ronlee67

Members
  • Content Count

    13
  • Joined

  • Last visited

Community Reputation

0 Neutral

About ronlee67

  • Rank
    Member
  1. CeciliaB Are you serious? "Posted 02 March 2017 - 05:26 AM Hi again, Sorry, you can't get rid of the nag screen every second hour." I researched the problem of constant popupsfrom AdAware online before reading this reply. Along the way I accidentally came across a thread where customers of AVG also had this problem. There were miles and miles of complaints about this practice and AVG lost a lot of customers. As for me, I recently upgraded to a paid version of Adaware Pro and it has been downhill ever since. First I encountered the long delays in Windows explorer as it became very slow to list files. It also caused unacceptable delays for some programs to load. CeceliaB, you gracious and very competently led me through a series of tests to identify that problem and ultimately solved the issue. What you don't know is that the problem came back later. The process to clear that problem is just too time consuming to go thru again. But now that Adaware has followed in AVG's footsteps to put marketing of their products through the very same process of popups that I paid to prevent, and seeing AVG's failure to correct their ways, I am prone to think I'm headed for the same nightmare that AVG's customers experienced. I'm not a gamer, but the popups for AVG gamer customers was a deal breaker. It's a deal breaker for me too as I have work to do and don't need these frequent interruptions throughout my work day. I do a lot of work with DAW software (audio track editing) and the frequent stalls are intolerable and then to have AdAware popups to rub salt in the sore is unacceptable. Is there a warranty/customer satisfaction guarantee for Adaware Pro vers 12? I want my money back and will go to another antivirus software where these are not issues.
  2. Thank you CeliaB. I activated Pro with the purchased key and everything went normally. I'm currently running a full scan. Again, thank you for all the fine effort and great guidance. You can consider this "ticket" closed with successful outcome. 5 stars for support. Ron
  3. 1. It could but I have no way of knowing for sure. I checked thru emails and records I keep in a password vault but found no match for that key. Admittedly those records are not complete. 2. downloaded from Lavasoft.com 3. My AdAware only shows the Pro version I bought the other day and one that expired in 2010. Neither key matches the key that showed up in the Free Version that was accidentally installed. I have no idea how the Free version ended up with a key already entered, especially after we went through the processes to completely eliminate all previous versions. Checking Windows task manager I see two AdAware processes running: AdAwareDesktop.exe C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareDesktop.exe AdAwareTray.exe C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareTray.exe Presumeably 12.0.649.11190 is the version and build. If you can verify this is a valid build number I will feel more comfortable that I have installed a bona fide AdAware Free program and not a knock off. That won't answer why there was already an activation key, but at least I can try entering the new Pro key I purchased and see what happens. If you would like the activation key that appeared in the free version I have it written down along with the expiration date and time if you would like to look into this further. Perhaps by checking sales records for that date 1 year previous it can be determined who that key was issued to. I assume you would want it sent securely so just let me know how to send it.
  4. My Free AdAware downloaded and installed without displaying those screens. If I go into App management it shows a key already entered and an expiration date in November (not a year from now.) Very strange. I never download programs from third party sites yet this worries me that I might have a bogus copy? There is a button for "Change Key". If I enter the Pro key will it convert to PRO?
  5. I deleted them. I purchased AdAware Pro but screwed up and clicked the download button on a still open AdAware page I visited earlier and ended up with AdAware Free installed. Can't find a place to enter the activation key, but that's a question for a different forum. Adaware Free is in and working perfectly. Thank you for all your extensive advice! Ron
  6. I purchased the Pro version a few minutes ago. Got ahead of myself and clicked the download button on a Adaware web page that I had visited earlier and failed to close. I ended up installing the Free version by mistake. I rebooted after the install and AdAware Free is running normally. The home page has upgrade buttons for the other services available in the Pro version but clicking them only takes me to pages where I need to repurchase a license for Pro. I see no provision for activating my Pro license. Should I uninstall the Free version and start over using the link in the email? (I know, that's what I should have done in the first place. I just got mixed up when I saw the free download page that was visited before I made my purchase.) It seems logical to uninstall and install but I ask only because there had been problems in earlier version upgrades due to some AdAware elements that had not been automatically removed during uninstall processes. Hopefully that is no longer the case. Note: this computer has been completely cleared of all previous AdAware elements before the free version was installed using procedures provided in this forum.
  7. Yes. There are still Adaware files on the C: drive. I did a windows file search using AdAware as the keyword got the following hits: Folder: C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613 Folder C:\Program Files\Lavasoft\Ad-Aware Antivirus Folder C:\Program Files\Lavasoft\Ad-Aware Antivirus\AdAwareProxyEngine Folder C:\Program Files\Lavasoft\Ad-Aware Antivirus\AdAwareProxyEngine\1.0.0.8 Foler: C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.129.0\extern\ file: C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.129.0\extern\Ad-Aware.xml folder: C:\AdAwareProxyEngine folder: C:\AdwCleaner\quarantine\files folder: C:\Adaware SecureSearch Toolbar folder: C:\Adaware SecureSearch Toolbar\Chrome There are also still several items associated with FRST but I assume those can be deleted. There may have been other folders that matched in this search. The listing was so extensive I just limited this report to the folders I detected in the list. I didn't think you needed filenames inside the folders, but if you do let me know and I'll figure a way to transcribe them into a notepad list. BTW.... thanks for all the very good guidance.
  8. Fix result of Farbar Recovery Scan Tool (x64) Version: 27-02-2017 01 Ran by Ron (28-02-2017 13:55:56) Run:1 Running from C:\Users\Ron\Desktop Loaded Profiles: Ron (Available Profiles: Ron & LogMeInRemoteUser & Test & UpdatusUser & Employee Access) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: CloseProcesses: HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft) ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (No File) ShortcutTarget: eFax 4.4.lnk -> C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe (No File) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {8816804E-C5E1-411B-ACCC-DEB9C0021740} URL = SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {BA2C68D5-0C58-4043-8FC8-7AC3A4725332} URL = Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> No Name - {B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} - No File Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG10\Firefox4 FF Extension: (AVG Safe Search) - C:\Program Files (x86)\AVG\AVG10\Firefox4 [2012-09-17] [not signed] FF Plugin: @microsoft.com/GENUINE -> disabled [No File] CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\gcswf32.dll => No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll => No File CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File CHR Plugin: (AVG Internet Security) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll => No File CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [35456 2012-10-24] () [File not signed] R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-01] (GFI Software) S1 BdfNdisf; \??\c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [X] S1 bdftdif; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdftdif.sys [X] S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X] C:\ProgramData\Ad-Aware Browsing Protection HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\ChromeHTML: -> <==== ATTENTION CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {184C3844-9468-D082-12A8-3DE985889A47} => No File CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {40DE96E7-9468-D082-B106-AFB185889A47} => No File Task: {82362E66-1F65-4AF2-95C9-7BB25D4B760E} - System32\Tasks\{52A341EC-FFC4-4969-B3CB-D11F0D781F43} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe" -c /AppMode=SETUP /Uninstall Task: {B5DB96E3-56F6-4106-AA61-09346EC76FB5} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe Task: {CB06BE51-9DF6-46F8-9035-B07468322293} - System32\Tasks\{56023160-B799-4645-B063-AFFAE4234881} => pcalua.exe -a E:\setup.exe -d E:\ MSCONFIG\Services: LavasoftAdAwareService11 => 2 FirewallRules: [{58967C13-CDF9-4F3E-97D2-D1DED470D1FA}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe FirewallRules: [{5EDA4F80-FD2D-49B5-9409-AB6412D13910}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe FirewallRules: [{84CAE729-C8E8-4B5B-B202-4F9A88BBF192}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe FirewallRules: [{EEDD2655-0487-4562-83BB-F92117D01005}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe FirewallRules: [{7FCC12D4-2597-4725-AFAE-47EA39AE5769}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe FirewallRules: [{125DD76A-7F2C-4637-A34B-28AE6BBAC108}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe FirewallRules: [{4B3E40A2-5249-44A5-80C2-5489728F1408}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe FirewallRules: [{D9AC19C1-0DAD-45FA-A6B5-6F5689434355}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe FirewallRules: [{B74BF052-ABE8-4877-B1F1-2FD1395213AC}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe FirewallRules: [{BB9E8922-E01B-4497-BAB6-BA0DE0DB1363}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe FirewallRules: [{1575BDC3-DF99-4EC0-91D8-1603AD9B0E67}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe FirewallRules: [{8B2BAFE7-F941-44F1-8D55-8D2C80E66CE7}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe FirewallRules: [{B73FA5C0-B373-4929-B790-DF3A59970FE2}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe FirewallRules: [{AB15C78D-3377-475E-A700-3768463CCFF6}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe C:\Program Files (x86)\Lavasoft\ Reboot: ***************** Restore point was successfully created. Processes closed successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Ad-Aware Browsing Protection => value removed successfully C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe => not found. C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe => not found. HKLM\SOFTWARE\Policies\Google => key removed successfully HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8816804E-C5E1-411B-ACCC-DEB9C0021740} => key removed successfully HKCR\CLSID\{8816804E-C5E1-411B-ACCC-DEB9C0021740} => key not found. HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BA2C68D5-0C58-4043-8FC8-7AC3A4725332} => key removed successfully HKCR\CLSID\{BA2C68D5-0C58-4043-8FC8-7AC3A4725332} => key not found. HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value removed successfully HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => key not found. HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} => value removed successfully HKCR\CLSID\{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} => key not found. HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4} => value removed successfully C:\Program Files (x86)\AVG\AVG10\Firefox4 => moved successfully HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\gcswf32.dll => not found. C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => not found. C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => not found. C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => not found. C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => not found. C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => not found. C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => not found. C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => not found. C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => not found. c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll => not found. C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => not found. C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => not found. C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll => not found. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => key removed successfully HKLM\System\CurrentControlSet\Services\gfiark => key removed successfully gfiark => service removed successfully gfibto => Service stopped successfully. HKLM\System\CurrentControlSet\Services\gfibto => key removed successfully gfibto => service removed successfully HKLM\System\CurrentControlSet\Services\BdfNdisf => key removed successfully BdfNdisf => service removed successfully HKLM\System\CurrentControlSet\Services\bdftdif => key removed successfully bdftdif => service removed successfully HKLM\System\CurrentControlSet\Services\SBRE => key removed successfully SBRE => service removed successfully C:\ProgramData\Ad-Aware Browsing Protection => moved successfully HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\ChromeHTML => key removed successfully HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => key removed successfully HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key removed successfully HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key removed successfully HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => key removed successfully HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98} => key removed successfully HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key removed successfully HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B} => key removed successfully HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => key removed successfully HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => key removed successfully HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => key removed successfully HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82362E66-1F65-4AF2-95C9-7BB25D4B760E} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82362E66-1F65-4AF2-95C9-7BB25D4B760E} => key removed successfully C:\Windows\System32\Tasks\{52A341EC-FFC4-4969-B3CB-D11F0D781F43} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{52A341EC-FFC4-4969-B3CB-D11F0D781F43} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5DB96E3-56F6-4106-AA61-09346EC76FB5} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5DB96E3-56F6-4106-AA61-09346EC76FB5} => key removed successfully C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Antivirus Scheduled Scan => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB06BE51-9DF6-46F8-9035-B07468322293} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB06BE51-9DF6-46F8-9035-B07468322293} => key removed successfully C:\Windows\System32\Tasks\{56023160-B799-4645-B063-AFFAE4234881} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{56023160-B799-4645-B063-AFFAE4234881} => key removed successfully HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LavasoftAdAwareService11 => key removed successfully HKLM\System\CurrentControlSet\Services\LavasoftAdAwareService11 => key not found. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{58967C13-CDF9-4F3E-97D2-D1DED470D1FA} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5EDA4F80-FD2D-49B5-9409-AB6412D13910} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{84CAE729-C8E8-4B5B-B202-4F9A88BBF192} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EEDD2655-0487-4562-83BB-F92117D01005} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7FCC12D4-2597-4725-AFAE-47EA39AE5769} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{125DD76A-7F2C-4637-A34B-28AE6BBAC108} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4B3E40A2-5249-44A5-80C2-5489728F1408} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D9AC19C1-0DAD-45FA-A6B5-6F5689434355} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B74BF052-ABE8-4877-B1F1-2FD1395213AC} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BB9E8922-E01B-4497-BAB6-BA0DE0DB1363} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1575BDC3-DF99-4EC0-91D8-1603AD9B0E67} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8B2BAFE7-F941-44F1-8D55-8D2C80E66CE7} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B73FA5C0-B373-4929-B790-DF3A59970FE2} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AB15C78D-3377-475E-A700-3768463CCFF6} => value removed successfully C:\Program Files (x86)\Lavasoft => moved successfully The system needed a reboot. ==== End of Fixlog 13:56:52 ====
  9. Sorry it took a few days to locate a usb drive and make a full backup before performing this operation. # AdwCleaner v6.043 - Logfile created 27/02/2017 at 21:19:16 # Updated on 27/01/2017 by Malwarebytes # Database : 2017-02-28.1 [server] # Operating System : Windows 7 Home Premium Service Pack 1 (X64) # Username : Ron - SEMICHI # Running from : C:\Users\Ron\Desktop\adwcleaner_6.043.exe # Mode: Clean # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** [-] Service deleted: swdumon ***** [ Folders ] ***** [-] Folder deleted: C:\Users\Ron\AppData\Local\Babylon [-] Folder deleted: C:\Users\Ron\AppData\Local\Conduit [-] Folder deleted: C:\Users\Ron\AppData\Local\PackageAware [-] Folder deleted: C:\Users\Ron\AppData\Local\slimware utilities inc [#] Folder deleted on reboot: C:\Users\Ron\AppData\Local\SlimWare Utilities Inc [-] Folder deleted: C:\Users\Ron\AppData\LocalLow\adawaretb [-] Folder deleted: C:\Users\Ron\AppData\LocalLow\Conduit [-] Folder deleted: C:\Users\Ron\AppData\LocalLow\Inbox Toolbar [-] Folder deleted: C:\Users\Ron\AppData\LocalLow\PriceGong [-] Folder deleted: C:\Users\Ron\AppData\Roaming\AdvertismentImages [-] Folder deleted: C:\Users\Ron\AppData\Roaming\Babylon [-] Folder deleted: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Auto Updater [-] Folder deleted: C:\Users\Employee Access\AppData\LocalLow\adawaretb [-] Folder deleted: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\adawaretb [-] Folder deleted: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Inbox Toolbar [-] Folder deleted: C:\ProgramData\Auto Updater [-] Folder deleted: C:\ProgramData\blekko toolbars [-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar [-] Folder deleted: C:\Users\Public\Documents\Downloaded Installers [-] Folder deleted: C:\Program Files (x86)\adawaretb [-] Folder deleted: C:\Program Files (x86)\Auto Updater [-] Folder deleted: C:\Program Files (x86)\Conduit [-] Folder deleted: C:\Program Files (x86)\Inbox Toolbar [-] Folder deleted: C:\Program Files (x86)\Toolbar Cleaner [-] Folder deleted: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [-] Folder deleted: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\extensions\[email protected] [-] Folder deleted: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [-] Folder deleted: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole [-] Folder deleted: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\madakpajlmcpaodhfbekojajlhbdklol ***** [ Files ] ***** [-] File deleted: C:\Users\Ron\AppData\Local\Microsoft\Internet Explorer\DOMStore\IWRI2Z9F\fromdoctopdf.dl.myway[1].xml [-] File deleted: C:\Windows\SysNative\drivers\swdumon.sys [-] File deleted: C:\user.js ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** [!] Shortcut not deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Help.lnk [!] Shortcut not deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Inbox.com.lnk [!] Shortcut not deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Settings.lnk ***** [ Scheduled Tasks ] ***** [-] Task deleted: SlimCleaner Plus (Scheduled Scan - Ron) [-] Task deleted: SlimCleaner Plus (Scheduled Scan - Ron) ***** [ Registry ] ***** [-] Key deleted: HKLM\SOFTWARE\Classes\Toolbar.CT3209604 [-] Key deleted: HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr [-] Key deleted: HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 [-] Key deleted: HKLM\SOFTWARE\Classes\Inbox.AppServer [-] Key deleted: HKLM\SOFTWARE\Classes\Inbox.IBX404 [-] Key deleted: HKLM\SOFTWARE\Classes\Inbox.JSServer [-] Key deleted: HKLM\SOFTWARE\Classes\Inbox.JSServer2 [-] Key deleted: HKLM\SOFTWARE\Classes\Inbox.Toolbar [-] Key deleted: HKLM\SOFTWARE\Classes\Prod.cap [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1 [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1 [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Inbox.AppServer [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Inbox.IBX404 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Inbox.JSServer [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Inbox.JSServer2 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Inbox.Toolbar [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Prod.cap [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1 [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} [-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}] [-] Key deleted: HKU\.DEFAULT\Software\IGearSettings [-] Key deleted: HKU\.DEFAULT\Software\Auslogics [-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Inbox Toolbar [-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\InstallCore [-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\SlimWare Utilities Inc [-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Zugo [-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\AppDataLow\Software\adawarebp [-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\AppDataLow\Software\adawaretb [-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\AppDataLow\Software\ConduitSearchScopes [-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\AppDataLow\Software\PriceGong [-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1007\Software\AppDataLow\Software\adawarebp [-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1009\Software\AppDataLow\Software\adawarebp [-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1009\Software\AppDataLow\Software\adawaretb [#] Key deleted on reboot: HKU\S-1-5-18\Software\IGearSettings [#] Key deleted on reboot: HKU\S-1-5-18\Software\Auslogics [#] Key deleted on reboot: HKCU\Software\Inbox Toolbar [#] Key deleted on reboot: HKCU\Software\InstallCore [#] Key deleted on reboot: HKCU\Software\SlimWare Utilities Inc [#] Key deleted on reboot: HKCU\Software\Zugo [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\adawarebp [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\adawaretb [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\ConduitSearchScopes [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\PriceGong [-] Key deleted: HKLM\SOFTWARE\SLIMWARE UTILITIES, INC. [-] Key deleted: HKLM\SOFTWARE\adawaretb [-] Key deleted: HKLM\SOFTWARE\Babylon [-] Key deleted: HKLM\SOFTWARE\Conduit [-] Key deleted: HKLM\SOFTWARE\Freeze.com [-] Key deleted: HKLM\SOFTWARE\Inbox Toolbar [-] Key deleted: HKLM\SOFTWARE\InstallIQ [-] Key deleted: HKLM\SOFTWARE\SlimWare Utilities Inc [-] Key deleted: HKLM\SOFTWARE\Toolbar Cleaner [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1 [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoUpdater_is1 [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner [#] Key deleted on reboot: [x64] HKCU\Software\Inbox Toolbar [#] Key deleted on reboot: [x64] HKCU\Software\InstallCore [#] Key deleted on reboot: [x64] HKCU\Software\SlimWare Utilities Inc [#] Key deleted on reboot: [x64] HKCU\Software\Zugo [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\adawarebp [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\adawaretb [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\ConduitSearchScopes [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\PriceGong [-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\SearchScopes\{07FD3917-1596-4165-9C39-D78089ED0FD1} [-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec} [-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} [-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\SearchScopes\{7C560F43-CF86-4D10-BF85-D534839184F1} [-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\SearchScopes\{831AD50D-2C35-4C64-8FEE-E154A489B122} [-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1009\Software\Microsoft\Internet Explorer\SearchScopes\{07FD3917-1596-4165-9C39-D78089ED0FD1} [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{07FD3917-1596-4165-9C39-D78089ED0FD1} [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec} [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7C560F43-CF86-4D10-BF85-D534839184F1} [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{831AD50D-2C35-4C64-8FEE-E154A489B122} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{07FD3917-1596-4165-9C39-D78089ED0FD1} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec} [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{07FD3917-1596-4165-9C39-D78089ED0FD1} [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec} [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7C560F43-CF86-4D10-BF85-D534839184F1} [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{831AD50D-2C35-4C64-8FEE-E154A489B122} [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{07FD3917-1596-4165-9C39-D78089ED0FD1} [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\escort.DLL [-] Key deleted: HKLM\SOFTWARE\Classes\PROTOCOLS\handler\inbox [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\protocols\handler\inbox [-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole ***** [ Web browsers ] ***** [-] Chrome preferences cleaned: "browser.babylon.HPOnNewTab" - "search.babylon.com" [-] Chrome preferences cleaned: "browser.search.order.1" - "Search the web (Babylon)" [-] Chrome preferences cleaned: "browser.search.selectedEngine" - "blekko" [-] Chrome preferences cleaned: "extensions.BabylonToolbar.admin" - false [-] Chrome preferences cleaned: "extensions.BabylonToolbar.aflt" - "babsst" [-] Chrome preferences cleaned: "extensions.BabylonToolbar.babExt" - "" [-] Chrome preferences cleaned: "extensions.BabylonToolbar.babTrack" - "affID=109930" [-] Chrome preferences cleaned: "extensions.BabylonToolbar.bbDpng" - 30 [-] Chrome preferences cleaned: "extensions.BabylonToolbar.dfltSrch" - false [-] Chrome preferences cleaned: "extensions.BabylonToolbar.hmpg" - false [-] Chrome preferences cleaned: "extensions.BabylonToolbar.id" - "64107edb000000000000c0c1c06054e4" [-] Chrome preferences cleaned: "extensions.BabylonToolbar.instlDay" - "15420" [-] Chrome preferences cleaned: "extensions.BabylonToolbar.instlRef" - "sst" [-] Chrome preferences cleaned: "extensions.BabylonToolbar.lastDP" - 30 [-] Chrome preferences cleaned: "extensions.BabylonToolbar.lastVrsnTs" - "1.5.3.1721:52:39" [-] Chrome preferences cleaned: "extensions.BabylonToolbar.mntrFFxVrsn" - "17.0" [-] Chrome preferences cleaned: "extensions.BabylonToolbar.newTab" - true [-] Chrome preferences cleaned: "extensions.BabylonToolbar.newTabUrl" - "hxxp://search.babylon.com/?babsrc=NT_bb" [-] Chrome preferences cleaned: "extensions.BabylonToolbar.noFFXTlbr" - false [-] Chrome preferences cleaned: "extensions.BabylonToolbar.prdct" - "BabylonToolbar" [-] Chrome preferences cleaned: "extensions.BabylonToolbar.propectorlck" - 92904910 [-] Chrome preferences cleaned: "extensions.BabylonToolbar.prtkDS" - 1 [-] Chrome preferences cleaned: "extensions.BabylonToolbar.prtkHmpg" - 1 [-] Chrome preferences cleaned: "extensions.BabylonToolbar.prtnrId" - "babylon" [-] Chrome preferences cleaned: "extensions.BabylonToolbar.ptch_0717" - true [-] Chrome preferences cleaned: "extensions.BabylonToolbar.smplGrp" - "tzb" [-] Chrome preferences cleaned: "extensions.BabylonToolbar.srcExt" - "ss" [-] Chrome preferences cleaned: "extensions.BabylonToolbar.tlbrId" - "tb9" [-] Chrome preferences cleaned: "extensions.BabylonToolbar.vrsn" - "1.5.3.17" [-] Chrome preferences cleaned: "extensions.BabylonToolbar.vrsnTs" - "1.5.3.1721:52:39" [-] Chrome preferences cleaned: "extensions.BabylonToolbar.vrsni" - "1.5.3.17" [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.aflt" - "babsst" [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.babExt" - "" [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.babTrack" - "affID=109930" [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.hardId" - "64107edb000000000000c0c1c06054e4" [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.id" - "64107edb000000000000c0c1c06054e4" [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.instlDay" - "15420" [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.instlRef" - "sst" [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.newTab" - true [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.newTabUrl" - "hxxp://search.babylon.com/?AF=109930&babsrc=NT_ss&mntrId=64107edb000000000000c0c1c06054e4" [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.prdct" - "BabylonToolbar" [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.prtnrId" - "babylon" [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.smplGrp" - "none" [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.srcExt" - "ss" [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.tlbrId" - "tb9" [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.vrsn" - "1.5.3.17" [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.vrsnTs" - "1.5.3.1721:52:39" [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.vrsni" - "1.5.3.17" [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.babTrack" - "affID=109930" [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.babExt" - "" [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.srcExt" - "ss" [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.id" - "64107edb000000000000c0c1c06054e4" [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.hardId" - "64107edb000000000000c0c1c06054e4" [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.instlDay" - "15420" [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.vrsn" - "1.5.3.17" [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.vrsni" - "1.5.3.17" [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.vrsnTs" - "1.5.3.1721:52:39" [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.prtnrId" - "babylon" [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.prdct" - "BabylonToolbar" [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.aflt" - "babsst" [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.smplGrp" - "none" [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.tlbrId" - "tb9" [-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.instlRef" - "sst" [-] [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Deleted: ask.com_ [-] [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Deleted: aol.com [-] [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Deleted: ask.com [-] [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: bopakagnckmlgajfccecajhnimjiiedh [-] [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: jmfkcklnlgedgbglfkkgedjfmejoahla [-] [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: madakpajlmcpaodhfbekojajlhbdklol [-] [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: oejkcgajlodefenbbjdnaiahmbnnoole ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [20679 Bytes] - [27/02/2017 21:19:16] C:\AdwCleaner\AdwCleaner[s0].txt - [23967 Bytes] - [23/02/2017 23:42:29] C:\AdwCleaner\AdwCleaner[s1].txt - [24503 Bytes] - [27/02/2017 21:14:10] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [20901 Bytes] ########## Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-02-2017 01 Ran by Ron (administrator) on SEMICHI (27-02-2017 21:34:36) Running from C:\Users\Ron\Desktop Loaded Profiles: Ron (Available Profiles: Ron & LogMeInRemoteUser & Test & UpdatusUser & Employee Access) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Windows\System32\CISVC.EXE (Microsoft Corporation) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) C:\Program Files (x86)\MICROSOFT SQL SERVER\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (File Type Advisor) C:\Program Files (x86)\File Type Advisor\fileadvisor.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe () C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Google) C:\Users\Ron\AppData\Roaming\Google\Google Talk\googletalk.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Gadwin Systems) C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen64.exe (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe () C:\UPS\WSTD\UPSNA1Msgr.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Tethys Solutions, LLC) C:\Program Files (x86)\Launch-n-Go\HotKey.exe (Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe (Tethys Solutions, LLC) C:\Program Files (x86)\Launch-n-Go\HotKey.exe (Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe () C:\UPS\WSTD\WSTDMessaging.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [seagull Drivers] => ssdal_nc.exe startup HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.) HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2010-09-17] (LogMeIn, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2016-03-26] (Apple Inc.) HKLM-x32\...\Run: [NortonOnlineBackupReminder] => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED HKLM-x32\...\Run: [NA1Messenger] => C:\UPS\WSTD\UPSNA1Msgr.exe [24576 2009-12-01] () HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26781320 2017-02-21] (Dropbox, Inc.) HKLM-x32\...\Run: [DLSService] => C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe [55808 2009-09-29] (Sanford, L.P.) HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric) HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [brMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2017-01-13] (Apple Inc.) HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation) HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-04-01] (Google Inc.) HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1041736 2012-10-16] () HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.) HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-01-17] (Apple Inc.) HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-01-17] (Apple Inc.) HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [googletalk] => C:\Users\Ron\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google) HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [Google Update] => C:\Users\Ron\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.) HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [eM Client] => "C:\Program Files (x86)\eM Client\MailClient.exe" /startup HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [eFax 4.4] => "C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" /R HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd) HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-01-17] (Apple Inc.) HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1084688 2016-04-21] (Apple Inc.) HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [Gadwin PrintScreen (64-bit)] => C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen64.exe [14439584 2014-10-15] (Gadwin Systems) HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2017-02-19] (Siber Systems) HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\MountPoints2: {b0312b54-e9fc-11e4-beed-90e6ba591fe0} - F:\autorun.exe HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\MountPoints2: {ecfc6d99-6036-11e2-bea1-90e6ba591fe0} - F:\iStudio.exe HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\MountPoints2: {ecfc6fce-6036-11e2-bea1-90e6ba591fe0} - F:\iLinker.exe HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2016-02-22] ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2013-06-19] ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launch-n-Go Hotkeys.lnk [2010-04-30] ShortcutTarget: Launch-n-Go Hotkeys.lnk -> C:\Program Files (x86)\Launch-n-Go\HotKey.exe (Tethys Solutions, LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-06-09] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (No File) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk [2009-11-12] ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk [2010-03-11] ShortcutTarget: UPS WorldShip Messaging Utility.lnk -> C:\UPS\WSTD\WSTDMessaging.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk [2010-03-11] ShortcutTarget: UPS WorldShip PLD Reminder Utility.lnk -> C:\UPS\WSTD\wstdPldReminder.exe (UPS) Startup: C:\Users\Employee Access\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2013-11-14] ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk [2012-07-12] ShortcutTarget: eFax 4.4.lnk -> C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe (No File) Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2012-03-29] ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OUTLOOK.EXE - Shortcut.lnk [2016-09-12] ShortcutTarget: OUTLOOK.EXE - Shortcut.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{0E97319C-1499-443F-8DA1-F948B1EEF128}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{54A572E2-5771-4B92-B793-AB9A69B0E820}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{EC8C1B85-DABD-4F8E-B5DF-520CE2B95ECA}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {BA2C68D5-0C58-4043-8FC8-7AC3A4725332} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {BA2C68D5-0C58-4043-8FC8-7AC3A4725332} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {8816804E-C5E1-411B-ACCC-DEB9C0021740} URL = SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {BA2C68D5-0C58-4043-8FC8-7AC3A4725332} URL = BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-02-19] (Siber Systems Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.) BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-02-19] (Siber Systems Inc.) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-19] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-06-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-19] (Oracle Corporation) Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-02-19] (Siber Systems Inc.) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2013-06-19] (LastPass) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.) Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.) Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-02-19] (Siber Systems Inc.) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2013-06-19] (LastPass) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.) Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-02-19] (Siber Systems Inc.) Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.) Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> No Name - {B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} - No File Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab DPF: HKLM-x32 {106E49CF-797A-11D2-81A2-00E02C015623} hxxp://www.alternatiff.com/distribution/alternatiff-ax-w32-2.0.4.cab DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB DPF: HKLM-x32 {49232000-16E4-426C-A231-62846947304B} hxxps://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: HKLM-x32 {74F4F118-91E6-4AFC-B8D2-04066781F239} hxxps://www.member-data.com/rdc/EZTwainX.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1074 Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.) FireFox: ======== FF ProfilePath: C:\Users\Ron\AppData\Roaming\Mozilla\SeaMonkey\Profiles\6k0syyf3.default [2017-02-27] FF Extension: (ChatZilla) - C:\Users\Ron\AppData\Roaming\Mozilla\SeaMonkey\Profiles\6k0syyf3.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2015-04-22] [not signed] FF Extension: (JavaScript Debugger) - C:\Users\Ron\AppData\Roaming\Mozilla\SeaMonkey\Profiles\6k0syyf3.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2013-10-01] [not signed] FF ProfilePath: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default [2017-02-27] FF user.js: detected! => C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js [2017-02-27] FF Homepage: Mozilla\Firefox\Profiles\4luj5tdd.default -> hxxps://www.aspenshopsonline.com/a_1419control/login.php FF Keyword.URL: Mozilla\Firefox\Profiles\4luj5tdd.default -> hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF NetworkProxy: Mozilla\Firefox\Profiles\4luj5tdd.default -> type", 0 FF Extension: (iCloud Bookmarks) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\[email protected] [2014-02-26] [not signed] FF Extension: (SaveFrom.net - helper) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\[email protected] [2016-04-26] FF Extension: (Add Google Search To New Tab Page) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\[email protected] [2014-05-16] [not signed] FF Extension: (AmazonSmile 1Button for Firefox) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\[email protected] [2014-06-20] [not signed] FF Extension: (LastPass) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\[email protected] [2014-08-20] [not signed] FF Extension: (DNS Flusher) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\{7d575baa-b543-11dc-8314-0800200c9a66}.xpi [2014-09-20] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG10\Firefox4 FF Extension: (AVG Safe Search) - C:\Program Files (x86)\AVG\AVG10\Firefox4 [2012-09-17] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi FF Extension: (RoboForm Toolbar) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2017-02-19] FF HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Firefox\Extensions: [{D8555115-7DE9-11E1-826D-B8AC6F996F26}] - C:\Users\Ron\AppData\Local\{D8555115-7DE9-11E1-826D-B8AC6F996F26} FF Extension: (Translate This!) - C:\Users\Ron\AppData\Local\{D8555115-7DE9-11E1-826D-B8AC6F996F26} [2012-04-03] [not signed] FF HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] () FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-19] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-19] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @mozilla.zeniko.ch/PDFLite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [2014-02-26] (Simon Bünzli) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: @mozilla.zeniko.ch/PDFLite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [2014-02-26] (Simon Bünzli) FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Ron\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: @talk.google.com/O1DPlugin -> C:\Users\Ron\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: SkypePlugin -> C:\Users\Ron\AppData\Local\SkypePlugin\7.12.0.55\npGatewayNpapi.dll [2015-12-08] (Skype Technologies S.A.) FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: SkypePlugin64 -> C:\Users\Ron\AppData\Local\SkypePlugin\7.12.0.55\npGatewayNpapi-x64.dll [2015-12-08] (Skype Technologies S.A.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2011-03-18] (Coupons, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPEltr32.dll [2008-07-28] (UPS) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2011-03-18] (Coupons, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-09-30] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-09-30] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-09-30] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-09-30] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-09-30] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Ron\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Ron\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\gcswf32.dll => No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll => No File CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File CHR Plugin: (RoboForm Plugin for Google Chrome/Opera/etc.) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\plugin/rf-np-plugin.dll (Siber Systems Inc.) CHR Plugin: (AVG Internet Security) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll => No File CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll => No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll => No File CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Profile: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default [2017-02-27] CHR Extension: (Entanglement Web App) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2013-10-16] CHR Extension: (iCloud Bookmarks) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2016-04-24] CHR Extension: (LastPass: Free Password Manager) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-02-24] CHR Extension: (Poppit!) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-11-21] CHR Extension: (Chrome Web Store Payments) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-21] CHR Extension: (Chrome Media Router) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07] CHR Extension: (RoboForm Password Manager) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2017-02-16] CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-07] CHR HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - C:\Program Files (x86)\LastPass\lpchrome.crx [2013-06-19] CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-07] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric) S4 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.) S4 BRA_Scheduler; C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [99328 2015-01-14] () [File not signed] S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46408 2017-02-09] (Dropbox, Inc.) S4 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] () S4 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed] S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1039376 2017-01-16] (Garmin Ltd. or its subsidiaries) S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [File not signed] S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2013-06-07] (LogMeIn, Inc.) S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2013-06-07] (LogMeIn, Inc.) S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2010-11-08] (LogMeIn, Inc.) R2 MSSQL$UPSWSDBSERVER; c:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) S4 RunSwUSB; C:\Windows\runSW.exe [48856 2013-10-18] () S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) S4 WSWUSB6300; C:\Program Files (x86)\Linksys WUSB6300\WifiSvc.exe [312144 2013-07-22] () [File not signed] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [35456 2012-10-24] () [File not signed] R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-01] (GFI Software) S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-30] (Broadcom Corporation) R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.) S4 LMIRfsClientNP; no ImagePath R3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-13] (Microsoft Corporation) S3 NPF; C:\Windows\System32\drivers\NPF.sys [40464 2007-11-06] (CACE Technologies) S3 PcaSp50; C:\Windows\System32\Drivers\PcaSp50.sys [45624 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA)) S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2978520 2014-01-10] (Realtek Semiconductor Corporation ) R3 SPorts; C:\Windows\System32\DRIVERS\SPorts.sys [122880 2009-08-17] () S1 BdfNdisf; \??