched in this search. The listing was so extensive I just limited this report to the folders I detected in the list. I didn't think you needed filenames inside the folders, but if you do let me know and I'll figure a way to transcribe them into a notepad list.




    BTW.... thanks for all the very good guidance.


    0
  • Support

    Can you delete these folders yourself or are there files in them that can't be deleted?

    C:\Program Files\Lavasoft

    C:\AdAwareProxyEngine

    C:\Adaware SecureSearch Toolbar

    0
  • Support

    As far as I know, it's the same installation file for adaware antivirus free and pro. The pro features can be enabled when you've entered your license key.

    https://www.adaware.com/user-guide/activation note the information below the first screen shot

     

    You're welcome, Ron

    0
  • Customer

    I deleted them. I purchased AdAware Pro but screwed up and clicked the download button on a still open AdAware page I visited earlier and ended up with AdAware Free installed. Can't find a place to enter the activation key, but that's a question for a different forum. Adaware Free is in and working perfectly.

     

    Thank you for all your extensive advice!

     

    Ron

    0
  • Customer

    My Free AdAware downloaded and installed without displaying those screens. If I go into App management it shows a key already entered and an expiration date in November (not a year from now.) Very strange. I never download programs from third party sites yet this worries me that I might have a bogus copy? There is a button for "Change Key". If I enter the Pro key will it convert to PRO?

    0
  • Support

    If I go into App management it shows a key already entered and an expiration date in November (not a year from now.)


    Can it be a year from when you installed Ad-Aware 11?

     

    I never download programs from third party sites yet this worries me that I might have a bogus copy?


    From which web site did you download adaware antivirus?

     

    If I enter the Pro key will it convert to PRO?


    It should but please check your keys at https://www.adaware.com/myadaware/loginpage first.

    0
  • Customer


    Can it be a year from when you installed Ad-Aware 11?

     

    From which web site did you download adaware antivirus?

     

    It should but please check your keys at https://www.adaware.com/myadaware/loginpage first.


    1. It could but I have no way of knowing for sure. I checked thru emails and records I keep in a password vault but found no match for that key. Admittedly those records are not complete.

    2. downloaded from Lavasoft.com

    3. My AdAware only shows the Pro version I bought the other day and one that expired in 2010. Neither key matches the key that showed up in the Free Version that was accidentally installed. I have no idea how the Free version ended up with a key already entered, especially after we went through the processes to completely eliminate all previous versions.

     

    Checking Windows task manager I see two AdAware processes running:


    AdAwareDesktop.exe C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareDesktop.exe


    AdAwareTray.exe C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareTray.exe


    Presumeably 12.0.649.11190 is the version and build. If you can verify this is a valid build number I will feel more comfortable that I have installed a bona fide AdAware Free program and not a knock off. That won't answer why there was already an activation key, but at least I can try entering the new Pro key I purchased and see what happens.


    If you would like the activation key that appeared in the free version I have it written down along with the expiration date and time if you would like to look into this further. Perhaps by checking sales records for that date 1 year previous it can be determined who that key was issued to. I assume you would want it sent securely so just let me know how to send it.

    0
  • Support

    You are welcome, Ron

     

    I'm glad it's been resolved and you've Pro again.

    0
  • Support

    2. Then it must be the correct file.

     

    The version and build numbers are correct.

     

    Since it's a key for the free version, I don't think adaware software (Lavasoft) want to spent any time investigating why you got it and if someone else has used it earlier (I've no access to their internal systems).

    0
  • Customer

    Thank you CeliaB.

     

    I activated Pro with the purchased key and everything went normally. I'm currently running a full scan.

     

    Again, thank you for all the fine effort and great guidance.

     

    You can consider this "ticket" closed with successful outcome. 5 stars for support.

     

    Ron

    0
  • Support

    Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.Everyone else please begin a New Topic.Thank you !

    0

Please sign in to leave a comment.