\c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [X] S1 bdftdif; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdftdif.sys [X] S3 dbx; system32\DRIVERS\dbx.sys [X] S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-27 21:33 - 2017-02-27 21:33 - 00000000 ____D C:\Users\Ron\Desktop\FRST-OlderVersion 2017-02-27 21:32 - 2017-02-27 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-02-25 22:50 - 2017-02-25 22:50 - 00000000 ____D C:\Users\Public\Obituary 2017-02-25 22:33 - 2017-02-25 22:33 - 00000000 ____D C:\Users\Ron\Launch-n-Go 2017-02-25 22:33 - 2017-02-25 22:33 - 00000000 ____D C:\Users\Ron\Instructiion Manuals 2017-02-25 22:32 - 2017-02-25 22:32 - 00000000 ____D C:\Users\Ron\Family Documents 2017-02-25 22:26 - 2017-02-25 22:27 - 00000000 ____D C:\Users\Ron\Desktop\signature images 2017-02-25 22:25 - 2017-02-25 22:25 - 00000000 ____D C:\Users\Ron\Farm 2017-02-25 22:22 - 2017-02-25 22:22 - 00001630 _____ C:\Users\Ron\Software licenses for GreatSitkin.txt 2017-02-25 19:29 - 2017-02-25 19:30 - 00000118 _____ C:\Users\Ron\Desktop\2017 BGAS POLL.txt 2017-02-25 17:20 - 2017-02-25 17:20 - 06971584 _____ (Tim Kosse) C:\Users\Ron\Downloads\FileZilla_3.24.1_win64-setup.exe 2017-02-24 15:48 - 2017-02-24 15:48 - 00000000 ____D C:\Users\Test\AppData\Local\ElevatedDiagnostics 2017-02-24 15:32 - 2017-02-24 15:32 - 00000000 ____D C:\Users\Employee Access\AppData\Roaming\Sun 2017-02-24 15:28 - 2017-02-24 15:29 - 00000000 ____D C:\Users\Employee Access\AppData\Local\Dropbox 2017-02-24 15:14 - 2017-02-24 15:14 - 00101580 _____ C:\Windows\ntbtlog.txt 2017-02-24 00:08 - 2017-02-24 00:10 - 00000000 ____D C:\brodnt 2017-02-23 23:40 - 2017-02-27 21:19 - 00000000 ____D C:\AdwCleaner 2017-02-23 23:36 - 2017-02-23 23:36 - 04015056 _____ C:\Users\Ron\Desktop\adwcleaner_6.043.exe 2017-02-23 06:53 - 2017-02-23 06:55 - 00081564 _____ C:\Users\Ron\Desktop\Addition.txt 2017-02-23 06:50 - 2017-02-27 21:37 - 00041570 _____ C:\Users\Ron\Desktop\FRST.txt 2017-02-23 06:50 - 2017-02-27 21:34 - 00000000 ____D C:\FRST 2017-02-23 06:49 - 2017-02-27 21:33 - 02423296 _____ (Farbar) C:\Users\Ron\Desktop\FRST64.exe 2017-02-22 09:00 - 2017-02-22 09:00 - 00000000 ____D C:\ProgramData\Lavasoft 2017-02-21 11:49 - 2017-02-21 11:49 - 00046184 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys 2017-02-21 11:49 - 2017-02-21 11:49 - 00046184 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys 2017-02-18 19:20 - 2017-02-18 19:20 - 00000321 _____ C:\Users\Ron\Downloads\Buffalo_Grass_Acoustic_Society.vcf 2017-02-16 23:26 - 2017-02-17 15:34 - 00000000 ____D C:\Users\Ron\Desktop\BGAS dailies 2017-02-14 11:57 - 2017-02-14 11:57 - 00000000 ____D C:\Users\Ron\AppData\Local\AdAwareUpdater 2017-02-14 11:54 - 2017-02-14 11:54 - 00000000 ____D C:\ProgramData\adaware 2017-02-12 20:33 - 2017-02-23 06:31 - 00010250 _____ C:\Users\Ron\Desktop\PRIZEGRAB.xlsx 2017-02-10 08:59 - 2017-02-10 08:59 - 00000055 _____ C:\Users\Ron\Desktop\Brad birthday ideas.txt 2017-02-09 01:33 - 2017-02-09 01:33 - 00046408 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe 2017-02-09 01:33 - 2017-02-09 01:33 - 00046184 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys 2017-02-05 20:03 - 2017-02-05 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs 2017-02-05 20:02 - 2017-02-05 20:02 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk 2017-02-05 20:02 - 2017-02-05 20:02 - 00001153 _____ C:\Users\Public\Desktop\Debut Video Capture Software.lnk 2017-02-04 21:31 - 2017-02-04 21:31 - 00002183 _____ C:\Users\Public\Desktop\Google Earth.lnk 2017-02-04 21:31 - 2017-02-04 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth 2017-02-01 13:03 - 2017-02-06 13:16 - 00000000 ____D C:\Users\Ron\Desktop\UPS Print Services 2017-02-01 11:31 - 2017-02-01 11:31 - 00004096 ____H C:\Users\Ron\AppData\Local\keyfile3.drm 2017-01-31 21:27 - 2017-01-31 21:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2017-01-31 21:25 - 2017-01-31 21:27 - 00000000 ____D C:\Program Files\iTunes 2017-01-31 21:25 - 2017-01-31 21:25 - 00000000 ____D C:\Program Files\iPod 2017-01-31 21:19 - 2017-01-31 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-27 21:34 - 2016-07-14 23:39 - 00000000 ____D C:\Users\Ron\AppData\Local\4B746940-4173-44A8-928A-9477EFAB0062.aplzod 2017-02-27 21:33 - 2013-02-21 19:02 - 00000000 ___RD C:\Users\Ron\Dropbox 2017-02-27 21:32 - 2015-10-08 20:49 - 00000000 ____D C:\Program Files (x86)\Dropbox 2017-02-27 21:30 - 2012-05-11 13:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2017-02-27 21:29 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\tracing 2017-02-27 21:27 - 2016-07-14 23:38 - 00000000 ___RD C:\Users\Ron\iCloudDrive 2017-02-27 21:27 - 2015-05-05 03:28 - 00000000 ____D C:\Users\Ron\AppData\Local\CrashDumps 2017-02-27 21:23 - 2012-07-23 13:04 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection 2017-02-27 21:22 - 2015-10-08 20:50 - 00000898 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2017-02-27 21:22 - 2011-09-17 15:11 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2017-02-27 21:22 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-02-27 21:21 - 2012-05-08 10:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-02-27 21:15 - 2015-10-08 20:50 - 00000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2017-02-27 20:35 - 2016-12-03 20:35 - 00000000 ____D C:\Users\Ron\AppData\Roaming\FileAdvisor 2017-02-27 14:17 - 2017-01-05 14:50 - 00000000 ____D C:\Users\Ron\AppData\LocalLow\Mozilla 2017-02-27 14:17 - 2016-08-23 16:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-02-27 13:43 - 2016-09-27 17:38 - 00000000 ____D C:\Users\Ron\Desktop\a-KCEG UPLOADS 2017-02-27 13:05 - 2016-03-20 21:39 - 00000000 ____D C:\Users\Ron\My IMS Projects 2017-02-27 04:15 - 2009-07-13 21:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-02-27 04:15 - 2009-07-13 21:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-02-26 23:59 - 2011-07-24 12:36 - 00000000 ____D C:\Users\Ron\AppData\Roaming\FileZilla 2017-02-26 19:00 - 2009-07-13 22:13 - 00857162 _____ C:\Windows\system32\PerfStringBackup.INI 2017-02-26 19:00 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf 2017-02-25 23:24 - 2015-08-07 11:26 - 00000000 ____D C:\MANUALS 2017-02-25 22:35 - 2015-08-01 18:17 - 00000000 ____D C:\Users\Ron\MEDICAL-HEALTH 2017-02-25 22:33 - 2010-01-27 01:03 - 00000000 ___RD C:\Users\Ron 2017-02-25 22:26 - 2013-03-15 13:39 - 01013248 ___SH C:\Users\Ron\Desktop\Thumbs.db 2017-02-25 22:26 - 2010-03-11 11:01 - 00000000 ____D C:\UPS 2017-02-24 15:50 - 2010-03-11 11:10 - 00000199 _____ C:\Windows\wstdUPSWSHIP.INI 2017-02-24 15:28 - 2013-11-14 17:44 - 00095744 _____ C:\Users\Employee Access\AppData\Local\GDIPFONTCACHEV1.DAT 2017-02-24 03:09 - 2013-07-21 02:01 - 00000000 ____D C:\Windows\system32\MRT 2017-02-24 03:02 - 2010-02-22 07:35 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-02-23 23:01 - 2014-09-28 18:19 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Audacity 2017-02-23 12:29 - 2016-03-28 23:02 - 00000000 ____D C:\Users\Ron\Aspen Shops 2017-02-23 08:13 - 2010-03-12 12:48 - 00000000 ____D C:\Users\Ron\AppData\Local\ElevatedDiagnostics 2017-02-23 08:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF 2017-02-23 07:13 - 2010-03-12 12:09 - 00000000 ____D C:\Program Files (x86)\Passkeeper 2017-02-22 15:27 - 2016-12-02 20:03 - 00000000 ____D C:\Users\Ron\AppData\Roaming\mp3tagpro 2017-02-22 13:13 - 2016-02-20 12:44 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-02-19 22:16 - 2010-03-12 12:55 - 00001082 _____ C:\Windows\Brpfx04a.ini 2017-02-19 22:15 - 2010-02-22 10:34 - 00000466 _____ C:\Windows\BRWMARK.INI 2017-02-19 12:41 - 2011-06-16 20:23 - 00004104 _____ C:\Windows\System32\Tasks\Open URL by RoboForm 2017-02-19 12:41 - 2011-03-16 22:53 - 00003486 _____ C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon 2017-02-19 12:33 - 2011-12-16 04:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm 2017-02-17 22:36 - 2016-02-21 01:05 - 00000000 ____D C:\Users\Ron\Desktop\TEMPORARY PICS 2017-02-17 13:20 - 2017-01-06 14:16 - 00000000 ____D C:\Users\Ron\AppData\Local\FileZilla 2017-02-16 23:26 - 2014-02-21 00:01 - 00000000 ____D C:\Users\Ron\BGAS 2017-02-16 14:11 - 2015-08-21 21:11 - 00000000 ____D C:\Users\Ron\Wilks Home Sale 2017-02-11 19:17 - 2016-06-05 23:41 - 00000861 _____ C:\Users\Public\Desktop\CCleaner.lnk 2017-02-11 19:12 - 2013-02-21 19:02 - 00001269 _____ C:\Users\Ron\Desktop\Dropbox.lnk 2017-02-10 19:55 - 2013-09-09 06:58 - 00268288 ___SH C:\Users\Ron\Thumbs.db 2017-02-09 15:29 - 2010-11-19 11:32 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForRon 2017-02-09 15:29 - 2010-11-19 11:32 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForRon.job 2017-02-09 15:27 - 2013-07-26 19:45 - 00000000 ____D C:\BGAS WEBFILES 2017-02-08 13:06 - 2017-01-08 00:52 - 00000000 ____D C:\Users\Ron\Desktop\SCRIPTS 2017 2017-02-08 01:35 - 2016-12-02 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mp3Tag Pro 9 2017-02-08 01:35 - 2016-12-02 20:03 - 00000000 ____D C:\Program Files (x86)\mp3Tag Pro 9 2017-02-06 13:31 - 2010-04-06 17:27 - 00002234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-05 20:11 - 2016-12-02 20:50 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software 2017-02-05 20:03 - 2016-12-08 02:15 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Free YouTube to MP3 Converter Studio 2017-02-05 20:03 - 2016-12-02 20:50 - 00000000 ____D C:\ProgramData\NCH Software 2017-02-05 20:03 - 2016-12-02 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite 2017-02-05 20:02 - 2011-09-29 09:10 - 00000000 ____D C:\Users\Ron\AppData\Roaming\NCH Software 2017-02-05 20:02 - 2010-04-07 17:40 - 00000000 ____D C:\Program Files (x86)\NCH Software 2017-02-04 21:31 - 2010-04-01 20:50 - 00000000 ____D C:\Program Files (x86)\Google 2017-02-02 13:44 - 2016-01-08 00:32 - 00002136 _____ C:\Users\Public\Desktop\FileZilla Client.lnk 2017-02-02 13:44 - 2011-07-24 12:36 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client 2017-02-02 02:20 - 2016-11-10 14:12 - 00000000 ____D C:\Users\Ron\Desktop\Linda - health-death 2017-02-01 13:11 - 2016-08-31 10:34 - 00000000 ____D C:\Users\Ron\Desktop\Jam Poster images 2017-01-31 21:25 - 2012-05-17 20:30 - 00000000 ____D C:\Program Files\Common Files\Apple 2017-01-31 10:00 - 2010-02-21 21:18 - 00000544 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job ==================== Files in the root of some directories ======= 2013-01-19 00:09 - 2013-01-19 00:10 - 0031126 __RSH () C:\Program Files (x86)\DLS8Uninstall.log 2013-06-19 22:54 - 2013-06-19 22:54 - 14880256 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe 2015-12-31 23:20 - 2016-04-18 20:14 - 0601088 _____ () C:\Users\Ron\AppData\Roaming\SharedSettings.ccs 2010-03-12 13:17 - 2014-11-05 20:43 - 0000258 _____ () C:\Users\Ron\AppData\Roaming\wklnhst.dat 2013-01-19 16:46 - 2016-10-21 12:45 - 0114176 _____ () C:\Users\Ron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2017-02-01 11:31 - 2017-02-01 11:31 - 0004096 ____H () C:\Users\Ron\AppData\Local\keyfile3.drm 2011-07-12 04:35 - 2013-09-08 23:15 - 0000600 _____ () C:\Users\Ron\AppData\Local\PUTTY.RND 2016-10-12 13:06 - 2016-10-12 13:06 - 0000837 _____ () C:\Users\Ron\AppData\Local\recently-used.xbel 2010-03-19 07:32 - 2016-09-29 21:09 - 0007606 _____ () C:\Users\Ron\AppData\Local\resmon.resmoncfg 2011-02-13 22:09 - 2011-02-13 22:09 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2015-10-01 09:12 - 2015-10-01 09:12 - 0010392 _____ () C:\ProgramData\regid.2015-09.com.zebra_382F6BCF-CF0F-4390-94F1-6CEF82FFFB02.swidtag Files to move or delete: ==================== C:\Users\Public\pass.dat C:\Users\Ron\en_res.dll C:\Users\Ron\es_res.dll C:\Users\Ron\fr_res.dll C:\Users\Ron\grm_res.dll C:\Users\Ron\it_res.dll C:\Users\Ron\jp_res.dll C:\Users\Ron\lyrics-finder.exe C:\Users\Ron\mfc80u.dll C:\Users\Ron\msvcr80.dll C:\Users\Ron\PCPE Setup.exe C:\Users\Ron\pt_res.dll C:\Users\Ron\ResourceReader.dll C:\Users\Ron\ripsetup.exe C:\Users\Ron\ru_res.dll C:\Users\Ron\zh_res.dll Some files in TEMP: ==================== 2013-11-29 18:48 - 2013-11-29 18:48 - 0000000 _____ () C:\Users\Employee Access\AppData\Local\Temp\c3bty7qd.dll 2016-12-02 20:50 - 2016-12-02 20:50 - 0875792 _____ (NCH Software) C:\Users\Ron\AppData\Local\Temp\burnsetup.exe 2017-02-05 20:02 - 2017-02-05 20:02 - 1681656 _____ (NCH Software) C:\Users\Ron\AppData\Local\Temp\debutsetup.exe 2016-12-16 19:17 - 2017-02-19 12:32 - 21360360 _____ (Siber Systems) C:\Users\Ron\AppData\Local\Temp\RoboForm-Setup.exe 2016-12-02 20:50 - 2016-12-02 20:50 - 0727784 _____ (NCH Software) C:\Users\Ron\AppData\Local\Temp\rpsetup.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-02-22 00:14\ ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2017 01 Ran by Ron (27-02-2017 21:38:43) Running from C:\Users\Ron\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2010-01-27 08:03:43) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1719432816-2042769076-3470656445-500 - Administrator - Disabled) Employee Access (S-1-5-21-1719432816-2042769076-3470656445-1009 - Limited - Enabled) => C:\Users\Employee Access Guest (S-1-5-21-1719432816-2042769076-3470656445-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-1719432816-2042769076-3470656445-1002 - Limited - Enabled) LogMeInRemoteUser (S-1-5-21-1719432816-2042769076-3470656445-1006 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser Ron (S-1-5-21-1719432816-2042769076-3470656445-1001 - Administrator - Enabled) => C:\Users\Ron Test (S-1-5-21-1719432816-2042769076-3470656445-1007 - Administrator - Enabled) => C:\Users\Test UpdatusUser (S-1-5-21-1719432816-2042769076-3470656445-1008 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version: - ) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated) Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated) Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated) Amazon Kindle (HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon) ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Artweaver 1.0 (HKLM-x32\...\{A025CFB8-64E7-4432-824F-11E7C5ED2ECE}_is1) (Version: 1.0 - Boris Eyrich Software) Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team) Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team) AudioConverter Studio 9.1 (HKLM-x32\...\AudioConverter Studio_is1) (Version: - ManiacTools.com) AutoHotkey 1.1.13.01 (HKLM\...\AutoHotkey) (Version: 1.1.13.01 - Lexikos) Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.) BitTorrent (HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\BitTorrent) (Version: 7.9.7.42331 - BitTorrent Inc.) Blueberry PDF Form Filler (x32 Version: 1.0.0.89 - Blueberry Consultants) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) BRAdmin Professional 3 (HKLM-x32\...\{75C885D4-C758-4896-A3B4-90DA34B44C31}) (Version: 3.58.0003 - Brother) Brother HL-4040CDN (HKLM-x32\...\{341F242E-90A8-471E-A72B-4306040E5416}) (Version: 1.00 - Brother) Brother MFL-Pro Suite MFC-7840W (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.0.1.0 - Brother Industries, Ltd.) CCC (x32 Version: 12.00.0000 - United Parcel Service, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Core FTP LE 2.1 (HKLM-x32\...\Core FTP LE 2.1) (Version: - ) Crimson Editor SVN286 (HKLM-x32\...\Crimson Editor SVN286) (Version: SVN286 - Emerald Editor Community) CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAZzle (HKLM-x32\...\DAZzle) (Version: - ) Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 3.07 - NCH Software) DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden Dropbox (HKLM-x32\...\Dropbox) (Version: 20.4.19 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.2.0.794 - Sanford, L.P.) DYMO LabelWriter Drivers (HKLM\...\{CE16D92B-50F3-4FC5-B29C-13FAFEE1A6C6}) (Version: 8.3.0.443 - Sanford L.P.) DYMO Printable Postage (HKLM-x32\...\Printable Postage.exe) (Version: 4.0 - Endicia Internet Postage) Elevated Installer (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden Evernote v. 6.1.2 (HKLM-x32\...\{A46ABD1E-2837-11E6-9E7C-005056951CAD}) (Version: 6.1.2.2292 - Evernote Corp.) Express Burn Disc Burning Software (HKLM-x32\...\ExpressBurn) (Version: 5.15 - NCH Software) Express Rip CD Ripper Software (HKLM-x32\...\ExpressRip) (Version: 1.97 - NCH Software) FastStone Image Viewer 4.0 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.0 - FastStone Soft) Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation) File Type Advisor 1.6 (HKLM-x32\...\File Type Advisor_is1) (Version: - ) FileZilla Client 3.24.0 (HKLM-x32\...\FileZilla Client) (Version: 3.24.0 - Tim Kosse) FlipShare (HKLM-x32\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video) FormsComponent (x32 Version: 12.00.0000 - UPS) Hidden FOSS (x32 Version: 12.50.0000 - UPS) Hidden Free M4a to MP3 Converter 9.3 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com) Free YouTube to MP3 Converter Studio 9.0 (HKLM-x32\...\Free YouTube to MP3 Converter Studio_is1) (Version: - mediaprolab.com) Gadwin PrintScreen (64-Bit) (HKLM\...\{819A52E1-0929-469A-BEB6-1AEBE0873CFC}) (Version: 5.4.2.0 - Gadwin Systems) Garmin Express (HKLM-x32\...\{9fbf4745-0038-4ed3-aee1-87af9b9ef8f1}) (Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team) GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 8.4.3.3 - Siber Systems) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.) Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google) Google Talk (remove only) (HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - ) Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Google Web Designer (HKLM\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 1.3.10.0 - Google Inc.) Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.) HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent) HP Media Vault Pro (HKLM-x32\...\{01ACF590-90FE-43EE-906E-EC051D587CA8}) (Version: 1.2.1.16218 - Hewlett-Packard) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 9.7.3 - Hewlett-Packard Company) HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard) HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard) HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard) HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard) ICCHelp (HKLM-x32\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 1.0.0.2 - UPS) iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.) IP Camera (HKLM-x32\...\IP Camera) (Version: - ) iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.) Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Korean Fonts Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5670-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated) LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) LastPass(uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass) Launch-n-Go (HKLM-x32\...\{7CE12FDF-B758-46A5-A8CD-785EDFDC5B84}) (Version: 2.0 - Tethys Solutions, LLC) LightScribe Diagnostic Utility (HKLM-x32\...\{8FE019AA-8C1C-46D3-A6CA-E45C5E332736}) (Version: 1.18.27.10 - LightScribe) LightScribe System Software (HKLM-x32\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe) Linksys Dual Band Wireless-AC USB Adapter (HKLM-x32\...\{C094F1A2-5EDF-4550-AE67-5FC1F4D2186F}) (Version: 1.0.0.22 - Linksys LLC) LogMeIn (HKLM-x32\...\{34F93E31-E1A0-421C-8E86-BCF7C4193A91}) (Version: 4.0.982 - LogMeIn, Inc.) LogMeIn (HKLM-x32\...\{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}) (Version: 4.1.1578 - LogMeIn, Inc.) MAMP & MAMP PRO version 3.2.2 (HKLM-x32\...\{A62E77D4-9B74-4CA0-A254-EFE711F7A298}_is1) (Version: 3.2.2 - appsolute Gmbh) Mega Video Converter 2.2 (HKLM-x32\...\Mega Video Converter_is1) (Version: - Mega Video Converter) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation) Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Access 2003 (HKLM-x32\...\{90150409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - ) Microsoft Office Outlook 2007 (HKLM-x32\...\OUTLOOKR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla) mp3Tag Pro 9.5 (HKLM-x32\...\mp3Tag Pro_is1) (Version: - ManiacTools.com) MSIChecker (x32 Version: 9.00.0000 - UPS) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.3.2 - MusicBrainz) NA1Messenger (x32 Version: 12.00.6000 - Your Company Name) Hidden NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.2.27.1 - NETGEAR Inc.) NETGEAR Powerline Utility (HKLM-x32\...\InstallShield_{2753B568-6F85-4E31-A114-A7F8D8606DDD}) (Version: 2.0.0.6 - NETGEAR Powerline) NETGEAR Powerline Utility (x32 Version: 2.0.0.6 - NETGEAR Powerline) Hidden Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.5 - ) NRF (x32 Version: 12.00.0000 - UPS) Hidden NTI DriveBackup! 4 (HKLM-x32\...\{651DF20A-B6D8-4C7A-BBD8-EBC5FC7CF1C1}) (Version: 4.8.35.0 - NewTech Infosystems) NTI Shadow 3 (HKLM-x32\...\{E9EB5689-4F76-4E3C-A675-5ED5F52AB890}) (Version: 3.8.2.59 - NewTech Infosystems) NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9739 - NVIDIA Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.6 - NVIDIA Corporation) NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation) NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation) Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Octoshape add-in for Adobe Flash Player) (Version: - ) ocxinstall (HKLM-x32\...\{1A2606DD-5E86-4ADA-954B-D98012A174E0}) (Version: 1.0.0.32 - apexis) OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation) OutlookTempCleaner (HKLM-x32\...\{6CBD7BE6-D9C7-4856-9B40-8C67037D1A72}) (Version: 1.2.0 - HowTo-Outlook) Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC) PDF reDirect (remove only) (HKLM-x32\...\PDF reDirect) (Version: v2.2.8 - EXP Systems LLC) PDFlite 1.0.0.0 (HKLM-x32\...\PDFlite) (Version: 1.0.0.0 - Amnis Technology Ltd) PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PolicyManager (x32 Version: 12.00.0000 - UPS) Hidden Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.) Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric) PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3405 - CyberLink Corp.) PowerDirector (x32 Version: 7.0.3405 - CyberLink Corp.) Hidden PreSonus Studio One 3 (HKLM-x32\...\PreSonus Studio One 3) (Version: 3.2.2.37876 - PreSonus Audio Electronics) PrimoPDF -- by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5.0.0.19 - Nitro PDF Software) PuTTY version 0.60 (HKLM-x32\...\PuTTY_is1) (Version: 0.60 - Simon Tatham) puzzle.watype.net/jigsawlite (HKLM-x32\...\net.watype.puzzle.jigsawlite.59CF40312C069B2E5F3F9C70D453B8E2C77D2E60.1) (Version: 0.18.2.20 - UNKNOWN) puzzle.watype.net/jigsawlite (x32 Version: 0.18.2 - UNKNOWN) Hidden PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6531 - Realtek Semiconductor Corp.) Reconciler (x32 Version: 12.00.0000 - UPS) Hidden RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 5.35 - NCH Software) Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden Recuva (HKLM\...\Recuva) (Version: 1.49 - Piriform) ReportServer (x32 Version: 12.00.0000 - Your Company Name) Hidden RoboForm 7-9-27-7 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-27-7 - Siber Systems) Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.) SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.) SecureTunnel Private Network (HKLM-x32\...\SecureTunnel Private Network 2.9.0) (Version: 2.9.0 - SecureTunnel.com) SecureTunnel Private Network (x32 Version: 2.9.0 - SecureTunnel.com) Hidden SiteSpinner Pro V2 (HKLM-x32\...\{8F2F5883-646E-472E-85B9-BBE5D6F37803}) (Version: 2.92.17 - Virtual Mechanics) Skype Web Plugin (HKLM-x32\...\{F6C18D35-D3EB-4AEA-B266-C2F11B6DB723}) (Version: 7.12.0.55 - Skype Technologies S.A.) Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.106 - Skype Technologies S.A.) SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: - NCH Software) StormPredator 3.6 (HKLM-x32\...\StormPredator_3.31) (Version: 3.6 - IntelliWeather, Inc) SupportUtility (x32 Version: 12.00.0000 - Your Company Name) Hidden System (x32 Version: 12.00.0000 - UPS) Hidden TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - ) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer) the LATEST VERSION OF THE GVJACKAPP (HKLM-x32\...\{GVJackAppUpdate-94F9C78F-EA53-45CA-B980-F3CBB199A2D5}_is1) (Version: - PCPhoneSoft.com) Tracks Live (HKLM\...\{7CDFC114-1808-4C24-B69C-9EE265F890FC}) (Version: 1.2 - Waves Audio) Ubuntu (HKLM-x32\...\Wubi) (Version: 12.04.1-rev273 - Ubuntu) UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.0.9.5 - uvnc bvba) UmmyVideoDownloader (HKLM-x32\...\{E028DBDA-EEE7-48A0-ADF7-D250589A02C5}_is1) (Version: 1.6.0.3 - ) <==== ATTENTION UnifiedPrinting (x32 Version: 12.00.0000 - UPS) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) UPS Thermal Printer Plugin - Version 8.10 (HKLM-x32\...\{BB2F9840-531D-4C8E-9F19-A101ECD9ABC0}) (Version: - ) UPS WorldShip (HKLM-x32\...\UPS WorldShip) (Version: 12.0 - UPS) UPSDB (x32 Version: 12.00.0000 - UPS) Hidden UPSICC (x32 Version: 1.0.0.16 - UPS) Hidden UPSlinkHTTP (x32 Version: 1.0.0.13 - UPS) Hidden UPSVCMM (x32 Version: 12.00.0000 - UPS) Hidden Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.) Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) VuePrint (HKLM-x32\...\VuePrint) (Version: - ) WebFilteringEngine (Version: 2.2.1.0 - Lavasoft) Hidden WebHelp (HKLM-x32\...\{8C5BD501-AD5D-4A75-9321-076509B438FC}) (Version: 1.00.0000 - UPS) Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) WinMerge 2.12.4 (HKLM-x32\...\WinMerge_is1) (Version: 2.12.4 - Thingamahoochie Software) WMA 9 Lossless to PCM Conversion Tool (HKLM-x32\...\wmal2pcm) (Version: - ) WorldShip (x32 Version: 12.00.0000 - UPS) Hidden ZebraNet Bridge 1_3_3 (HKLM-x32\...\{67A1CB41-3DCA-4872-9485-FFEDFF25C95C}) (Version: 1.3.302 - Zebra Technologies) ZyXEL PLA Series Utility (HKLM-x32\...\{65FB8889-07CF-4ECC-859D-927EA587A7C1}) (Version: 7.00.0004 - ZyXEL Communications Corp.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\ChromeHTML: -> <==== ATTENTION CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{147D75F3-19D5-4810-800D-7F50A02E8B60}\InprocServer32 -> C:\Users\Ron\AppData\Local\SkypePlugin\7.12.0.55\GatewayActiveX-x64.dll (Skype Technologies S.A.) CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {184C3844-9468-D082-12A8-3DE985889A47} => No File CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{B9BE850C-F3F7-48AD-BB5B-A0CDA0706DB5}\localserver32 -> C:\Users\Ron\AppData\Local\SkypePlugin\7.12.0.55\GatewayVersion-x64.exe (Skype Technologies S.A.) CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Ron\AppData\Local\SkypePlugin\7.12.0.55\EdgeCalling.exe (Skype Technologies S.A.) CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {40DE96E7-9468-D082-B106-AFB185889A47} => No File CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {018C8B41-7568-41E9-9B06-8F5E9EB86F21} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [2015-07-15] (File Type Advisor) Task: {0C45D057-3956-401D-9F80-E63391787284} - System32\Tasks\{DA0A0907-C0AE-4D7F-B317-61412A8F56F3} => pcalua.exe -a C:\Users\Ron\Desktop\setup.exe -d C:\Users\Ron\Desktop Task: {171EE4DF-0493-4CC0-A7E8-2C358D3D75E6} - System32\Tasks\{2CC58E79-14EC-4202-A6C7-D9D05FF2D1F7} => pcalua.exe -a C:\brodnt\HL-2170W\install\usa\inst\setup.exe -d C:\brodnt\HL-2170W\install\usa\inst Task: {1B617820-169F-4EFE-827B-E04640DD2476} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {1F7B9E04-3B56-42B4-9043-34B84CC81787} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxps://www.roboform.com/test-pass.html?aaa=KICMNJHMLJMMPMKJKMIMCNIMMJKJIMCNLMMJPMLJCNHMKJGMKMCNJMNMJMLJLJLJNJLJJJNJPMPMJNJICMIMCNGMCNNMIMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMNMOMLMJMJNHICMMJBJKJLIMJJNBJCMNKAJBJJNKJCMJNNICMJNDJCMKJBJJNMJCMOMFMH (the data entry has 44 more characters). Task: {35DE0D53-566B-4257-BEBD-8B51A6614734} - System32\Tasks\AutoUpdaterTask => C:\Program Files (x86)\Auto Updater\AutoUpdater.exe Task: {38CA567C-8D38-43E6-B376-9AF18BB37898} - System32\Tasks\{526058CB-A3FC-4B49-9384-E0C6BE1A8B2D} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation) Task: {45E20403-D863-4A27-A7BA-BF5249F92389} - System32\Tasks\{3541A9E2-1605-4FAD-8F96-438748432F9D} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation) Task: {4C8D2E40-464C-44E8-83FA-51C607B604CE} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2017-02-19] (Siber Systems) Task: {4FD35115-73D5-4D26-B767-FBC93DD15F5C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated) Task: {58C0C529-BC37-4337-B0A0-C08B2F5FAF41} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {5A3CEBFD-A8F0-4858-9E07-7E5249B5E4C3} - System32\Tasks\HPCeeScheduleForRon => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07] (Hewlett-Packard) Task: {5D634D2E-FFBB-4D93-9563-138AB8F66FB0} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMNJHMLJMMPMKJKMIMCNIMMJKJIMCNLMMJPMLJCNHMKJGMKMCNJMNMJMLJLJLJNJLJJJNJPMPMJNJICMIMCNNMCNHMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMNKAJBJJNKJCMJNNICMJNDJCMKJBJ" Task: {68F6F88A-2670-4CF5-BFFF-2BFFFD14F2A4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1719432816-2042769076-3470656445-1001UA => C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-28] (Google Inc.) Task: {7078C9F7-1CC5-4BD6-B8A0-26C5241F6879} - System32\Tasks\{9CFD2462-2C82-4C34-B8B5-EB1925AA4EBA} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation) Task: {7CF7CFB7-D44C-46BB-B50B-297DF727E8D6} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.) Task: {7FC36B8F-7346-4E96-A201-FCB59358456C} - System32\Tasks\{280F04D4-7E1E-4FFB-8BA1-B9C9DF95ED4B} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2015-12-29] (Skype Technologies S.A.) Task: {82362E66-1F65-4AF2-95C9-7BB25D4B760E} - System32\Tasks\{52A341EC-FFC4-4969-B3CB-D11F0D781F43} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe" -c /AppMode=SETUP /Uninstall Task: {8FBDA4A1-2911-4DA6-8505-2E6C550E3071} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.) Task: {9E191FCE-73EA-4502-8B5B-589C3880DF87} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.) Task: {9EFA47FE-7763-46CB-B61B-85A5BEB2778E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {B5DB96E3-56F6-4106-AA61-09346EC76FB5} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe Task: {CB06BE51-9DF6-46F8-9035-B07468322293} - System32\Tasks\{56023160-B799-4645-B063-AFFAE4234881} => pcalua.exe -a E:\setup.exe -d E:\ Task: {D3F54BCA-642F-4313-84B8-40C3C67C730D} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-01-16] () Task: {E8025BB0-CA5C-474B-9310-02A9A80C789C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1719432816-2042769076-3470656445-1001Core => C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-28] (Google Inc.) Task: {E94BAD03-5685-4E6D-B696-EA09F280530F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe Task: {EEDEE430-FBEC-4D69-B2A5-C0A9BA413A68} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd) Task: {F52D2128-CD63-4D46-9204-4470FEE35DD5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-13] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForRon.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe 5-fh scripts\monthly.xml ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Ron\images\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm Shortcut: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co ==================== Loaded Modules (Whitelisted) ============== 2008-08-04 23:07 - 2008-08-04 23:07 - 00064704 _____ () C:\Windows\System32\PDFreDirectMon64.dll 2010-03-24 23:13 - 2009-07-30 18:58 - 00090624 _____ () C:\Windows\System32\Primomonnt.dll 2011-06-18 14:27 - 2005-03-11 17:07 - 00087040 _____ () C:\Windows\System32\redmonnt.dll 2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2010-03-12 12:54 - 2005-04-22 13:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll 2017-01-13 12:10 - 2017-01-13 12:10 - 00052400 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2012-10-16 06:54 - 2012-10-16 06:54 - 01041736 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe 2009-12-01 21:36 - 2009-12-01 21:36 - 00024576 _____ () C:\UPS\WSTD\UPSNA1Msgr.exe 2009-12-01 21:39 - 2011-03-09 01:49 - 00422912 _____ () C:\UPS\WSTD\WSTDMessaging.exe 2012-09-24 23:06 - 2012-09-24 23:06 - 00122696 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe 2012-05-10 23:24 - 2012-05-10 23:24 - 02537472 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtCore4.dll 2012-05-09 19:34 - 2012-05-09 19:34 - 00011362 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\mingwm10.dll 2012-05-09 19:34 - 2012-05-09 19:34 - 00043008 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll 2012-05-10 23:24 - 2012-05-10 23:24 - 09814016 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtGui4.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 00478720 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 01553408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll 2012-05-10 23:24 - 2012-05-10 23:24 - 01140224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtNetwork4.dll 2012-05-10 23:24 - 2012-05-10 23:24 - 00399360 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtXml4.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 00229888 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 01062400 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll 2012-10-16 18:41 - 2012-10-16 18:41 - 03775488 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 00500736 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 00186368 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 01132032 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 08295424 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 01188352 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 00088064 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 00641536 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 00920064 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 00438272 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll 2012-05-10 23:24 - 2012-05-10 23:24 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif4.dll 2012-05-10 23:24 - 2012-05-10 23:24 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico4.dll 2012-05-10 23:24 - 2012-05-10 23:24 - 00287232 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg4.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 00150528 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll 2012-09-24 23:06 - 2012-09-24 23:06 - 01233389 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 00082432 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.DLL 2012-10-11 17:57 - 2012-10-11 17:57 - 00083968 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 00138752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 00702464 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 00504832 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 00116224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 00076288 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll 2017-01-13 13:56 - 2017-01-13 13:56 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2016-09-01 17:13 - 2016-09-01 17:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2017-01-13 13:56 - 2017-01-13 13:56 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll 2009-12-01 21:36 - 2009-12-01 21:36 - 00045056 _____ () C:\UPS\WSTD\PolicyMgr\UPS.Components.NA1MessengerServer.dll 2009-12-01 19:34 - 2009-12-01 19:34 - 00018944 _____ () C:\UPS\WSTD\UPSResourceManager.dll 2009-12-01 21:37 - 2009-12-01 21:37 - 00053248 _____ () C:\UPS\WSTD\PolicyMgr\UPS.Components.PolicyHolder.dll 2009-12-01 21:37 - 2009-12-01 21:37 - 00024576 _____ () C:\UPS\WSTD\PolicyMgr\Microsoft.ApplicationBlocks.Data.dll 2010-03-12 12:54 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2016-06-01 13:39 - 2016-06-01 13:39 - 00439480 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll 2016-06-01 13:39 - 2016-06-01 13:39 - 00321208 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll 2015-11-11 03:41 - 2015-11-11 03:41 - 00756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL 2017-02-06 13:30 - 2017-02-01 02:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll 2017-02-06 13:30 - 2017-02-01 02:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll 2017-02-27 21:31 - 2017-02-21 11:58 - 00802112 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll 2015-12-11 17:57 - 2017-01-25 14:03 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2015-12-11 17:57 - 2017-01-25 14:03 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2015-12-11 17:57 - 2017-01-25 14:03 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2015-12-11 17:57 - 2017-02-21 12:01 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2015-12-11 17:57 - 2017-01-25 14:03 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2017-02-27 21:31 - 2017-02-21 12:01 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2015-12-11 17:57 - 2017-01-25 14:04 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2017-02-27 21:31 - 2017-02-21 12:01 - 01682768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2017-02-27 21:31 - 2017-02-21 12:01 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2017-02-27 21:31 - 2017-01-25 14:03 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2017-02-27 21:31 - 2017-01-25 14:04 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd 2017-02-27 21:31 - 2017-01-25 14:03 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2015-12-11 17:57 - 2017-01-25 14:06 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2016-08-05 09:54 - 2017-02-21 12:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd 2017-02-27 21:31 - 2017-02-21 12:01 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2017-02-27 21:31 - 2017-02-21 12:01 - 00052544 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2015-12-11 17:57 - 2017-01-25 14:06 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2017-02-27 21:31 - 2017-01-25 14:03 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2017-02-27 21:31 - 2017-01-25 14:06 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2015-12-11 17:57 - 2017-01-25 14:06 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2015-12-11 17:57 - 2017-02-21 12:01 - 00381760 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2015-12-11 17:57 - 2017-01-25 14:06 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2016-08-05 09:54 - 2017-02-21 12:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd 2015-12-11 17:57 - 2017-01-25 14:06 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2015-12-11 17:57 - 2017-01-25 14:06 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2015-12-11 17:57 - 2017-01-25 14:06 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2015-12-11 17:57 - 2017-01-25 14:06 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2015-12-11 17:57 - 2017-01-25 14:06 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2015-12-11 17:57 - 2017-01-25 14:06 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd 2015-12-11 17:57 - 2017-01-25 14:06 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2017-02-27 21:31 - 2017-02-21 12:01 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd 2017-02-27 21:31 - 2017-02-21 12:01 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd 2016-08-05 09:54 - 2017-01-25 14:05 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd 2017-02-27 21:31 - 2017-02-21 12:01 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2015-12-11 17:57 - 2017-01-25 14:06 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2017-02-27 21:31 - 2017-02-21 12:01 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2015-12-11 17:57 - 2017-01-25 14:04 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2017-02-27 21:31 - 2017-02-21 12:01 - 01972536 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2017-02-27 21:31 - 2017-02-21 12:01 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2017-02-27 21:31 - 2017-02-21 12:01 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2017-02-27 21:32 - 2017-02-21 12:01 - 00053072 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd 2015-12-11 17:57 - 2017-02-21 12:01 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2017-02-27 21:31 - 2017-02-21 12:01 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2017-02-27 21:31 - 2017-02-21 12:01 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2017-02-27 21:31 - 2017-02-21 12:01 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2017-01-23 14:00 - 2017-02-21 12:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd 2017-01-23 14:00 - 2017-02-21 12:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd 2017-01-23 14:00 - 2017-02-21 12:01 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd 2017-01-23 14:00 - 2017-02-21 12:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd 2015-12-11 17:57 - 2017-01-25 14:06 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2016-02-12 03:03 - 2017-02-21 12:01 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd 2017-02-27 21:31 - 2017-02-21 12:01 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2017-02-27 21:31 - 2017-01-25 14:01 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2017-02-27 21:31 - 2017-02-21 12:01 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2017-02-27 21:31 - 2017-01-25 14:11 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll 2017-02-27 21:31 - 2017-01-25 14:11 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll 2017-02-27 21:31 - 2017-02-21 12:01 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd 2017-02-27 21:31 - 2017-02-21 12:01 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd 2017-02-27 21:31 - 2017-02-21 12:01 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd 2015-12-11 17:57 - 2017-01-25 14:06 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd 2016-08-05 09:54 - 2017-02-21 12:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd 2017-02-27 21:31 - 2017-02-21 12:01 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Classes\.exe: => <===== ATTENTION HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Classes\.scr: => <===== ATTENTION HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Classes\.bat: => <===== ATTENTION HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Classes\.com: => <===== ATTENTION HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Classes\.cmd: => <===== ATTENTION HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Classes\.reg: => <===== ATTENTION ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\member-data.com -> hxxps://www.member-data.com ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-04-26 20:36 - 2013-08-22 14:56 - 00000410 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 255.255.255.255 broadcasthost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AgereModemAudio => 2 MSCONFIG\Services: APC Data Service => 2 MSCONFIG\Services: APC UPS Service => 2 MSCONFIG\Services: Apple Mobile Device Service => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: BRA_Scheduler => 2 MSCONFIG\Services: dbupdate => 2 MSCONFIG\Services: dbupdatem => 3 MSCONFIG\Services: DbxSvc => 2 MSCONFIG\Services: GameConsoleService => 3 MSCONFIG\Services: Garmin Device Interaction Service => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: hpqwmiex => 3 MSCONFIG\Services: IDriverT => 3 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: LavasoftAdAwareService11 => 2 MSCONFIG\Services: LightScribeService => 2 MSCONFIG\Services: LMIGuardianSvc => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: nvsvc => 2 MSCONFIG\Services: nvUpdatusService => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: TeamViewer => 2 MSCONFIG\Services: WSWUSB6300 => 2 ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{04CFBCA5-D46F-4261-AF05-054C15FEA067}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE FirewallRules: [{CF3F4ACC-ECD5-462C-B096-B9AA9AD48612}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{02BE86F2-D561-42A0-AFF3-F123A0B12779}] => (Allow) svchost.exe FirewallRules: [{FA059FB8-007D-4D10-A57C-CC0DC49699D3}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe FirewallRules: [TCP Query User{96E0F301-D6AF-4D3D-B7B4-9CB51499FA9B}C:\program files (x86)\hewlett-packard\hp media vault pro\hpmvtray.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp media vault pro\hpmvtray.exe FirewallRules: [uDP Query User{D4E22FA9-D054-4F1C-8CE2-34EEFB651F6C}C:\program files (x86)\hewlett-packard\hp media vault pro\hpmvtray.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp media vault pro\hpmvtray.exe FirewallRules: [TCP Query User{53F41E42-E181-4A21-9590-E46DB8A5A190}C:\program files (x86)\hewlett-packard\hp media vault pro\nascfg.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp media vault pro\nascfg.exe FirewallRules: [uDP Query User{745AB414-2463-4574-B036-8EFA75FBFA22}C:\program files (x86)\hewlett-packard\hp media vault pro\nascfg.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp media vault pro\nascfg.exe FirewallRules: [{A5CA82CD-A30D-4D0D-BC53-AFDFF78FDE3B}] => (Allow) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe FirewallRules: [{B3EA48C0-18EF-460F-8101-8B0AF4C13CA8}] => (Allow) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe FirewallRules: [{EBAF833E-9F01-4B24-99B2-EF4647509BA3}] => (Allow) LPort=1434 FirewallRules: [{E4120D3E-A9C6-4892-B966-264C6BC48A67}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe FirewallRules: [{9899B5CC-1AC4-4253-B36C-D2A27E7D796B}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe FirewallRules: [{77F7158E-CEF0-41E4-BEA6-CF042B55A7BA}] => (Allow) LPort=54925 FirewallRules: [{F9AC21CC-ABFB-46E9-9142-C422AD900BD8}] => (Allow) LPort=2869 FirewallRules: [{AF9F98ED-72A3-4D41-BEE5-9A5921F0D6C8}] => (Allow) LPort=1900 FirewallRules: [{121C20F9-71F5-4E8F-BD65-86309D27865E}] => (Allow) C:\Program Files\UltraVNC\vncviewer.exe FirewallRules: [{C845D225-7045-4CB8-AAF6-4C19AE653FA6}] => (Allow) C:\Program Files\UltraVNC\vncviewer.exe FirewallRules: [{58967C13-CDF9-4F3E-97D2-D1DED470D1FA}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe FirewallRules: [{5EDA4F80-FD2D-49B5-9409-AB6412D13910}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe FirewallRules: [{84CAE729-C8E8-4B5B-B202-4F9A88BBF192}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe FirewallRules: [{EEDD2655-0487-4562-83BB-F92117D01005}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe FirewallRules: [{7FCC12D4-2597-4725-AFAE-47EA39AE5769}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe FirewallRules: [{125DD76A-7F2C-4637-A34B-28AE6BBAC108}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe FirewallRules: [{4B3E40A2-5249-44A5-80C2-5489728F1408}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe FirewallRules: [{D9AC19C1-0DAD-45FA-A6B5-6F5689434355}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe FirewallRules: [{B74BF052-ABE8-4877-B1F1-2FD1395213AC}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe FirewallRules: [{BB9E8922-E01B-4497-BAB6-BA0DE0DB1363}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe FirewallRules: [{1575BDC3-DF99-4EC0-91D8-1603AD9B0E67}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe FirewallRules: [{8B2BAFE7-F941-44F1-8D55-8D2C80E66CE7}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe FirewallRules: [{41C7AE45-BAD3-4A6F-AFC4-5CC0FF1510C7}] => (Allow) LPort=24726 FirewallRules: [{96402590-1298-4881-846A-F7EB65EF211B}] => (Allow) LPort=24727 FirewallRules: [{CF4E4349-0AFF-4356-93E1-178C84805906}] => (Allow) svchost.exe FirewallRules: [{EAA09862-6215-482A-B8A2-A6C7C83F23AC}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe FirewallRules: [TCP Query User{B249BE15-7982-4ACA-8447-C4F896C7997D}C:\windows\syswow64\ipcamera.exe] => (Allow) C:\windows\syswow64\ipcamera.exe FirewallRules: [uDP Query User{BF8F1B0C-8CD1-48B1-A22A-777DF22F1B88}C:\windows\syswow64\ipcamera.exe] => (Allow) C:\windows\syswow64\ipcamera.exe FirewallRules: [TCP Query User{22FF9D9F-11F8-499A-8B51-A68B23F4DC03}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [uDP Query User{94364BE9-2099-4CE7-BFEF-F83A8B6B1DFC}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [TCP Query User{FF22984D-FC8C-4728-B939-96B73E0276A9}C:\program files (x86)\samsung\intelli-studio\istudio.exe] => (Block) C:\program files (x86)\samsung\intelli-studio\istudio.exe FirewallRules: [uDP Query User{1006FE27-8BC6-4D74-BA72-A5BF703774BF}C:\program files (x86)\samsung\intelli-studio\istudio.exe] => (Block) C:\program files (x86)\samsung\intelli-studio\istudio.exe FirewallRules: [{B73FA5C0-B373-4929-B790-DF3A59970FE2}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe FirewallRules: [{AB15C78D-3377-475E-A700-3768463CCFF6}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe FirewallRules: [{0C5953A3-404B-48CF-AC3D-36B2F74079C3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{65AEBF1F-2B29-4B47-AE8E-3D653EAFF55C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{E4E747B7-FA5C-453E-B4DD-B9F7272188D3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{C624922B-2A83-496A-B626-D0B3AD93FC82}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{DE027B55-E711-4D09-97BA-B103C7238FF7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{EB32C7CE-C687-4FF6-B3EB-B615F6A381DF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{0F9D9F04-614F-4A7E-958A-59F422F756D0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{4B3071DE-6D84-4271-B303-770B2C3D3B39}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{91BD0D73-8E06-4F8F-93F5-205738B06BCA}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe FirewallRules: [{2902C0CE-9285-498E-ACCB-3B3FAE66530E}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe FirewallRules: [{E36AFE51-4C82-4EDA-B626-F17326893986}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe FirewallRules: [{1B7919B3-BEBB-421C-9019-7CCE21C37F8A}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe FirewallRules: [{727E9DD5-A32C-418E-9C18-3C88F0D5B27C}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe FirewallRules: [{DD32FDDC-EE86-46F5-A917-5D1494C338E7}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe FirewallRules: [{63E501F5-CBD5-458C-94FF-97F93EF55289}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe FirewallRules: [{109A1587-7F54-49AC-97B6-A677BACF145D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{34D57141-8198-452A-8C4C-545989FE1BCF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{57019B5F-F3C3-4987-83D0-20078E3E80CB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{6C809256-F108-4F94-94DB-6C37A8407BBD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{5E2B95F8-5265-4AAF-8A6D-05F7ADEB4C0C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{53D9A3E1-C3C9-4047-B990-E8643367EE8F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{E09EE821-C50D-4C5A-B645-C4D5B95CB311}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{BC13EABF-79A6-40EB-8457-9BB3AA57130F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{EC33304A-89A8-477B-9766-EAFC22B367FF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{BA2DAC2C-6E7B-4EF7-B306-554D8B3D161D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{234154C8-8698-482D-BDF4-9DD665CB03E2}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{6FE39A68-60CC-4A90-9993-6642BCB6FA83}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{9644C4AA-1CDB-43E5-AC42-1B991B935B3D}] => (Allow) C:\Users\Ron\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{08A19798-139F-46E4-82B4-27E6161ED1BC}] => (Allow) C:\Users\Ron\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{FFAFD776-7CF2-4644-9B06-F40778DADA97}] => (Allow) C:\Users\Ron\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{EF9903A1-EB6D-46EA-B231-8E2EF08169F5}] => (Allow) C:\Users\Ron\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{98DED0C1-5934-4C91-BC20-DA050893EDA5}] => (Allow) C:\Users\Ron\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{F429B5AF-9034-4A9B-98EA-B0A9F8DB2377}] => (Allow) C:\Users\Ron\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [TCP Query User{58829809-6052-4801-9F84-F51F3DB7D882}C:\program files (x86)\zebralink\zebranet bridge\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\zebralink\zebranet bridge\jre\bin\javaw.exe FirewallRules: [uDP Query User{6211E949-E850-4C49-8FF8-3A28FAD9A819}C:\program files (x86)\zebralink\zebranet bridge\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\zebralink\zebranet bridge\jre\bin\javaw.exe FirewallRules: [TCP Query User{63F4F807-1D24-442A-94BC-39FF19A77785}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [uDP Query User{3F1C97F7-306F-4F22-947D-2303C282BF62}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [TCP Query User{A4285092-38F4-4068-9DF2-32EEF72A6943}C:\mamp\bin\apache\bin\httpd.exe] => (Allow) C:\mamp\bin\apache\bin\httpd.exe FirewallRules: [uDP Query User{F96AE503-12BD-4681-B331-37D7B701D20A}C:\mamp\bin\apache\bin\httpd.exe] => (Allow) C:\mamp\bin\apache\bin\httpd.exe FirewallRules: [TCP Query User{E8D1ECE3-C62A-4A51-8D3C-EE2697173DAA}C:\mamp\bin\mysql\bin\mysqld.exe] => (Allow) C:\mamp\bin\mysql\bin\mysqld.exe FirewallRules: [uDP Query User{19CB9674-82E0-41E9-BBEE-A8FCBEC9B614}C:\mamp\bin\mysql\bin\mysqld.exe] => (Allow) C:\mamp\bin\mysql\bin\mysqld.exe FirewallRules: [{22E5D8EF-CD8C-4849-BF01-190C6D90BB37}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{88CB1EA0-AD13-4286-9A40-63347529240C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{D2415291-4194-454E-AE6B-DE3A025BF02E}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\NASCfg.exe] => Enabled:HP Media Vault Configuration DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\NASDriveMapper.exe] => Enabled:HP Media Vault DriveMapper DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\HPMVTray.exe] => Enabled:HP Media Vault Monitor DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\NASSelector.exe] => Enabled:HP Media Vault Selector StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\NASDriveMapper.exe] => Enabled:HP Media Vault DriveMapper StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\NASCfg.exe] => Enabled:HP Media Vault Configuration StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\HPMVTray.exe] => Enabled:HP Media Vault Monitor StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\NASSelector.exe] => Enabled:HP Media Vault Selector ==================== Restore Points ========================= 22-02-2017 00:21:26 Scheduled Checkpoint 22-02-2017 13:37:41 Windows Update 24-02-2017 03:00:15 Windows Update 25-02-2017 23:54:48 Windows Backup 26-02-2017 12:26:07 Windows Backup ==================== Faulty Device Manager Devices ============= Name: SBRE Description: SBRE Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: SBRE Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: BitDefender Firewall NDIS 6 Filter Driver Description: BitDefender Firewall NDIS 6 Filter Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: BdfNdisf Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: bdftdif Description: bdftdif Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: bdftdif Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (02/27/2017 09:32:18 PM) (Source: DbxSvc) (EventID: 270) (User: ) Description: (-2145452013) The system could not find the filter specified. Error: (02/27/2017 09:25:09 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iCloudDrive.exe, version: 1.6.10.167, time stamp: 0x58791a03 Faulting module name: iCloudDrive_main.dll, version: 1.6.10.167, time stamp: 0x587e6920 Exception code: 0xc0000005 Fault offset: 0x0010025c Faulting process id: 0xfd0 Faulting application start time: 0x01d2917a5da4e150 Faulting application path: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe Faulting module path: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive_main.dll Report Id: e34a2a90-fd6d-11e6-b9b8-90e6ba591fe0 Error: (02/27/2017 09:22:22 PM) (Source: DbxSvc) (EventID: 320) (User: ) Description: (-2147024894) The system cannot find the file specified. Error: (02/27/2017 01:00:08 AM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006). Error: (02/26/2017 04:39:31 AM) (Source: Windows Backup) (EventID: 4104) (User: ) Description: The backup was not successful. The error is: There is not enough free space on the backup storage location to back up the data. (0x80780048). Error: (02/24/2017 03:24:55 PM) (Source: DbxSvc) (EventID: 320) (User: ) Description: (-2147024894) The system cannot find the file specified. Error: (02/24/2017 03:06:17 PM) (Source: DbxSvc) (EventID: 320) (User: ) Description: (-2147024894) The system cannot find the file specified. Error: (02/23/2017 10:55:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18538, time stamp: 0x582749db Faulting module name: MSHTML.dll, version: 11.0.9600.18538, time stamp: 0x58275c38 Exception code: 0xc0000005 Fault offset: 0x002094df Faulting process id: 0xcfc Faulting application start time: 0x01d28e6134fd11d0 Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: C:\Windows\system32\MSHTML.dll Report Id: d53cedb8-fa55-11e6-951c-90e6ba591fe0 Error: (02/23/2017 08:13:16 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iCloudDrive.exe, version: 1.6.10.167, time stamp: 0x58791a03 Faulting module name: iCloudDrive_main.dll, version: 1.6.10.167, time stamp: 0x587e6920 Exception code: 0xc0000005 Fault offset: 0x0010025c Faulting process id: 0x7d0 Faulting application start time: 0x01d28de6a315efa0 Faulting application path: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe Faulting module path: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive_main.dll Report Id: 993d6840-f9da-11e6-951c-90e6ba591fe0 Error: (02/23/2017 08:07:22 AM) (Source: DbxSvc) (EventID: 320) (User: ) Description: (-2147024894) The system cannot find the file specified. System errors: ============= Error: (02/27/2017 09:32:28 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Windows Update service hung on starting. Error: (02/27/2017 09:29:57 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {9E6E74C7-0E85-4D14-8851-7635E2C1C528} did not register with DCOM within the required timeout. Error: (02/27/2017 09:23:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (02/27/2017 09:22:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: BdfNdisf bdftdif cdrom SBRE Error: (02/27/2017 09:16:29 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running. Error: (02/27/2017 09:16:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (02/27/2017 09:16:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (02/27/2017 09:15:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s). Error: (02/27/2017 09:15:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (02/27/2017 09:15:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The SQL Server (UPSWSDBSERVER) service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity: =================================== Date: 2015-08-03 17:53:44.366 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-08-03 17:53:44.354 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-08-03 17:53:44.337 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-08-03 17:53:44.321 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-08-03 17:53:44.240 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-08-03 17:53:44.233 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-08-03 17:53:44.227 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-08-03 17:53:44.221 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-08-03 17:53:43.443 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-08-03 17:53:43.428 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. ==================== Memory info =========================== Processor: AMD Athlon II X2 240 Processor Percentage of memory in use: 73% Total physical RAM: 3839.3 MB Available physical RAM: 1019.51 MB Total Virtual: 12837.49 MB Available Virtual: 10276.55 MB ==================== Drives ================================ Drive c: (COMPAQ) (Fixed) (Total:455.94 GB) (Free:247.87 GB) NTFS Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.72 GB) (Free:1.42 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 1549F232) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=455.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=9.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ ESET: C:\AdwCleaner\quarantine\files\asbffvqtenrfkfwyzdljdjjbakekpigx\adawaretb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application C:\AdwCleaner\quarantine\files\asbffvqtenrfkfwyzdljdjjbakekpigx\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application C:\AdwCleaner\quarantine\files\ionsgdvrxwkendvgxswbvknbiwrpduxx\Inbox.dll a variant of Win32/Toolbar.Inbox.J potentially unwanted application C:\AdwCleaner\quarantine\files\ugfnrbjlopcyrfaxiehwkhwrbqfqnbzc\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application C:\AdwCleaner\quarantine\files\ukfkcibqcccpsahasxbkkzzbzbzeqryo\Setup\BExternal.dll a variant of Win32/Toolbar.Babylon.F potentially unwanted application C:\AdwCleaner\quarantine\files\ukfkcibqcccpsahasxbkkzzbzbzeqryo\Setup\IECookieLow.dll a variant of Win32/Toolbar.Babylon.E potentially unwanted application C:\AdwCleaner\quarantine\files\ukfkcibqcccpsahasxbkkzzbzbzeqryo\Setup\Setup.exe a variant of Win32/Toolbar.Babylon.E potentially unwanted application C:\AdwCleaner\quarantine\files\urzytymfgkylsssvcajphxjqxmoyuqnx\adawaretb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application C:\AdwCleaner\quarantine\files\urzytymfgkylsssvcajphxjqxmoyuqnx\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application C:\DYMO Label\Downloads\Primo PDF\FreewarePrimoPDF.exe Win32/OpenCandy potentially unsafe application C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawaretb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll a variant of Win32/Adware.Coupons.AA application C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll a variant of Win32/Adware.Coupons.AA application C:\Program Files (x86)\NCH Swift Sound\SoundTap\soundtap.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application C:\Program Files (x86)\NCH Swift Sound\SoundTap\stsetup_v2.00.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application C:\Program Files (x86)\NCH Swift Sound\SoundTap\uninst.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application C:\Users\Ron\Desktop\ccsetup525.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Users\Ron\Downloads\cnet_tintii-2_5_2_exe.exe a variant of Win32/InstallCore.D potentially unwanted application C:\Users\Ron\Downloads\FlashPlayerPro.exe a variant of Win32/InstallCore.AFF.gen potentially unwanted application C:\Users\Ron\Downloads\MusicSetup(1).exe a variant of Win32/Toolbar.Inbox.L potentially unwanted application,Win32/Toolbar.Crawler.B potentially unwanted application C:\Users\Ron\Downloads\MusicSetup.exe a variant of Win32/Toolbar.Inbox.L potentially unwanted application,Win32/Toolbar.Crawler.B potentially unwanted application C:\Users\Ron\Downloads\pdflite_d3759449.exe a variant of Win32/InstallIQ.A potentially unwanted application C:\Users\Ron\Downloads\rcsetup149.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Users\Ron\Downloads\setup-cnet.exe Win32/Toolbar.Zugo.A potentially unwanted application,a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application,Win32/Toolbar.Zugo.E potentially unwanted application,Win32/Toolbar.Zugo potentially unwanted application C:\Users\Ron\Downloads\UmmyVD-Web-Loader-[130-yt-WcvWd3y74Bc].exe a variant of Win32/Magicbit.D potentially unwanted application Autostart locations virus
  10. # AdwCleaner v6.043 - Logfile created 23/02/2017 at 23:42:29 # Updated on 27/01/2017 by Malwarebytes # Database : 2017-02-23.4 [server] # Operating System : Windows 7 Home Premium Service Pack 1 (X64) # Username : Ron - SEMICHI # Running from : C:\Users\Ron\Desktop\adwcleaner_6.043.exe # Mode: Scan # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** Service Found: swdumon ***** [ Folders ] ***** Folder Found: C:\Users\Ron\AppData\Local\Babylon Folder Found: C:\Users\Ron\AppData\Local\Conduit Folder Found: C:\Users\Ron\AppData\Local\PackageAware Folder Found: C:\Users\Ron\AppData\Local\slimware utilities inc Folder Found: C:\Users\Ron\AppData\Local\SlimWare Utilities Inc Folder Found: C:\Users\Ron\AppData\LocalLow\adawaretb Folder Found: C:\Users\Ron\AppData\LocalLow\Conduit Folder Found: C:\Users\Ron\AppData\LocalLow\Inbox Toolbar Folder Found: C:\Users\Ron\AppData\LocalLow\PriceGong Folder Found: C:\Users\Ron\AppData\Roaming\AdvertismentImages Folder Found: C:\Users\Ron\AppData\Roaming\Babylon Folder Found: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Auto Updater Folder Found: C:\Users\Employee Access\AppData\LocalLow\adawaretb Folder Found: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\adawaretb Folder Found: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Inbox Toolbar Folder Found: C:\ProgramData\Auto Updater Folder Found: C:\ProgramData\blekko toolbars Folder Found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar Folder Found: C:\Users\Public\Documents\Downloaded Installers Folder Found: C:\Program Files (x86)\adawaretb Folder Found: C:\Program Files (x86)\Auto Updater Folder Found: C:\Program Files (x86)\Conduit Folder Found: C:\Program Files (x86)\Inbox Toolbar Folder Found: C:\Program Files (x86)\Toolbar Cleaner Folder Found: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} Folder Found: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\extensions\[email protected] Folder Found: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla Folder Found: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole Folder Found: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\madakpajlmcpaodhfbekojajlhbdklol ***** [ Files ] ***** File Found: C:\Users\Ron\AppData\Local\Microsoft\Internet Explorer\DOMStore\IWRI2Z9F\fromdoctopdf.dl.myway[1].xml File Found: C:\Windows\SysNative\drivers\swdumon.sys File Found: C:\user.js ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious keys found. ***** [ Shortcuts ] ***** Shortcut infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Help.lnk ( /showurl hxxp://www2.inbox.com/faq.aspx ) Shortcut infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Inbox.com.lnk ( /showurl hxxp://www.inbox.com/homepage.aspx?tbid=80105&iwk=318&lng=en ) Shortcut infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Settings.lnk ( /showurl hxxp://www2.inbox.com/settings/settings.aspx?lng=en ) ***** [ Scheduled Tasks ] ***** Task Found: SlimCleaner Plus (Scheduled Scan - Ron) Task Found: SlimCleaner Plus (Scheduled Scan - Ron) ***** [ Registry ] ***** Key Found: HKLM\SOFTWARE\Classes\Toolbar.CT3209604 Key Found: HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Key Found: HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Key Found: HKLM\SOFTWARE\Classes\Inbox.AppServer Key Found: HKLM\SOFTWARE\Classes\Inbox.IBX404 Key Found: HKLM\SOFTWARE\Classes\Inbox.JSServer Key Found: HKLM\SOFTWARE\Classes\Inbox.JSServer2 Key Found: HKLM\SOFTWARE\Classes\Inbox.Toolbar Key Found: HKLM\SOFTWARE\Classes\Prod.cap Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector.1 Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1 Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1 Key Found: [x64] HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Key Found: [x64] HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Key Found: [x64] HKLM\SOFTWARE\Classes\Inbox.AppServer Key Found: [x64] HKLM\SOFTWARE\Classes\Inbox.IBX404 Key Found: [x64] HKLM\SOFTWARE\Classes\Inbox.JSServer Key Found: [x64] HKLM\SOFTWARE\Classes\Inbox.JSServer2 Key Found: [x64] HKLM\SOFTWARE\Classes\Inbox.Toolbar Key Found: [x64] HKLM\SOFTWARE\Classes\Prod.cap Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1 Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1 Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1 Key Found: HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found: HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found: HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690} Key Found: HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found: HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27} Key Found: HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found: HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Found: HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB} Key Found: HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Found: HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Found: HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Found: HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Found: HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE} Key Found: HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} Value Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}] Key Found: HKU\.DEFAULT\Software\IGearSettings Key Found: HKU\.DEFAULT\Software\Auslogics Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Inbox Toolbar Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\InstallCore Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\SlimWare Utilities Inc Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Zugo Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\AppDataLow\Software\adawarebp Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\AppDataLow\Software\adawaretb Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\AppDataLow\Software\ConduitSearchScopes Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\AppDataLow\Software\PriceGong Key Found: HKU\S-1-5-18\Software\IGearSettings Key Found: HKU\S-1-5-18\Software\Auslogics Key Found: HKCU\Software\Inbox Toolbar Key Found: HKCU\Software\InstallCore Key Found: HKCU\Software\SlimWare Utilities Inc Key Found: HKCU\Software\Zugo Key Found: HKCU\Software\AppDataLow\Software\adawarebp Key Found: HKCU\Software\AppDataLow\Software\adawaretb Key Found: HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Found: HKCU\Software\AppDataLow\Software\PriceGong Key Found: HKLM\SOFTWARE\SLIMWARE UTILITIES, INC. Key Found: HKLM\SOFTWARE\adawaretb Key Found: HKLM\SOFTWARE\Babylon Key Found: HKLM\SOFTWARE\Conduit Key Found: HKLM\SOFTWARE\Freeze.com Key Found: HKLM\SOFTWARE\Inbox Toolbar Key Found: HKLM\SOFTWARE\InstallIQ Key Found: HKLM\SOFTWARE\SlimWare Utilities Inc Key Found: HKLM\SOFTWARE\Toolbar Cleaner Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1 Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoUpdater_is1 Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner Key Found: [x64] HKCU\Software\Inbox Toolbar Key Found: [x64] HKCU\Software\InstallCore Key Found: [x64] HKCU\Software\SlimWare Utilities Inc Key Found: [x64] HKCU\Software\Zugo Key Found: [x64] HKCU\Software\AppDataLow\Software\adawarebp Key Found: [x64] HKCU\Software\AppDataLow\Software\adawaretb Key Found: [x64] HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Found: [x64] HKCU\Software\AppDataLow\Software\PriceGong Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\SearchScopes\{07FD3917-1596-4165-9C39-D78089ED0FD1} Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec} Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\SearchScopes\{7C560F43-CF86-4D10-BF85-D534839184F1} Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\SearchScopes\{831AD50D-2C35-4C64-8FEE-E154A489B122} Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{07FD3917-1596-4165-9C39-D78089ED0FD1} Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec} Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7C560F43-CF86-4D10-BF85-D534839184F1} Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{831AD50D-2C35-4C64-8FEE-E154A489B122} Key Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{07FD3917-1596-4165-9C39-D78089ED0FD1} Key Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec} Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{07FD3917-1596-4165-9C39-D78089ED0FD1} Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec} Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7C560F43-CF86-4D10-BF85-D534839184F1} Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{831AD50D-2C35-4C64-8FEE-E154A489B122} Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{07FD3917-1596-4165-9C39-D78089ED0FD1} Key Found: HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Found: HKLM\SOFTWARE\Classes\PROTOCOLS\handler\inbox Key Found: HKLM\SOFTWARE\Classes\protocols\handler\inbox Key Found: HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla Key Found: HKLM\SOFTWARE\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole ***** [ Web browsers ] ***** Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "browser.babylon.HPOnNewTab" - "search.babylon.com" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "browser.search.order.1" - "Search the web (Babylon)" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "browser.search.selectedEngine" - "blekko" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.admin" - false Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.aflt" - "babsst" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.babExt" - "" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.babTrack" - "affID=109930" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.bbDpng" - 30 Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.dfltSrch" - false Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.hmpg" - false Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.id" - "64107edb000000000000c0c1c06054e4" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.instlDay" - "15420" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.instlRef" - "sst" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.lastDP" - 30 Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.lastVrsnTs" - "1.5.3.1721:52:39" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.mntrFFxVrsn" - "17.0" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.newTab" - true Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.newTabUrl" - "hxxp://search.babylon.com/?babsrc=NT_bb" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.noFFXTlbr" - false Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.prdct" - "BabylonToolbar" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.propectorlck" - 92904910 Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.prtkDS" - 1 Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.prtkHmpg" - 1 Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.prtnrId" - "babylon" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.ptch_0717" - true Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.smplGrp" - "tzb" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.srcExt" - "ss" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.tlbrId" - "tb9" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.vrsn" - "1.5.3.17" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.vrsnTs" - "1.5.3.1721:52:39" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.vrsni" - "1.5.3.17" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.aflt" - "babsst" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.babExt" - "" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.babTrack" - "affID=109930" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.hardId" - "64107edb000000000000c0c1c06054e4" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.id" - "64107edb000000000000c0c1c06054e4" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.instlDay" - "15420" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.instlRef" - "sst" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.newTab" - true Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.newTabUrl" - "hxxp://search.babylon.com/?AF=109930&babsrc=NT_ss&mntrId=64107edb00000000 Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.prdct" - "BabylonToolbar" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.prtnrId" - "babylon" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.smplGrp" - "none" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.srcExt" - "ss" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.tlbrId" - "tb9" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.vrsn" - "1.5.3.17" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.vrsnTs" - "1.5.3.1721:52:39" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.vrsni" - "1.5.3.17" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.babTrack" - "affID=109930" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.babExt" - "" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.srcExt" - "ss" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.id" - "64107edb000000000000c0c1c06054e4" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.hardId" - "64107edb000000000000c0c1c06054e4" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.instlDay" - "15420" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.vrsn" - "1.5.3.17" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.vrsni" - "1.5.3.17" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.vrsnTs" - "1.5.3.1721:52:39" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.prtnrId" - "babylon" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.prdct" - "BabylonToolbar" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.aflt" - "babsst" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.smplGrp" - "none" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.tlbrId" - "tb9" Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.instlRef" - "sst" Chrome pref Found: [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com_ Chrome pref Found: [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com Chrome pref Found: [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com Chrome pref Found: [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - bopakagnckmlgajfccecajhnimjiiedh Chrome pref Found: [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - jmfkcklnlgedgbglfkkgedjfmejoahla Chrome pref Found: [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - madakpajlmcpaodhfbekojajlhbdklol Chrome pref Found: [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - oejkcgajlodefenbbjdnaiahmbnnoole ************************* C:\AdwCleaner\AdwCleaner[s0].txt - [23697 Bytes] - [23/02/2017 23:42:29] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [23771 Bytes] ##########
  11. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017 Ran by Ron (administrator) on SEMICHI (23-02-2017 06:50:50) Running from C:\Users\Ron\Desktop Loaded Profiles: Ron (Available Profiles: Ron & LogMeInRemoteUser & Test & UpdatusUser & Employee Access) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Windows\System32\CISVC.EXE (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Microsoft Corporation) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) C:\Program Files (x86)\MICROSOFT SQL SERVER\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\dllhost.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe () C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Google) C:\Users\Ron\AppData\Roaming\Google\Google Talk\googletalk.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe (Gadwin Systems) C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen64.exe (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Tethys Solutions, LLC) C:\Program Files (x86)\Launch-n-Go\HotKey.exe (Tethys Solutions, LLC) C:\Program Files (x86)\Launch-n-Go\HotKey.exe () C:\UPS\WSTD\UPSNA1Msgr.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe () C:\UPS\WSTD\WSTDMessaging.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe (Microsoft Corporation) C:\Windows\splwow64.exe () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareTray.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Microsoft Corporation) C:\Windows\System32\calc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe (Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [seagull Drivers] => ssdal_nc.exe startup HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.) HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2010-09-17] (LogMeIn, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2016-03-26] (Apple Inc.) HKLM-x32\...\Run: [NortonOnlineBackupReminder] => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED HKLM-x32\...\Run: [NA1Messenger] => C:\UPS\WSTD\UPSNA1Msgr.exe [24576 2009-12-01] () HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26220296 2017-02-06] (Dropbox, Inc.) HKLM-x32\...\Run: [DLSService] => C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe [55808 2009-09-29] (Sanford, L.P.) HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric) HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [brMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2017-01-13] (Apple Inc.) HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation) HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-04-01] (Google Inc.) HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1041736 2012-10-16] () HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.) HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-01-17] (Apple Inc.) HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-01-17] (Apple Inc.) HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [googletalk] => C:\Users\Ron\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google) HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [Google Update] => C:\Users\Ron\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.) HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [eM Client] => "C:\Program Files (x86)\eM Client\MailClient.exe" /startup HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [eFax 4.4] => "C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" /R HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd) HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-01-17] (Apple Inc.) HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1084688 2016-04-21] (Apple Inc.) HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [Gadwin PrintScreen (64-bit)] => C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen64.exe [14439584 2014-10-15] (Gadwin Systems) HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2017-02-19] (Siber Systems) HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\MountPoints2: {b0312b54-e9fc-11e4-beed-90e6ba591fe0} - F:\autorun.exe HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\MountPoints2: {ecfc6d99-6036-11e2-bea1-90e6ba591fe0} - F:\iStudio.exe HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\MountPoints2: {ecfc6fce-6036-11e2-bea1-90e6ba591fe0} - F:\iLinker.exe HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2016-02-22] ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2013-06-19] ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launch-n-Go Hotkeys.lnk [2010-04-30] ShortcutTarget: Launch-n-Go Hotkeys.lnk -> C:\Program Files (x86)\Launch-n-Go\HotKey.exe (Tethys Solutions, LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-06-09] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (No File) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk [2009-11-12] ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk [2010-03-11] ShortcutTarget: UPS WorldShip Messaging Utility.lnk -> C:\UPS\WSTD\WSTDMessaging.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk [2010-03-11] ShortcutTarget: UPS WorldShip PLD Reminder Utility.lnk -> C:\UPS\WSTD\wstdPldReminder.exe (UPS) Startup: C:\Users\Employee Access\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2013-11-14] ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk [2012-07-12] ShortcutTarget: eFax 4.4.lnk -> C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe (No File) Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2012-03-29] ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OUTLOOK.EXE - Shortcut.lnk [2016-09-12] ShortcutTarget: OUTLOOK.EXE - Shortcut.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{0E97319C-1499-443F-8DA1-F948B1EEF128}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{54A572E2-5771-4B92-B793-AB9A69B0E820}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{EC8C1B85-DABD-4F8E-B5DF-520CE2B95ECA}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {07FD3917-1596-4165-9C39-D78089ED0FD1} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd SearchScopes: HKLM -> {BA2C68D5-0C58-4043-8FC8-7AC3A4725332} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {07FD3917-1596-4165-9C39-D78089ED0FD1} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd SearchScopes: HKLM-x32 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZXxdm039YYus&ptnrS=ZXxdm039YYus&si=radiopi&ptb=3FAA0180-EFBD-4D7E-9EBC-C5E277999B41&ind=2012072513&n=77edca41&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKLM-x32 -> {BA2C68D5-0C58-4043-8FC8-7AC3A4725332} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {07FD3917-1596-4165-9C39-D78089ED0FD1} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&AF=109930&babsrc=SP_ss&mntrId=64107edb000000000000c0c1c06054e4 SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZXxdm039YYus&ptnrS=ZXxdm039YYus&si=radiopi&ptb=3FAA0180-EFBD-4D7E-9EBC-C5E277999B41&ind=2012072513&n=77edca41&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=03F6F03584CC89083BDED950C8082D4F&q={searchTerms} SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {7C560F43-CF86-4D10-BF85-D534839184F1} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3209604 SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {831AD50D-2C35-4C64-8FEE-E154A489B122} URL = hxxp://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1 SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {8816804E-C5E1-411B-ACCC-DEB9C0021740} URL = SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {BA2C68D5-0C58-4043-8FC8-7AC3A4725332} URL = BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-02-19] (Siber Systems Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.) BHO-x32: Ad-Aware Security Add-on -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} -> C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll [2013-08-09] () BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-02-19] (Siber Systems Inc.) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-19] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-06-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-19] (Oracle Corporation) Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-02-19] (Siber Systems Inc.) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2013-06-19] (LastPass) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.) Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.) Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-02-19] (Siber Systems Inc.) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2013-06-19] (LastPass) Toolbar: HKLM-x32 - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll [2013-08-09] () Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.) Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-02-19] (Siber Systems Inc.) Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.) Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> No Name - {B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} - No File Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab DPF: HKLM-x32 {106E49CF-797A-11D2-81A2-00E02C015623} hxxp://www.alternatiff.com/distribution/alternatiff-ax-w32-2.0.4.cab DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB DPF: HKLM-x32 {49232000-16E4-426C-A231-62846947304B} hxxps://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: HKLM-x32 {74F4F118-91E6-4AFC-B8D2-04066781F239} hxxps://www.member-data.com/rdc/EZTwainX.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1074 Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.) Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll [2014-09-23] (Xacti, LLC) Handler-x32: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll [2014-09-23] (Xacti, LLC) FireFox: ======== FF ProfilePath: C:\Users\Ron\AppData\Roaming\Mozilla\SeaMonkey\Profiles\6k0syyf3.default [2017-02-23] FF Extension: (ChatZilla) - C:\Users\Ron\AppData\Roaming\Mozilla\SeaMonkey\Profiles\6k0syyf3.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2015-04-22] [not signed] FF Extension: (JavaScript Debugger) - C:\Users\Ron\AppData\Roaming\Mozilla\SeaMonkey\Profiles\6k0syyf3.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2013-10-01] [not signed] FF ProfilePath: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default [2017-02-23] FF user.js: detected! => C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js [2014-08-20] FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\4luj5tdd.default -> Search the web (Babylon) FF SelectedSearchEngine: Mozilla\Firefox\Profiles\4luj5tdd.default -> blekko FF Homepage: Mozilla\Firefox\Profiles\4luj5tdd.default -> hxxps://www.aspenshopsonline.com/a_1419control/login.php FF Keyword.URL: Mozilla\Firefox\Profiles\4luj5tdd.default -> hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF NetworkProxy: Mozilla\Firefox\Profiles\4luj5tdd.default -> type", 0 FF Extension: (iCloud Bookmarks) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\[email protected] [2014-02-26] [not signed] FF Extension: (SaveFrom.net - helper) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\[email protected] [2016-04-26] FF Extension: (Lavasoft Search Plugin) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\[email protected] [2012-12-04] [not signed] FF Extension: (Add Google Search To New Tab Page) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\[email protected] [2014-05-16] [not signed] FF Extension: (AmazonSmile 1Button for Firefox) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\[email protected] [2014-06-20] [not signed] FF Extension: (LastPass) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\[email protected] [2014-08-20] [not signed] FF Extension: (DNS Flusher) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\{7d575baa-b543-11dc-8314-0800200c9a66}.xpi [2014-09-20] [not signed] FF Extension: (Ad-Aware Security Add-on) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2013-10-08] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG10\Firefox4 FF Extension: (AVG Safe Search) - C:\Program Files (x86)\AVG\AVG10\Firefox4 [2012-09-17] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi FF Extension: (RoboForm Toolbar) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2017-02-19] FF HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Firefox\Extensions: [{D8555115-7DE9-11E1-826D-B8AC6F996F26}] - C:\Users\Ron\AppData\Local\{D8555115-7DE9-11E1-826D-B8AC6F996F26} FF Extension: (Translate This!) - C:\Users\Ron\AppData\Local\{D8555115-7DE9-11E1-826D-B8AC6F996F26} [2012-04-03] [not signed] FF HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] () FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-19] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-19] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @mozilla.zeniko.ch/PDFLite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [2014-02-26] (Simon Bünzli) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: @mozilla.zeniko.ch/PDFLite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [2014-02-26] (Simon Bünzli) FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Ron\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: @talk.google.com/O1DPlugin -> C:\Users\Ron\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: SkypePlugin -> C:\Users\Ron\AppData\Local\SkypePlugin\7.12.0.55\npGatewayNpapi.dll [2015-12-08] (Skype Technologies S.A.) FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: SkypePlugin64 -> C:\Users\Ron\AppData\Local\SkypePlugin\7.12.0.55\npGatewayNpapi-x64.dll [2015-12-08] (Skype Technologies S.A.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2011-03-18] (Coupons, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPEltr32.dll [2008-07-28] (UPS) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2011-03-18] (Coupons, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-09-30] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-09-30] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-09-30] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-09-30] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-09-30] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Ron\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Ron\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\gcswf32.dll => No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll => No File CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File CHR Plugin: (RoboForm Plugin for Google Chrome/Opera/etc.) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\plugin/rf-np-plugin.dll (Siber Systems Inc.) CHR Plugin: (AVG Internet Security) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll (AVG Technologies CZ, s.r.o.) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll => No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll => No File CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Profile: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default [2017-02-23] CHR Extension: (Entanglement Web App) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2013-10-16] CHR Extension: (Honey) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-02-22] CHR Extension: (Tampermonkey) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-01-02] CHR Extension: (iCloud Bookmarks) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2016-04-24] CHR Extension: (LastPass: Free Password Manager) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-02-09] CHR Extension: (AVG Safe Search) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2011-10-14] CHR Extension: (SearchLock) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\madakpajlmcpaodhfbekojajlhbdklol [2017-01-31] CHR Extension: (Poppit!) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-11-21] CHR Extension: (Chrome Web Store Payments) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-21] CHR Extension: (Lavasoft NewTab) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole [2013-10-16] CHR Extension: (Chrome Media Router) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07] CHR Extension: (RoboForm Password Manager) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2017-02-16] CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-07] CHR HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - C:\Program Files (x86)\LastPass\lpchrome.crx [2013-06-19] CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG10\Chrome\safesearch.crx [2011-09-09] CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2013-09-20] CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-07] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric) S4 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.) S4 BRA_Scheduler; C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [99328 2015-01-14] () [File not signed] S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46400 2017-02-06] (Dropbox, Inc.) S4 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] () S4 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed] S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1039376 2017-01-16] (Garmin Ltd. or its subsidiaries) S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [File not signed] S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2013-06-07] (LogMeIn, Inc.) S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2013-06-07] (LogMeIn, Inc.) S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2010-11-08] (LogMeIn, Inc.) R2 MSSQL$UPSWSDBSERVER; c:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) S4 RunSwUSB; C:\Windows\runSW.exe [48856 2013-10-18] () S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) S4 WSWUSB6300; C:\Program Files (x86)\Linksys WUSB6300\WifiSvc.exe [312144 2013-07-22] () [File not signed] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [35456 2012-10-24] () [File not signed] R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-01] (GFI Software) S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-30] (Broadcom Corporation) R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.) S4 LMIRfsClientNP; no ImagePath R3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-13] (Microsoft Corporation) S3 NPF; C:\Windows\System32\drivers\NPF.sys [40464 2007-11-06] (CACE Technologies) S3 PcaSp50; C:\Windows\System32\Drivers\PcaSp50.sys [45624 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA)) S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2978520 2014-01-10] (Realtek Semiconductor Corporation ) R3 SPorts; C:\Windows\System32\DRIVERS\SPorts.sys [122880 2009-08-17] () S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16056 2015-09-30] (SlimWare Utilities, Inc.) S1 BdfNdisf; \??\c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [X] S1 bdftdif; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdftdif.sys [X] S3 dbx; system32\DRIVERS\dbx.sys [X] S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-23 06:50 - 2017-02-23 06:52 - 00046157 _____ C:\Users\Ron\Desktop\FRST.txt 2017-02-23 06:50 - 2017-02-23 06:50 - 00000000 ____D C:\FRST 2017-02-23 06:49 - 2017-02-23 06:49 - 02423296 _____ (Farbar) C:\Users\Ron\Desktop\FRST64.exe 2017-02-23 06:23 - 2017-02-23 06:23 - 00000165 ____H C:\Users\Ron\Desktop\~$PRIZEGRAB.xlsx 2017-02-22 09:00 - 2017-02-22 09:00 - 00000000 ____D C:\ProgramData\Lavasoft 2017-02-18 19:20 - 2017-02-18 19:20 - 00000321 _____ C:\Users\Ron\Downloads\Buffalo_Grass_Acoustic_Society.vcf 2017-02-16 23:26 - 2017-02-17 15:34 - 00000000 ____D C:\Users\Ron\Desktop\BGAS dailies 2017-02-14 11:57 - 2017-02-14 11:57 - 00000000 ____D C:\Users\Ron\AppData\Local\AdAwareUpdater 2017-02-14 11:54 - 2017-02-14 11:54 - 00000000 ____D C:\ProgramData\adaware 2017-02-12 20:33 - 2017-02-23 06:31 - 00010250 _____ C:\Users\Ron\Desktop\PRIZEGRAB.xlsx 2017-02-10 08:59 - 2017-02-10 08:59 - 00000055 _____ C:\Users\Ron\Desktop\Brad birthday ideas.txt 2017-02-07 17:15 - 2017-02-07 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-02-06 21:38 - 2017-02-06 21:38 - 00046400 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe 2017-02-06 21:38 - 2017-02-06 21:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys 2017-02-06 21:38 - 2017-02-06 21:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys 2017-02-06 21:38 - 2017-02-06 21:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys 2017-02-05 20:03 - 2017-02-05 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs 2017-02-05 20:02 - 2017-02-05 20:02 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk 2017-02-05 20:02 - 2017-02-05 20:02 - 00001153 _____ C:\Users\Public\Desktop\Debut Video Capture Software.lnk 2017-02-04 21:31 - 2017-02-04 21:31 - 00002183 _____ C:\Users\Public\Desktop\Google Earth.lnk 2017-02-04 21:31 - 2017-02-04 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth 2017-02-01 13:03 - 2017-02-06 13:16 - 00000000 ____D C:\Users\Ron\Desktop\UPS Print Services 2017-02-01 11:31 - 2017-02-01 11:31 - 00004096 ____H C:\Users\Ron\AppData\Local\keyfile3.drm 2017-01-31 21:27 - 2017-01-31 21:27 - 00001792 _____ C:\Users\Public\Desktop\iTunes.lnk 2017-01-31 21:27 - 2017-01-31 21:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2017-01-31 21:25 - 2017-01-31 21:27 - 00000000 ____D C:\Program Files\iTunes 2017-01-31 21:25 - 2017-01-31 21:25 - 00000000 ____D C:\Program Files\iPod 2017-01-31 21:19 - 2017-01-31 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-23 06:49 - 2013-03-15 13:39 - 01000448 ___SH C:\Users\Ron\Desktop\Thumbs.db 2017-02-23 06:29 - 2012-05-11 13:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2017-02-23 06:15 - 2015-10-08 20:50 - 00000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2017-02-23 06:10 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\tracing 2017-02-23 05:46 - 2016-07-14 23:39 - 00000000 ____D C:\Users\Ron\AppData\Local\4B746940-4173-44A8-928A-9477EFAB0062.aplzod 2017-02-23 04:51 - 2009-07-13 21:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-02-23 04:51 - 2009-07-13 21:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-02-22 21:15 - 2015-10-08 20:50 - 00000898 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2017-02-22 20:35 - 2016-12-03 20:35 - 00000000 ____D C:\Users\Ron\AppData\Roaming\FileAdvisor 2017-02-22 15:39 - 2014-09-28 18:19 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Audacity 2017-02-22 15:27 - 2016-12-02 20:03 - 00000000 ____D C:\Users\Ron\AppData\Roaming\mp3tagpro 2017-02-22 13:13 - 2016-02-20 12:44 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-02-22 09:50 - 2015-09-09 08:50 - 00000362 _____ C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Ron).job 2017-02-22 09:32 - 2015-05-05 03:28 - 00000000 ____D C:\Users\Ron\AppData\Local\CrashDumps 2017-02-22 09:32 - 2013-02-21 19:02 - 00000000 ___RD C:\Users\Ron\Dropbox 2017-02-22 09:30 - 2016-07-14 23:38 - 00000000 ___RD C:\Users\Ron\iCloudDrive 2017-02-22 09:30 - 2010-03-11 11:10 - 00000199 _____ C:\Windows\wstdUPSWSHIP.INI 2017-02-22 09:29 - 2012-07-23 13:04 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection 2017-02-22 09:26 - 2011-09-17 15:11 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2017-02-22 09:26 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-02-21 03:20 - 2016-03-20 21:39 - 00000000 ____D C:\Users\Ron\My IMS Projects 2017-02-21 03:19 - 2011-07-24 12:36 - 00000000 ____D C:\Users\Ron\AppData\Roaming\FileZilla 2017-02-19 22:16 - 2010-03-12 12:55 - 00001082 _____ C:\Windows\Brpfx04a.ini 2017-02-19 22:15 - 2010-02-22 10:34 - 00000466 _____ C:\Windows\BRWMARK.INI 2017-02-19 12:41 - 2011-06-16 20:23 - 00004104 _____ C:\Windows\System32\Tasks\Open URL by RoboForm 2017-02-19 12:41 - 2011-03-16 22:53 - 00003486 _____ C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon 2017-02-19 12:33 - 2011-12-16 04:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm 2017-02-17 22:36 - 2016-02-21 01:05 - 00000000 ____D C:\Users\Ron\Desktop\TEMPORARY PICS 2017-02-17 13:20 - 2017-01-06 14:16 - 00000000 ____D C:\Users\Ron\AppData\Local\FileZilla 2017-02-16 23:26 - 2014-02-21 00:01 - 00000000 ____D C:\Users\Ron\BGAS 2017-02-16 23:14 - 2016-09-27 17:38 - 00000000 ____D C:\Users\Ron\Desktop\a-KCEG UPLOADS 2017-02-16 14:11 - 2015-08-21 21:11 - 00000000 ____D C:\Users\Ron\Wilks Home Sale 2017-02-11 19:17 - 2016-06-05 23:41 - 00000861 _____ C:\Users\Public\Desktop\CCleaner.lnk 2017-02-11 19:12 - 2013-02-21 19:02 - 00001269 _____ C:\Users\Ron\Desktop\Dropbox.lnk 2017-02-10 19:55 - 2013-09-09 06:58 - 00268288 ___SH C:\Users\Ron\Thumbs.db 2017-02-09 15:29 - 2010-11-19 11:32 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForRon 2017-02-09 15:29 - 2010-11-19 11:32 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForRon.job 2017-02-09 15:27 - 2013-07-26 19:45 - 00000000 ____D C:\BGAS WEBFILES 2017-02-08 13:06 - 2017-01-08 00:52 - 00000000 ____D C:\Users\Ron\Desktop\SCRIPTS 2017 2017-02-08 01:35 - 2016-12-02 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mp3Tag Pro 9 2017-02-08 01:35 - 2016-12-02 20:03 - 00000000 ____D C:\Program Files (x86)\mp3Tag Pro 9 2017-02-07 17:15 - 2015-10-08 20:49 - 00000000 ____D C:\Program Files (x86)\Dropbox 2017-02-07 15:22 - 2017-01-05 14:50 - 00000000 ____D C:\Users\Ron\AppData\LocalLow\Mozilla 2017-02-06 13:31 - 2010-04-06 17:27 - 00002234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-05 20:11 - 2016-12-02 20:50 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software 2017-02-05 20:03 - 2016-12-08 02:15 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Free YouTube to MP3 Converter Studio 2017-02-05 20:03 - 2016-12-02 20:50 - 00000000 ____D C:\ProgramData\NCH Software 2017-02-05 20:03 - 2016-12-02 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite 2017-02-05 20:02 - 2011-09-29 09:10 - 00000000 ____D C:\Users\Ron\AppData\Roaming\NCH Software 2017-02-05 20:02 - 2010-04-07 17:40 - 00000000 ____D C:\Program Files (x86)\NCH Software 2017-02-04 21:31 - 2010-04-01 20:50 - 00000000 ____D C:\Program Files (x86)\Google 2017-02-04 18:05 - 2010-01-27 01:03 - 00000000 ___RD C:\Users\Ron 2017-02-03 02:18 - 2016-03-28 23:02 - 00000000 ____D C:\Users\Ron\Aspen Shops 2017-02-02 13:44 - 2016-01-08 00:32 - 00002136 _____ C:\Users\Public\Desktop\FileZilla Client.lnk 2017-02-02 13:44 - 2011-07-24 12:36 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client 2017-02-02 02:20 - 2016-11-10 14:12 - 00000000 ____D C:\Users\Ron\Desktop\Linda - health-death 2017-02-01 13:11 - 2016-08-31 10:34 - 00000000 ____D C:\Users\Ron\Desktop\Jam Poster images 2017-01-31 21:25 - 2012-05-17 20:30 - 00000000 ____D C:\Program Files\Common Files\Apple 2017-01-31 10:00 - 2010-02-21 21:18 - 00000544 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job 2017-01-24 22:00 - 2015-06-24 10:49 - 00000000 ____D C:\TEMP ==================== Files in the root of some directories ======= 2013-01-19 00:09 - 2013-01-19 00:10 - 0031126 __RSH () C:\Program Files (x86)\DLS8Uninstall.log 2013-06-19 22:54 - 2013-06-19 22:54 - 14880256 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe 2015-12-31 23:20 - 2016-04-18 20:14 - 0601088 _____ () C:\Users\Ron\AppData\Roaming\SharedSettings.ccs 2010-03-12 13:17 - 2014-11-05 20:43 - 0000258 _____ () C:\Users\Ron\AppData\Roaming\wklnhst.dat 2013-01-19 16:46 - 2016-10-21 12:45 - 0114176 _____ () C:\Users\Ron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2017-02-01 11:31 - 2017-02-01 11:31 - 0004096 ____H () C:\Users\Ron\AppData\Local\keyfile3.drm 2011-07-12 04:35 - 2013-09-08 23:15 - 0000600 _____ () C:\Users\Ron\AppData\Local\PUTTY.RND 2016-10-12 13:06 - 2016-10-12 13:06 - 0000837 _____ () C:\Users\Ron\AppData\Local\recently-used.xbel 2010-03-19 07:32 - 2016-09-29 21:09 - 0007606 _____ () C:\Users\Ron\AppData\Local\resmon.resmoncfg 2011-02-13 22:09 - 2011-02-13 22:09 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2015-10-01 09:12 - 2015-10-01 09:12 - 0010392 _____ () C:\ProgramData\regid.2015-09.com.zebra_382F6BCF-CF0F-4390-94F1-6CEF82FFFB02.swidtag Files to move or delete: ==================== C:\Users\Public\pass.dat C:\Users\Ron\en_res.dll C:\Users\Ron\es_res.dll C:\Users\Ron\fr_res.dll C:\Users\Ron\grm_res.dll C:\Users\Ron\it_res.dll C:\Users\Ron\jp_res.dll C:\Users\Ron\lyrics-finder.exe C:\Users\Ron\mfc80u.dll C:\Users\Ron\msvcr80.dll C:\Users\Ron\PCPE Setup.exe C:\Users\Ron\pt_res.dll C:\Users\Ron\ResourceReader.dll C:\Users\Ron\ripsetup.exe C:\Users\Ron\ru_res.dll C:\Users\Ron\zh_res.dll Some files in TEMP: ==================== 2013-11-29 18:48 - 2013-11-29 18:48 - 0000000 _____ () C:\Users\Employee Access\AppData\Local\Temp\c3bty7qd.dll 2016-12-02 20:50 - 2016-12-02 20:50 - 0875792 _____ (NCH Software) C:\Users\Ron\AppData\Local\Temp\burnsetup.exe 2017-02-05 20:02 - 2017-02-05 20:02 - 1681656 _____ (NCH Software) C:\Users\Ron\AppData\Local\Temp\debutsetup.exe 2016-12-16 19:17 - 2017-02-19 12:32 - 21360360 _____ (Siber Systems) C:\Users\Ron\AppData\Local\Temp\RoboForm-Setup.exe 2016-12-02 20:50 - 2016-12-02 20:50 - 0727784 _____ (NCH Software) C:\Users\Ron\AppData\Local\Temp\rpsetup.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-02-22 00:14 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017 Ran by Ron (23-02-2017 06:53:41) Running from C:\Users\Ron\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2010-01-27 08:03:43) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1719432816-2042769076-3470656445-500 - Administrator - Disabled) Employee Access (S-1-5-21-1719432816-2042769076-3470656445-1009 - Limited - Enabled) => C:\Users\Employee Access Guest (S-1-5-21-1719432816-2042769076-3470656445-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-1719432816-2042769076-3470656445-1002 - Limited - Enabled) LogMeInRemoteUser (S-1-5-21-1719432816-2042769076-3470656445-1006 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser Ron (S-1-5-21-1719432816-2042769076-3470656445-1001 - Administrator - Enabled) => C:\Users\Ron Test (S-1-5-21-1719432816-2042769076-3470656445-1007 - Administrator - Enabled) => C:\Users\Test UpdatusUser (S-1-5-21-1719432816-2042769076-3470656445-1008 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version: - ) Ad-Aware Security Add-on (HKLM-x32\...\adawaretb) (Version: 3.5.0.2 - Lavasoft) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated) Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated) Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated) Amazon Kindle (HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon) ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Artweaver 1.0 (HKLM-x32\...\{A025CFB8-64E7-4432-824F-11E7C5ED2ECE}_is1) (Version: 1.0 - Boris Eyrich Software) Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team) Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team) AudioConverter Studio 9.1 (HKLM-x32\...\AudioConverter Studio_is1) (Version: - ManiacTools.com) Auto Updater 1.2.0.3 (HKLM-x32\...\AutoUpdater_is1) (Version: - ) AutoHotkey 1.1.13.01 (HKLM\...\AutoHotkey) (Version: 1.1.13.01 - Lexikos) Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.) BitTorrent (HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\BitTorrent) (Version: 7.9.7.42331 - BitTorrent Inc.) Blueberry PDF Form Filler (x32 Version: 1.0.0.89 - Blueberry Consultants) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) BRAdmin Professional 3 (HKLM-x32\...\{75C885D4-C758-4896-A3B4-90DA34B44C31}) (Version: 3.58.0003 - Brother) Brother HL-4040CDN (HKLM-x32\...\{341F242E-90A8-471E-A72B-4306040E5416}) (Version: 1.00 - Brother) Brother MFL-Pro Suite MFC-7840W (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.0.1.0 - Brother Industries, Ltd.) CCC (x32 Version: 12.00.0000 - United Parcel Service, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Core FTP LE 2.1 (HKLM-x32\...\Core FTP LE 2.1) (Version: - ) Crimson Editor SVN286 (HKLM-x32\...\Crimson Editor SVN286) (Version: SVN286 - Emerald Editor Community) CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAZzle (HKLM-x32\...\DAZzle) (Version: - ) Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 3.07 - NCH Software) DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden Dropbox (HKLM-x32\...\Dropbox) (Version: 19.4.13 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.2.0.794 - Sanford, L.P.) DYMO LabelWriter Drivers (HKLM\...\{CE16D92B-50F3-4FC5-B29C-13FAFEE1A6C6}) (Version: 8.3.0.443 - Sanford L.P.) DYMO Printable Postage (HKLM-x32\...\Printable Postage.exe) (Version: 4.0 - Endicia Internet Postage) Elevated Installer (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden Evernote v. 6.1.2 (HKLM-x32\...\{A46ABD1E-2837-11E6-9E7C-005056951CAD}) (Version: 6.1.2.2292 - Evernote Corp.) Express Burn Disc Burning Software (HKLM-x32\...\ExpressBurn) (Version: 5.15 - NCH Software) Express Rip CD Ripper Software (HKLM-x32\...\ExpressRip) (Version: 1.97 - NCH Software) FastStone Image Viewer 4.0 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.0 - FastStone Soft) Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation) File Type Advisor 1.6 (HKLM-x32\...\File Type Advisor_is1) (Version: - ) FileZilla Client 3.24.0 (HKLM-x32\...\FileZilla Client) (Version: 3.24.0 - Tim Kosse) FlipShare (HKLM-x32\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video) FormsComponent (x32 Version: 12.00.0000 - UPS) Hidden FOSS (x32 Version: 12.50.0000 - UPS) Hidden Free M4a to MP3 Converter 9.3 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com) Free YouTube to MP3 Converter Studio 9.0 (HKLM-x32\...\Free YouTube to MP3 Converter Studio_is1) (Version: - mediaprolab.com) Gadwin PrintScreen (64-Bit) (HKLM\...\{819A52E1-0929-469A-BEB6-1AEBE0873CFC}) (Version: 5.4.2.0 - Gadwin Systems) Garmin Express (HKLM-x32\...\{9fbf4745-0038-4ed3-aee1-87af9b9ef8f1}) (Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team) GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 8.4.3.3 - Siber Systems) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.) Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google) Google Talk (remove only) (HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - ) Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Google Web Designer (HKLM\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 1.3.10.0 - Google Inc.) Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.) HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent) HP Media Vault Pro (HKLM-x32\...\{01ACF590-90FE-43EE-906E-EC051D587CA8}) (Version: 1.2.1.16218 - Hewlett-Packard) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 9.7.3 - Hewlett-Packard Company) HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard) HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard) HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard) HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard) ICCHelp (HKLM-x32\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 1.0.0.2 - UPS) iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.) Inbox Toolbar (HKLM-x32\...\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1) (Version: 2.0.1.110 - Xacti, LLC) IP Camera (HKLM-x32\...\IP Camera) (Version: - ) iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.) Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Korean Fonts Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5670-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated) LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) LastPass(uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass) Launch-n-Go (HKLM-x32\...\{7CE12FDF-B758-46A5-A8CD-785EDFDC5B84}) (Version: 2.0 - Tethys Solutions, LLC) LightScribe Diagnostic Utility (HKLM-x32\...\{8FE019AA-8C1C-46D3-A6CA-E45C5E332736}) (Version: 1.18.27.10 - LightScribe) LightScribe System Software (HKLM-x32\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe) Linksys Dual Band Wireless-AC USB Adapter (HKLM-x32\...\{C094F1A2-5EDF-4550-AE67-5FC1F4D2186F}) (Version: 1.0.0.22 - Linksys LLC) LogMeIn (HKLM-x32\...\{34F93E31-E1A0-421C-8E86-BCF7C4193A91}) (Version: 4.0.982 - LogMeIn, Inc.) LogMeIn (HKLM-x32\...\{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}) (Version: 4.1.1578 - LogMeIn, Inc.) MAMP & MAMP PRO version 3.2.2 (HKLM-x32\...\{A62E77D4-9B74-4CA0-A254-EFE711F7A298}_is1) (Version: 3.2.2 - appsolute Gmbh) Mega Video Converter 2.2 (HKLM-x32\...\Mega Video Converter_is1) (Version: - Mega Video Converter) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation) Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Access 2003 (HKLM-x32\...\{90150409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - ) Microsoft Office Outlook 2007 (HKLM-x32\...\OUTLOOKR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 50.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0.2 (x86 en-US)) (Version: 50.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.2.6177 - Mozilla) mp3Tag Pro 9.5 (HKLM-x32\...\mp3Tag Pro_is1) (Version: - ManiacTools.com) MSIChecker (x32 Version: 9.00.0000 - UPS) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.3.2 - MusicBrainz) NA1Messenger (x32 Version: 12.00.6000 - Your Company Name) Hidden NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.2.27.1 - NETGEAR Inc.) NETGEAR Powerline Utility (HKLM-x32\...\InstallShield_{2753B568-6F85-4E31-A114-A7F8D8606DDD}) (Version: 2.0.0.6 - NETGEAR Powerline) NETGEAR Powerline Utility (x32 Version: 2.0.0.6 - NETGEAR Powerline) Hidden Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.5 - ) NRF (x32 Version: 12.00.0000 - UPS) Hidden NTI DriveBackup! 4 (HKLM-x32\...\{651DF20A-B6D8-4C7A-BBD8-EBC5FC7CF1C1}) (Version: 4.8.35.0 - NewTech Infosystems) NTI Shadow 3 (HKLM-x32\...\{E9EB5689-4F76-4E3C-A675-5ED5F52AB890}) (Version: 3.8.2.59 - NewTech Infosystems) NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9739 - NVIDIA Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.6 - NVIDIA Corporation) NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation) NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation) Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Octoshape add-in for Adobe Flash Player) (Version: - ) ocxinstall (HKLM-x32\...\{1A2606DD-5E86-4ADA-954B-D98012A174E0}) (Version: 1.0.0.32 - apexis) OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation) OutlookTempCleaner (HKLM-x32\...\{6CBD7BE6-D9C7-4856-9B40-8C67037D1A72}) (Version: 1.2.0 - HowTo-Outlook) Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC) PDF reDirect (remove only) (HKLM-x32\...\PDF reDirect) (Version: v2.2.8 - EXP Systems LLC) PDFlite 1.0.0.0 (HKLM-x32\...\PDFlite) (Version: 1.0.0.0 - Amnis Technology Ltd) PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PolicyManager (x32 Version: 12.00.0000 - UPS) Hidden Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.) Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric) PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3405 - CyberLink Corp.) PowerDirector (x32 Version: 7.0.3405 - CyberLink Corp.) Hidden PreSonus Studio One 3 (HKLM-x32\...\PreSonus Studio One 3) (Version: 3.2.2.37876 - PreSonus Audio Electronics) PrimoPDF -- by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5.0.0.19 - Nitro PDF Software) PuTTY version 0.60 (HKLM-x32\...\PuTTY_is1) (Version: 0.60 - Simon Tatham) puzzle.watype.net/jigsawlite (HKLM-x32\...\net.watype.puzzle.jigsawlite.59CF40312C069B2E5F3F9C70D453B8E2C77D2E60.1) (Version: 0.18.2.20 - UNKNOWN) puzzle.watype.net/jigsawlite (x32 Version: 0.18.2 - UNKNOWN) Hidden PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6531 - Realtek Semiconductor Corp.) Reconciler (x32 Version: 12.00.0000 - UPS) Hidden RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 5.35 - NCH Software) Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden Recuva (HKLM\...\Recuva) (Version: 1.49 - Piriform) ReportServer (x32 Version: 12.00.0000 - Your Company Name) Hidden RoboForm 7-9-27-7 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-27-7 - Siber Systems) Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.) SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.) SecureTunnel Private Network (HKLM-x32\...\SecureTunnel Private Network 2.9.0) (Version: 2.9.0 - SecureTunnel.com) SecureTunnel Private Network (x32 Version: 2.9.0 - SecureTunnel.com) Hidden SiteSpinner Pro V2 (HKLM-x32\...\{8F2F5883-646E-472E-85B9-BBE5D6F37803}) (Version: 2.92.17 - Virtual Mechanics) Skype Web Plugin (HKLM-x32\...\{F6C18D35-D3EB-4AEA-B266-C2F11B6DB723}) (Version: 7.12.0.55 - Skype Technologies S.A.) Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.106 - Skype Technologies S.A.) SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: - NCH Software) StormPredator 3.6 (HKLM-x32\...\StormPredator_3.31) (Version: 3.6 - IntelliWeather, Inc) SupportUtility (x32 Version: 12.00.0000 - Your Company Name) Hidden System (x32 Version: 12.00.0000 - UPS) Hidden TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - ) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer) the LATEST VERSION OF THE GVJACKAPP (HKLM-x32\...\{GVJackAppUpdate-94F9C78F-EA53-45CA-B980-F3CBB199A2D5}_is1) (Version: - PCPhoneSoft.com) Tracks Live (HKLM\...\{7CDFC114-1808-4C24-B69C-9EE265F890FC}) (Version: 1.2 - Waves Audio) Ubuntu (HKLM-x32\...\Wubi) (Version: 12.04.1-rev273 - Ubuntu) UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.0.9.5 - uvnc bvba) UmmyVideoDownloader (HKLM-x32\...\{E028DBDA-EEE7-48A0-ADF7-D250589A02C5}_is1) (Version: 1.6.0.3 - ) <==== ATTENTION UnifiedPrinting (x32 Version: 12.00.0000 - UPS) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) UPS Thermal Printer Plugin - Version 8.10 (HKLM-x32\...\{BB2F9840-531D-4C8E-9F19-A101ECD9ABC0}) (Version: - ) UPS WorldShip (HKLM-x32\...\UPS WorldShip) (Version: 12.0 - UPS) UPSDB (x32 Version: 12.00.0000 - UPS) Hidden UPSICC (x32 Version: 1.0.0.16 - UPS) Hidden UPSlinkHTTP (x32 Version: 1.0.0.13 - UPS) Hidden UPSVCMM (x32 Version: 12.00.0000 - UPS) Hidden Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.) Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) VuePrint (HKLM-x32\...\VuePrint) (Version: - ) WebFilteringEngine (Version: 2.2.1.0 - Lavasoft) Hidden WebHelp (HKLM-x32\...\{8C5BD501-AD5D-4A75-9321-076509B438FC}) (Version: 1.00.0000 - UPS) Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) WinMerge 2.12.4 (HKLM-x32\...\WinMerge_is1) (Version: 2.12.4 - Thingamahoochie Software) WMA 9 Lossless to PCM Conversion Tool (HKLM-x32\...\wmal2pcm) (Version: - ) WorldShip (x32 Version: 12.00.0000 - UPS) Hidden ZebraNet Bridge 1_3_3 (HKLM-x32\...\{67A1CB41-3DCA-4872-9485-FFEDFF25C95C}) (Version: 1.3.302 - Zebra Technologies) ZyXEL PLA Series Utility (HKLM-x32\...\{65FB8889-07CF-4ECC-859D-927EA587A7C1}) (Version: 7.00.0004 - ZyXEL Communications Corp.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\ChromeHTML: -> <==== ATTENTION CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{147D75F3-19D5-4810-800D-7F50A02E8B60}\InprocServer32 -> C:\Users\Ron\AppData\Local\SkypePlugin\7.12.0.55\GatewayActiveX-x64.dll (Skype Technologies S.A.) CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {184C3844-9468-D082-12A8-3DE985889A47} => No File CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{B9BE850C-F3F7-48AD-BB5B-A0CDA0706DB5}\localserver32 -> C:\Users\Ron\AppData\Local\SkypePlugin\7.12.0.55\GatewayVersion-x64.exe (Skype Technologies S.A.) CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Ron\AppData\Local\SkypePlugin\7.12.0.55\EdgeCalling.exe (Skype Technologies S.A.) CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {40DE96E7-9468-D082-B106-AFB185889A47} => No File CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {018C8B41-7568-41E9-9B06-8F5E9EB86F21} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [2015-07-15] (File Type Advisor) Task: {0C45D057-3956-401D-9F80-E63391787284} - System32\Tasks\{DA0A0907-C0AE-4D7F-B317-61412A8F56F3} => pcalua.exe -a C:\Users\Ron\Desktop\setup.exe -d C:\Users\Ron\Desktop Task: {171EE4DF-0493-4CC0-A7E8-2C358D3D75E6} - System32\Tasks\{2CC58E79-14EC-4202-A6C7-D9D05FF2D1F7} => pcalua.exe -a C:\brodnt\HL-2170W\install\usa\inst\setup.exe -d C:\brodnt\HL-2170W\install\usa\inst Task: {1B617820-169F-4EFE-827B-E04640DD2476} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {1F7B9E04-3B56-42B4-9043-34B84CC81787} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxps://www.roboform.com/test-pass.html?aaa=KICMNJHMLJMMPMKJKMIMCNIMMJKJIMCNLMMJPMLJCNHMKJGMKMCNJMNMJMLJLJLJNJLJJJNJPMPMJNJICMIMCNGMCNNMIMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMNMOMLMJMJNHICMMJBJKJLIMJJNBJCMNKAJBJJNKJCMJNNICMJNDJCMKJBJJNMJCMOMFMH (the data entry has 44 more characters). Task: {35DE0D53-566B-4257-BEBD-8B51A6614734} - System32\Tasks\AutoUpdaterTask => C:\Program Files (x86)\Auto Updater\AutoUpdater.exe [2012-09-18] () Task: {38CA567C-8D38-43E6-B376-9AF18BB37898} - System32\Tasks\{526058CB-A3FC-4B49-9384-E0C6BE1A8B2D} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation) Task: {45E20403-D863-4A27-A7BA-BF5249F92389} - System32\Tasks\{3541A9E2-1605-4FAD-8F96-438748432F9D} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation) Task: {4C8D2E40-464C-44E8-83FA-51C607B604CE} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2017-02-19] (Siber Systems) Task: {4FD35115-73D5-4D26-B767-FBC93DD15F5C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated) Task: {58C0C529-BC37-4337-B0A0-C08B2F5FAF41} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {5A3CEBFD-A8F0-4858-9E07-7E5249B5E4C3} - System32\Tasks\HPCeeScheduleForRon => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07] (Hewlett-Packard) Task: {5D634D2E-FFBB-4D93-9563-138AB8F66FB0} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMNJHMLJMMPMKJKMIMCNIMMJKJIMCNLMMJPMLJCNHMKJGMKMCNJMNMJMLJLJLJNJLJJJNJPMPMJNJICMIMCNNMCNHMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMNKAJBJJNKJCMJNNICMJNDJCMKJBJ" Task: {68F6F88A-2670-4CF5-BFFF-2BFFFD14F2A4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1719432816-2042769076-3470656445-1001UA => C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-28] (Google Inc.) Task: {7078C9F7-1CC5-4BD6-B8A0-26C5241F6879} - System32\Tasks\{9CFD2462-2C82-4C34-B8B5-EB1925AA4EBA} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation) Task: {7CF7CFB7-D44C-46BB-B50B-297DF727E8D6} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.) Task: {7FC36B8F-7346-4E96-A201-FCB59358456C} - System32\Tasks\{280F04D4-7E1E-4FFB-8BA1-B9C9DF95ED4B} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2015-12-29] (Skype Technologies S.A.) Task: {82362E66-1F65-4AF2-95C9-7BB25D4B760E} - System32\Tasks\{52A341EC-FFC4-4969-B3CB-D11F0D781F43} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe" -c /AppMode=SETUP /Uninstall Task: {8FBDA4A1-2911-4DA6-8505-2E6C550E3071} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.) Task: {9E191FCE-73EA-4502-8B5B-589C3880DF87} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.) Task: {9EFA47FE-7763-46CB-B61B-85A5BEB2778E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {B5DB96E3-56F6-4106-AA61-09346EC76FB5} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe Task: {CB06BE51-9DF6-46F8-9035-B07468322293} - System32\Tasks\{56023160-B799-4645-B063-AFFAE4234881} => pcalua.exe -a E:\setup.exe -d E:\ Task: {D3F54BCA-642F-4313-84B8-40C3C67C730D} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-01-16] () Task: {E8025BB0-CA5C-474B-9310-02A9A80C789C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1719432816-2042769076-3470656445-1001Core => C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-28] (Google Inc.) Task: {E94BAD03-5685-4E6D-B696-EA09F280530F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe Task: {EEDEE430-FBEC-4D69-B2A5-C0A9BA413A68} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd) Task: {F16515E8-06F1-4EA1-823C-BB85BCBA892E} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Ron) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe Task: {F52D2128-CD63-4D46-9204-4470FEE35DD5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-13] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForRon.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe 5-fh scripts\monthly.xml Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Ron).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Ron\images\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm Shortcut: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co ==================== Loaded Modules (Whitelisted) ============== 2008-08-04 23:07 - 2008-08-04 23:07 - 00064704 _____ () C:\Windows\System32\PDFreDirectMon64.dll 2010-03-24 23:13 - 2009-07-30 18:58 - 00090624 _____ () C:\Windows\System32\Primomonnt.dll 2011-06-18 14:27 - 2005-03-11 17:07 - 00087040 _____ () C:\Windows\System32\redmonnt.dll 2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2010-03-12 12:54 - 2005-04-22 13:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll 2017-01-13 12:10 - 2017-01-13 12:10 - 00052400 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2012-10-16 06:54 - 2012-10-16 06:54 - 01041736 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe 2009-12-01 21:36 - 2009-12-01 21:36 - 00024576 _____ () C:\UPS\WSTD\UPSNA1Msgr.exe 2009-12-01 21:39 - 2011-03-09 01:49 - 00422912 _____ () C:\UPS\WSTD\WSTDMessaging.exe 2012-09-24 23:06 - 2012-09-24 23:06 - 00122696 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe 2016-12-15 13:05 - 2016-12-15 13:05 - 09533688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareTray.exe 2016-12-15 13:06 - 2016-12-15 13:06 - 03713272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\RCF.dll 2016-12-15 13:06 - 2016-12-15 13:06 - 00145144 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_filesystem-vc140-mt-1_61.dll 2016-12-15 13:06 - 2016-12-15 13:06 - 00030968 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_system-vc140-mt-1_61.dll 2016-12-15 13:06 - 2016-12-15 13:06 - 00067832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_date_time-vc140-mt-1_61.dll 2016-12-15 13:06 - 2016-12-15 13:06 - 00733432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_log-vc140-mt-1_61.dll 2016-12-15 13:06 - 2016-12-15 13:06 - 00039672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_chrono-vc140-mt-1_61.dll 2016-12-15 13:06 - 2016-12-15 13:06 - 00122104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_thread-vc140-mt-1_61.dll 2016-12-15 13:06 - 2016-12-15 13:06 - 00525048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_locale-vc140-mt-1_61.dll 2016-12-15 13:05 - 2016-12-15 13:05 - 02479864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\HtmlFramework.dll 2016-12-15 13:05 - 2016-12-15 13:05 - 00871672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareTrayDefaultSkin.dll 2012-05-10 23:24 - 2012-05-10 23:24 - 02537472 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtCore4.dll 2012-05-09 19:34 - 2012-05-09 19:34 - 00011362 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\mingwm10.dll 2012-05-09 19:34 - 2012-05-09 19:34 - 00043008 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll 2012-05-10 23:24 - 2012-05-10 23:24 - 09814016 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtGui4.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 00478720 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 01553408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll 2012-05-10 23:24 - 2012-05-10 23:24 - 01140224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtNetwork4.dll 2012-05-10 23:24 - 2012-05-10 23:24 - 00399360 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtXml4.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 00229888 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 01062400 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll 2012-10-16 18:41 - 2012-10-16 18:41 - 03775488 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 00500736 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 00186368 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 01132032 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 08295424 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 01188352 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 00088064 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 00641536 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 00920064 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 00438272 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll 2012-05-10 23:24 - 2012-05-10 23:24 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif4.dll 2012-05-10 23:24 - 2012-05-10 23:24 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico4.dll 2012-05-10 23:24 - 2012-05-10 23:24 - 00287232 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg4.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 00150528 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll 2012-09-24 23:06 - 2012-09-24 23:06 - 01233389 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 00082432 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.DLL 2012-10-11 17:57 - 2012-10-11 17:57 - 00083968 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 00138752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 00702464 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 00504832 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 00116224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll 2012-10-11 17:57 - 2012-10-11 17:57 - 00076288 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll 2017-01-13 13:56 - 2017-01-13 13:56 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2016-09-01 17:13 - 2016-09-01 17:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2017-01-13 13:56 - 2017-01-13 13:56 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll 2009-12-01 21:36 - 2009-12-01 21:36 - 00045056 _____ () C:\UPS\WSTD\PolicyMgr\UPS.Components.NA1MessengerServer.dll 2009-12-01 19:34 - 2009-12-01 19:34 - 00018944 _____ () C:\UPS\WSTD\UPSResourceManager.dll 2009-12-01 21:37 - 2009-12-01 21:37 - 00053248 _____ () C:\UPS\WSTD\PolicyMgr\UPS.Components.PolicyHolder.dll 2009-12-01 21:37 - 2009-12-01 21:37 - 00024576 _____ () C:\UPS\WSTD\PolicyMgr\Microsoft.ApplicationBlocks.Data.dll 2017-02-07 17:14 - 2017-02-06 21:48 - 00801600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll 2015-12-11 17:57 - 2017-01-13 16:53 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2015-12-11 17:57 - 2017-01-13 16:53 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2015-12-11 17:57 - 2017-01-13 16:53 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2015-12-11 17:57 - 2017-02-06 21:50 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2015-12-11 17:57 - 2017-01-13 16:53 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2017-02-07 17:14 - 2017-02-06 21:50 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2015-12-11 17:57 - 2017-01-13 16:54 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2017-02-07 17:14 - 2017-02-06 21:50 - 01682768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2017-02-07 17:14 - 2017-02-06 21:50 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2017-02-07 17:14 - 2017-01-13 16:53 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2017-02-07 17:14 - 2017-01-13 16:54 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd 2017-02-07 17:14 - 2017-01-13 16:53 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2015-12-11 17:57 - 2017-01-13 16:56 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2016-08-05 09:54 - 2017-02-06 21:50 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd 2017-02-07 17:14 - 2017-02-06 21:50 - 00052544 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2017-02-07 17:14 - 2017-02-06 21:50 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2017-02-07 17:14 - 2017-01-13 16:53 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2017-02-07 17:14 - 2017-01-13 16:56 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2015-12-11 17:57 - 2017-01-13 16:56 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2015-12-11 17:57 - 2017-01-13 16:57 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2015-12-11 17:57 - 2017-02-06 21:50 - 00381760 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2015-12-11 17:57 - 2017-01-13 16:56 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2016-08-05 09:54 - 2017-02-06 21:50 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd 2015-12-11 17:57 - 2017-01-13 16:56 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2015-12-11 17:57 - 2017-01-13 16:56 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2015-12-11 17:57 - 2017-01-13 16:57 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2015-12-11 17:57 - 2017-01-13 16:57 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2015-12-11 17:57 - 2017-01-13 16:57 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2015-12-11 17:57 - 2017-01-13 16:56 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd 2015-12-11 17:57 - 2017-01-13 16:57 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2017-02-07 17:14 - 2017-02-06 21:50 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd 2017-02-07 17:14 - 2017-02-06 21:50 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd 2016-08-05 09:54 - 2017-01-13 16:55 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd 2017-02-07 17:14 - 2017-02-06 21:50 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2015-12-11 17:57 - 2017-01-13 16:57 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2017-02-07 17:14 - 2017-02-06 21:50 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2015-12-11 17:57 - 2017-01-13 16:54 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2017-02-07 17:14 - 2017-02-06 21:50 - 01972536 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2017-02-07 17:14 - 2017-02-06 21:50 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2017-02-07 17:14 - 2017-02-06 21:50 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2015-12-11 17:57 - 2017-02-06 21:50 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2017-02-07 17:14 - 2017-02-06 21:50 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2017-02-07 17:14 - 2017-02-06 21:50 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2017-02-07 17:14 - 2017-02-06 21:50 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2017-01-23 14:00 - 2017-02-06 21:50 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd 2017-01-23 14:00 - 2017-02-06 21:50 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd 2017-01-23 14:00 - 2017-02-06 21:50 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd 2017-01-23 14:00 - 2017-02-06 21:50 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd 2015-12-11 17:57 - 2017-01-13 16:57 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2016-02-12 03:03 - 2017-02-06 21:50 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd 2017-02-07 17:14 - 2017-02-06 21:50 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2017-02-07 17:14 - 2017-01-13 16:51 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2017-02-07 17:14 - 2017-02-06 21:50 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2017-02-07 17:14 - 2017-01-13 17:02 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll 2017-02-07 17:14 - 2017-01-13 17:02 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll 2017-02-07 17:14 - 2017-02-06 21:50 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd 2017-02-07 17:14 - 2017-02-06 21:50 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd 2017-02-07 17:14 - 2017-02-06 21:50 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd 2015-12-11 17:57 - 2017-01-13 16:57 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd 2016-08-05 09:54 - 2017-02-06 21:50 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd 2017-02-07 17:14 - 2017-02-06 21:50 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd 2015-11-11 15:11 - 2017-01-13 17:04 - 00697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll 2010-03-12 12:54 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2016-06-01 13:39 - 2016-06-01 13:39 - 00439480 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll 2016-06-01 13:39 - 2016-06-01 13:39 - 00321208 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll 2015-11-11 03:41 - 2015-11-11 03:41 - 00756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL 2017-02-06 13:30 - 2017-02-01 02:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll 2017-02-06 13:30 - 2017-02-01 02:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Classes\.exe: => <===== ATTENTION HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Classes\.scr: => <===== ATTENTION HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Classes\.bat: => <===== ATTENTION HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Classes\.com: => <===== ATTENTION HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Classes\.cmd: => <===== ATTENTION HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Classes\.reg: => <===== ATTENTION ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\member-data.com -> hxxps://www.member-data.com ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-04-26 20:36 - 2013-08-22 14:56 - 00000410 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 255.255.255.255 broadcasthost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AgereModemAudio => 2 MSCONFIG\Services: APC Data Service => 2 MSCONFIG\Services: APC UPS Service => 2 MSCONFIG\Services: Apple Mobile Device Service => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: BRA_Scheduler => 2 MSCONFIG\Services: dbupdate => 2 MSCONFIG\Services: dbupdatem => 3 MSCONFIG\Services: DbxSvc => 2 MSCONFIG\Services: GameConsoleService => 3 MSCONFIG\Services: Garmin Device Interaction Service => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: hpqwmiex => 3 MSCONFIG\Services: IDriverT => 3 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: LavasoftAdAwareService11 => 2 MSCONFIG\Services: LightScribeService => 2 MSCONFIG\Services: LMIGuardianSvc => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: nvsvc => 2 MSCONFIG\Services: nvUpdatusService => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: TeamViewer => 2 MSCONFIG\Services: WSWUSB6300 => 2 ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{04CFBCA5-D46F-4261-AF05-054C15FEA067}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE FirewallRules: [{CF3F4ACC-ECD5-462C-B096-B9AA9AD48612}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{02BE86F2-D561-42A0-AFF3-F123A0B12779}] => (Allow) svchost.exe FirewallRules: [{FA059FB8-007D-4D10-A57C-CC0DC49699D3}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe FirewallRules: [TCP Query User{96E0F301-D6AF-4D3D-B7B4-9CB51499FA9B}C:\program files (x86)\hewlett-packard\hp media vault pro\hpmvtray.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp media vault pro\hpmvtray.exe FirewallRules: [uDP Query User{D4E22FA9-D054-4F1C-8CE2-34EEFB651F6C}C:\program files (x86)\hewlett-packard\hp media vault pro\hpmvtray.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp media vault pro\hpmvtray.exe FirewallRules: [TCP Query User{53F41E42-E181-4A21-9590-E46DB8A5A190}C:\program files (x86)\hewlett-packard\hp media vault pro\nascfg.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp media vault pro\nascfg.exe FirewallRules: [uDP Query User{745AB414-2463-4574-B036-8EFA75FBFA22}C:\program files (x86)\hewlett-packard\hp media vault pro\nascfg.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp media vault pro\nascfg.exe FirewallRules: [{A5CA82CD-A30D-4D0D-BC53-AFDFF78FDE3B}] => (Allow) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe FirewallRules: [{B3EA48C0-18EF-460F-8101-8B0AF4C13CA8}] => (Allow) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe FirewallRules: [{EBAF833E-9F01-4B24-99B2-EF4647509BA3}] => (Allow) LPort=1434 FirewallRules: [{E4120D3E-A9C6-4892-B966-264C6BC48A67}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe FirewallRules: [{9899B5CC-1AC4-4253-B36C-D2A27E7D796B}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe FirewallRules: [{77F7158E-CEF0-41E4-BEA6-CF042B55A7BA}] => (Allow) LPort=54925 FirewallRules: [{F9AC21CC-ABFB-46E9-9142-C422AD900BD8}] => (Allow) LPort=2869 FirewallRules: [{AF9F98ED-72A3-4D41-BEE5-9A5921F0D6C8}] => (Allow) LPort=1900 FirewallRules: [{121C20F9-71F5-4E8F-BD65-86309D27865E}] => (Allow) C:\Program Files\UltraVNC\vncviewer.exe FirewallRules: [{C845D225-7045-4CB8-AAF6-4C19AE653FA6}] => (Allow) C:\Program Files\UltraVNC\vncviewer.exe FirewallRules: [{58967C13-CDF9-4F3E-97D2-D1DED470D1FA}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe FirewallRules: [{5EDA4F80-FD2D-49B5-9409-AB6412D13910}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe FirewallRules: [{84CAE729-C8E8-4B5B-B202-4F9A88BBF192}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe FirewallRules: [{EEDD2655-0487-4562-83BB-F92117D01005}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe FirewallRules: [{7FCC12D4-2597-4725-AFAE-47EA39AE5769}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe FirewallRules: [{125DD76A-7F2C-4637-A34B-28AE6BBAC108}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe FirewallRules: [{4B3E40A2-5249-44A5-80C2-5489728F1408}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe FirewallRules: [{D9AC19C1-0DAD-45FA-A6B5-6F5689434355}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe FirewallRules: [{B74BF052-ABE8-4877-B1F1-2FD1395213AC}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe FirewallRules: [{BB9E8922-E01B-4497-BAB6-BA0DE0DB1363}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe FirewallRules: [{1575BDC3-DF99-4EC0-91D8-1603AD9B0E67}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe FirewallRules: [{8B2BAFE7-F941-44F1-8D55-8D2C80E66CE7}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe FirewallRules: [{41C7AE45-BAD3-4A6F-AFC4-5CC0FF1510C7}] => (Allow) LPort=24726 FirewallRules: [{96402590-1298-4881-846A-F7EB65EF211B}] => (Allow) LPort=24727 FirewallRules: [{CF4E4349-0AFF-4356-93E1-178C84805906}] => (Allow) svchost.exe FirewallRules: [{EAA09862-6215-482A-B8A2-A6C7C83F23AC}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe FirewallRules: [TCP Query User{B249BE15-7982-4ACA-8447-C4F896C7997D}C:\windows\syswow64\ipcamera.exe] => (Allow) C:\windows\syswow64\ipcamera.exe FirewallRules: [uDP Query User{BF8F1B0C-8CD1-48B1-A22A-777DF22F1B88}C:\windows\syswow64\ipcamera.exe] => (Allow) C:\windows\syswow64\ipcamera.exe FirewallRules: [TCP Query User{22FF9D9F-11F8-499A-8B51-A68B23F4DC03}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [uDP Query User{94364BE9-2099-4CE7-BFEF-F83A8B6B1DFC}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [TCP Query User{FF22984D-FC8C-4728-B939-96B73E0276A9}C:\program files (x86)\samsung\intelli-studio\istudio.exe] => (Block) C:\program files (x86)\samsung\intelli-studio\istudio.exe FirewallRules: [uDP Query User{1006FE27-8BC6-4D74-BA72-A5BF703774BF}C:\program files (x86)\samsung\intelli-studio\istudio.exe] => (Block) C:\program files (x86)\samsung\intelli-studio\istudio.exe FirewallRules: [{B73FA5C0-B373-4929-B790-DF3A59970FE2}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe FirewallRules: [{AB15C78D-3377-475E-A700-3768463CCFF6}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe FirewallRules: [{0C5953A3-404B-48CF-AC3D-36B2F74079C3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{65AEBF1F-2B29-4B47-AE8E-3D653EAFF55C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{E4E747B7-FA5C-453E-B4DD-B9F7272188D3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{C624922B-2A83-496A-B626-D0B3AD93FC82}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{DE027B55-E711-4D09-97BA-B103C7238FF7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{EB32C7CE-C687-4FF6-B3EB-B615F6A381DF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{0F9D9F04-614F-4A7E-958A-59F422F756D0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{4B3071DE-6D84-4271-B303-770B2C3D3B39}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{91BD0D73-8E06-4F8F-93F5-205738B06BCA}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe FirewallRules: [{2902C0CE-9285-498E-ACCB-3B3FAE66530E}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe FirewallRules: [{E36AFE51-4C82-4EDA-B626-F17326893986}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe FirewallRules: [{1B7919B3-BEBB-421C-9019-7CCE21C37F8A}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe FirewallRules: [{727E9DD5-A32C-418E-9C18-3C88F0D5B27C}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe FirewallRules: [{DD32FDDC-EE86-46F5-A917-5D1494C338E7}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe FirewallRules: [{63E501F5-CBD5-458C-94FF-97F93EF55289}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe FirewallRules: [{109A1587-7F54-49AC-97B6-A677BACF145D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{34D57141-8198-452A-8C4C-545989FE1BCF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{57019B5F-F3C3-4987-83D0-20078E3E80CB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{6C809256-F108-4F94-94DB-6C37A8407BBD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{5E2B95F8-5265-4AAF-8A6D-05F7ADEB4C0C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{53D9A3E1-C3C9-4047-B990-E8643367EE8F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{E09EE821-C50D-4C5A-B645-C4D5B95CB311}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{BC13EABF-79A6-40EB-8457-9BB3AA57130F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{EC33304A-89A8-477B-9766-EAFC22B367FF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{BA2DAC2C-6E7B-4EF7-B306-554D8B3D161D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{234154C8-8698-482D-BDF4-9DD665CB03E2}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{6FE39A68-60CC-4A90-9993-6642BCB6FA83}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{9644C4AA-1CDB-43E5-AC42-1B991B935B3D}] => (Allow) C:\Users\Ron\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{08A19798-139F-46E4-82B4-27E6161ED1BC}] => (Allow) C:\Users\Ron\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{FFAFD776-7CF2-4644-9B06-F40778DADA97}] => (Allow) C:\Users\Ron\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{EF9903A1-EB6D-46EA-B231-8E2EF08169F5}] => (Allow) C:\Users\Ron\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{98DED0C1-5934-4C91-BC20-DA050893EDA5}] => (Allow) C:\Users\Ron\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{F429B5AF-9034-4A9B-98EA-B0A9F8DB2377}] => (Allow) C:\Users\Ron\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [TCP Query User{58829809-6052-4801-9F84-F51F3DB7D882}C:\program files (x86)\zebralink\zebranet bridge\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\zebralink\zebranet bridge\jre\bin\javaw.exe FirewallRules: [uDP Query User{6211E949-E850-4C49-8FF8-3A28FAD9A819}C:\program files (x86)\zebralink\zebranet bridge\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\zebralink\zebranet bridge\jre\bin\javaw.exe FirewallRules: [TCP Query User{63F4F807-1D24-442A-94BC-39FF19A77785}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [uDP Query User{3F1C97F7-306F-4F22-947D-2303C282BF62}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [TCP Query User{A4285092-38F4-4068-9DF2-32EEF72A6943}C:\mamp\bin\apache\bin\httpd.exe] => (Allow) C:\mamp\bin\apache\bin\httpd.exe FirewallRules: [uDP Query User{F96AE503-12BD-4681-B331-37D7B701D20A}C:\mamp\bin\apache\bin\httpd.exe] => (Allow) C:\mamp\bin\apache\bin\httpd.exe FirewallRules: [TCP Query User{E8D1ECE3-C62A-4A51-8D3C-EE2697173DAA}C:\mamp\bin\mysql\bin\mysqld.exe] => (Allow) C:\mamp\bin\mysql\bin\mysqld.exe FirewallRules: [uDP Query User{19CB9674-82E0-41E9-BBEE-A8FCBEC9B614}C:\mamp\bin\mysql\bin\mysqld.exe] => (Allow) C:\mamp\bin\mysql\bin\mysqld.exe FirewallRules: [{22E5D8EF-CD8C-4849-BF01-190C6D90BB37}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{88CB1EA0-AD13-4286-9A40-63347529240C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{B94F20FB-6F7B-4827-BED3-B668CEBC1E9E}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\NASCfg.exe] => Enabled:HP Media Vault Configuration DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\NASDriveMapper.exe] => Enabled:HP Media Vault DriveMapper DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\HPMVTray.exe] => Enabled:HP Media Vault Monitor DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\NASSelector.exe] => Enabled:HP Media Vault Selector StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\NASDriveMapper.exe] => Enabled:HP Media Vault DriveMapper StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\NASCfg.exe] => Enabled:HP Media Vault Configuration StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\HPMVTray.exe] => Enabled:HP Media Vault Monitor StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\NASSelector.exe] => Enabled:HP Media Vault Selector ==================== Restore Points ========================= 14-02-2017 11:54:42 AA11 22-02-2017 00:21:26 Scheduled Checkpoint 22-02-2017 13:37:41 Windows Update ==================== Faulty Device Manager Devices ============= Name: SBRE Description: SBRE Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: SBRE Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: BitDefender Firewall NDIS 6 Filter Driver Description: BitDefender Firewall NDIS 6 Filter Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: BdfNdisf Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: bdftdif Description: bdftdif Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: bdftdif Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (02/22/2017 11:23:57 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 11.0.9600.18538 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: e5c Start Time: 01d28d29392a80a0 Termination Time: 0 Application Path: C:\Program Files\Internet Explorer\iexplore.exe Report Id: Error: (02/22/2017 09:31:37 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iCloudDrive.exe, version: 1.6.10.167, time stamp: 0x58791a03 Faulting module name: iCloudDrive_main.dll, version: 1.6.10.167, time stamp: 0x587e6920 Exception code: 0xc0000005 Fault offset: 0x0010025c Faulting process id: 0x7b4 Faulting application start time: 0x01d28d28c2cef8f0 Faulting application path: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe Faulting module path: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive_main.dll Report Id: 612cfe70-f91c-11e6-8e85-90e6ba591fe0 Error: (02/22/2017 09:26:51 AM) (Source: DbxSvc) (EventID: 320) (User: ) Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified. Error: (02/22/2017 09:18:33 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 11.0.9600.18538 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 3334 Start Time: 01d28d2331c01790 Termination Time: 0 Application Path: C:\Program Files\Internet Explorer\iexplore.exe Report Id: Error: (02/20/2017 01:00:01 AM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006). Error: (02/18/2017 10:16:51 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program SiteSpinnerProV2.exe version 2.9.2.17 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1fa0 Start Time: 01d28a549d3c0118 Termination Time: 63 Application Path: C:\Program Files (x86)\Virtual Mechanics\SiteSpinner Pro V2\bin\SiteSpinnerProV2.exe Report Id: 8e605e59-f662-11e6-8fe7-90e6ba591fe0 Error: (02/17/2017 10:58:49 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.7601.17610, time stamp: 0x4dc0c63a Faulting module name: mspst32.dll_unloaded, version: 0.0.0.0, time stamp: 0x511ab2ea Exception code: 0xc0000005 Fault offset: 0x6e986515 Faulting process id: 0x2690 Faulting application start time: 0x01d289abe8433810 Faulting application path: C:\Windows\sysWow64\SearchProtocolHost.exe Faulting module path: mspst32.dll Report Id: 50ff13b0-f59f-11e6-8fe7-90e6ba591fe0 Error: (02/16/2017 02:11:49 PM) (Source: Microsoft Office 12) (EventID: 2001) (User: ) Description: Rejected Safe Mode action : Microsoft Office Outlook. Error: (02/15/2017 12:24:16 PM) (Source: DbxSvc) (EventID: 320) (User: ) Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified. Error: (02/14/2017 12:05:16 PM) (Source: DbxSvc) (EventID: 320) (User: ) Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified. System errors: ============= Error: (02/22/2017 09:28:57 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 20. Error: (02/22/2017 05:25:32 PM) (Source: DCOM) (EventID: 10000) (User: ) Description: Unable to start a DCOM Server: {5F246A9A-A919-11D3-AB60-00C04FA3014E}. The error: "740" Happened while starting this command: C:\Program Files (x86)\Photoshop6.0\Photoshp.exe -Embedding Error: (02/22/2017 09:46:53 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {9E6E74C7-0E85-4D14-8851-7635E2C1C528} did not register with DCOM within the required timeout. Error: (02/22/2017 09:28:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (02/22/2017 09:27:08 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: BdfNdisf bdftdif cdrom SBRE Error: (02/22/2017 08:50:10 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 40. Error: (02/21/2017 08:58:01 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {9E6E74C7-0E85-4D14-8851-7635E2C1C528} did not register with DCOM within the required timeout. Error: (02/20/2017 10:12:19 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 20. Error: (02/20/2017 07:17:06 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {9E6E74C7-0E85-4D14-8851-7635E2C1C528} did not register with DCOM within the required timeout. Error: (02/19/2017 05:17:06 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {9E6E74C7-0E85-4D14-8851-7635E2C1C528} did not register with DCOM within the required timeout. CodeIntegrity: =================================== Date: 2015-08-03 17:53:44.366 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-08-03 17:53:44.354 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-08-03 17:53:44.337 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-08-03 17:53:44.321 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-08-03 17:53:44.240 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-08-03 17:53:44.233 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-08-03 17:53:44.227 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-08-03 17:53:44.221 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-08-03 17:53:43.443 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-08-03 17:53:43.428 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. ==================== Memory info =========================== Processor: AMD Athlon II X2 240 Processor Percentage of memory in use: 83% Total physical RAM: 3839.3 MB Available physical RAM: 648.63 MB Total Virtual: 12837.49 MB Available Virtual: 8020.92 MB ==================== Drives ================================ Drive c: (COMPAQ) (Fixed) (Total:455.94 GB) (Free:251.17 GB) NTFS Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.72 GB) (Free:1.42 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 1549F232) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=455.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=9.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  12. more info on this issue: After clearing the fake error message popup from my desktop (deleted IE temporary files, did end task on several instances in Task manager) I resumed web browsing. Shortly after logging into PrizeGrab.com the popups returned. I noticed a url listed in Task Manager applications window next to listing for the offending IE explorer popup windows. That url is pomonalick.com. I hope Lavasoft can add that to blocked domains. Ron
  13. This morning I came to my Win7 desktop pc to find what sounds like the hard drive or perhaps the fan cycling. The computer appeared to operate normally except I got a Windows warning about no security software running. Sure nuff, the Ad-Aware icon was missing from the system tray. By this time IE had loaded and soon after I got a large popup and an audio announcement to the effect that Microsoft had detected malware that was stealing my data and to call a toll free number. This was clearly bogus which I confirmed in a google search on another computer. I opened up the Ad-Aware software from the "search programs and files" feature on the Start menu. only to get a "Service Unavailable" message and "Adaware not Activated" status. Following suggestions on Google, I cleared my IE browser temporary files to get rid of the bogus error popup messages. I rebooted Win 7. I am still unable to turn on Ad-Aware protection. I still get the "service unavailable" message. The hard drive/fan cycling has settled down. Any ideas? I have the free version of Ad-Aware... should be the latest version (11?) Need info to restore Ad-Aware