Sign in to follow this  
ronlee67

Fake popup 268D3 error may have disabled AdAware?

Recommended Posts

This morning I came to my Win7 desktop pc to find what sounds like the hard drive or perhaps the fan cycling. The computer appeared to operate normally except I got a Windows warning about no security software running. Sure nuff, the Ad-Aware icon was missing from the system tray. By this time IE had loaded and soon after I got a large popup and an audio announcement to the effect that Microsoft had detected malware that was stealing my data and to call a toll free number. This was clearly bogus which I confirmed in a google search on another computer.

 

I opened up the Ad-Aware software from the "search programs and files" feature on the Start menu. only to get a "Service Unavailable" message and "Adaware not Activated" status.

 

Following suggestions on Google, I cleared my IE browser temporary files to get rid of the bogus error popup messages. I rebooted Win 7. I am still unable to turn on Ad-Aware protection. I still get the "service unavailable" message. The hard drive/fan cycling has settled down.

 

Any ideas? I have the free version of Ad-Aware... should be the latest version (11?)

 

Need info to restore Ad-Aware

Share this post


Link to post
Share on other sites

more info on this issue:

After clearing the fake error message popup from my desktop (deleted IE temporary files, did end task on several instances in Task manager) I resumed web browsing.

 

Shortly after logging into PrizeGrab.com the popups returned. I noticed a url listed in Task Manager applications window next to listing for the offending IE explorer popup windows. That url is pomonalick.com. I hope Lavasoft can add that to blocked domains.

 

Ron

Share this post


Link to post
Share on other sites

Hi Ron,

 

It seems that you've malware or adware in the computer that has blocked or damaged Ad-Aware. Please, to get help with cleaning your computer follow the instructions in the topic Read This Before You Post! and I will move your topic to the forum Help with Stubborn Infections.

Share this post


Link to post
Share on other sites


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017

Ran by Ron (administrator) on SEMICHI (23-02-2017 06:50:50)

Running from C:\Users\Ron\Desktop

Loaded Profiles: Ron (Available Profiles: Ron & LogMeInRemoteUser & Test & UpdatusUser & Employee Access)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal



==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Microsoft Corporation) C:\Windows\System32\CISVC.EXE

(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe

(Microsoft Corporation) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe

(Microsoft Corporation) C:\Program Files (x86)\MICROSOFT SQL SERVER\90\Shared\sqlbrowser.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

() C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe

(Google) C:\Users\Ron\AppData\Roaming\Google\Google Talk\googletalk.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe

(Gadwin Systems) C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen64.exe

(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

(Tethys Solutions, LLC) C:\Program Files (x86)\Launch-n-Go\HotKey.exe

(Tethys Solutions, LLC) C:\Program Files (x86)\Launch-n-Go\HotKey.exe

() C:\UPS\WSTD\UPSNA1Msgr.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe

() C:\UPS\WSTD\WSTDMessaging.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe

(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe

(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe

(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareTray.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(Microsoft Corporation) C:\Windows\System32\calc.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe

(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe


==================== Registry (Whitelisted) ====================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [seagull Drivers] => ssdal_nc.exe startup

HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.)

HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2010-09-17] (LogMeIn, Inc.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2016-03-26] (Apple Inc.)

HKLM-x32\...\Run: [NortonOnlineBackupReminder] => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

HKLM-x32\...\Run: [NA1Messenger] => C:\UPS\WSTD\UPSNA1Msgr.exe [24576 2009-12-01] ()

HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)

HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)

HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26220296 2017-02-06] (Dropbox, Inc.)

HKLM-x32\...\Run: [DLSService] => C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe [55808 2009-09-29] (Sanford, L.P.)

HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)

HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [brMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2017-01-13] (Apple Inc.)

HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)

HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-04-01] (Google Inc.)

HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1041736 2012-10-16] ()

HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)

HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-01-17] (Apple Inc.)

HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-01-17] (Apple Inc.)

HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [googletalk] => C:\Users\Ron\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)

HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [Google Update] => C:\Users\Ron\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)

HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)

HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [eM Client] => "C:\Program Files (x86)\eM Client\MailClient.exe" /startup

HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [eFax 4.4] => "C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" /R

HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)

HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-01-17] (Apple Inc.)

HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1084688 2016-04-21] (Apple Inc.)

HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [Gadwin PrintScreen (64-bit)] => C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen64.exe [14439584 2014-10-15] (Gadwin Systems)

HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2017-02-19] (Siber Systems)

HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\MountPoints2: {b0312b54-e9fc-11e4-beed-90e6ba591fe0} - F:\autorun.exe

HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\MountPoints2: {ecfc6d99-6036-11e2-bea1-90e6ba591fe0} - F:\iStudio.exe

HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\MountPoints2: {ecfc6fce-6036-11e2-bea1-90e6ba591fe0} - F:\iLinker.exe

HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)

ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2016-02-22]

ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2013-06-19]

ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launch-n-Go Hotkeys.lnk [2010-04-30]

ShortcutTarget: Launch-n-Go Hotkeys.lnk -> C:\Program Files (x86)\Launch-n-Go\HotKey.exe (Tethys Solutions, LLC)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-06-09]

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (No File)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk [2009-11-12]

ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk [2010-03-11]

ShortcutTarget: UPS WorldShip Messaging Utility.lnk -> C:\UPS\WSTD\WSTDMessaging.exe ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk [2010-03-11]

ShortcutTarget: UPS WorldShip PLD Reminder Utility.lnk -> C:\UPS\WSTD\wstdPldReminder.exe (UPS)

Startup: C:\Users\Employee Access\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2013-11-14]

ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk [2012-07-12]

ShortcutTarget: eFax 4.4.lnk -> C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe (No File)

Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2012-03-29]

ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OUTLOOK.EXE - Shortcut.lnk [2016-09-12]

ShortcutTarget: OUTLOOK.EXE - Shortcut.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

Tcpip\..\Interfaces\{0E97319C-1499-443F-8DA1-F948B1EEF128}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Tcpip\..\Interfaces\{54A572E2-5771-4B92-B793-AB9A69B0E820}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Tcpip\..\Interfaces\{EC8C1B85-DABD-4F8E-B5DF-520CE2B95ECA}: [DhcpNameServer] 192.168.1.1


Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM -> {07FD3917-1596-4165-9C39-D78089ED0FD1} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd

SearchScopes: HKLM -> {BA2C68D5-0C58-4043-8FC8-7AC3A4725332} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> {07FD3917-1596-4165-9C39-D78089ED0FD1} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd

SearchScopes: HKLM-x32 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZXxdm039YYus&ptnrS=ZXxdm039YYus&si=radiopi&ptb=3FAA0180-EFBD-4D7E-9EBC-C5E277999B41&ind=2012072513&n=77edca41&psa=&st=sb&searchfor={searchTerms}

SearchScopes: HKLM-x32 -> {BA2C68D5-0C58-4043-8FC8-7AC3A4725332} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox

SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {07FD3917-1596-4165-9C39-D78089ED0FD1} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd

SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&AF=109930&babsrc=SP_ss&mntrId=64107edb000000000000c0c1c06054e4

SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZXxdm039YYus&ptnrS=ZXxdm039YYus&si=radiopi&ptb=3FAA0180-EFBD-4D7E-9EBC-C5E277999B41&ind=2012072513&n=77edca41&psa=&st=sb&searchfor={searchTerms}

SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=03F6F03584CC89083BDED950C8082D4F&q={searchTerms}

SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {7C560F43-CF86-4D10-BF85-D534839184F1} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3209604

SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {831AD50D-2C35-4C64-8FEE-E154A489B122} URL = hxxp://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1

SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {8816804E-C5E1-411B-ACCC-DEB9C0021740} URL =

SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {BA2C68D5-0C58-4043-8FC8-7AC3A4725332} URL =

BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-02-19] (Siber Systems Inc.)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)

BHO-x32: Ad-Aware Security Add-on -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} -> C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll [2013-08-09] ()

BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-02-19] (Siber Systems Inc.)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-19] (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-06-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-19] (Oracle Corporation)

Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-02-19] (Siber Systems Inc.)

Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2013-06-19] (LastPass)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)

Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)

Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-02-19] (Siber Systems Inc.)

Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2013-06-19] (LastPass)

Toolbar: HKLM-x32 - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll [2013-08-09] ()

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)

Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-02-19] (Siber Systems Inc.)

Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)

Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> No Name - {B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} - No File

Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab

DPF: HKLM-x32 {106E49CF-797A-11D2-81A2-00E02C015623} hxxp://www.alternatiff.com/distribution/alternatiff-ax-w32-2.0.4.cab

DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB

DPF: HKLM-x32 {49232000-16E4-426C-A231-62846947304B} hxxps://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab

DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: HKLM-x32 {74F4F118-91E6-4AFC-B8D2-04066781F239} hxxps://www.member-data.com/rdc/EZTwainX.cab

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1074

Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)

Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll [2014-09-23] (Xacti, LLC)

Handler-x32: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll [2014-09-23] (Xacti, LLC)


FireFox:

========

FF ProfilePath: C:\Users\Ron\AppData\Roaming\Mozilla\SeaMonkey\Profiles\6k0syyf3.default [2017-02-23]

FF Extension: (ChatZilla) - C:\Users\Ron\AppData\Roaming\Mozilla\SeaMonkey\Profiles\6k0syyf3.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2015-04-22] [not signed]

FF Extension: (JavaScript Debugger) - C:\Users\Ron\AppData\Roaming\Mozilla\SeaMonkey\Profiles\6k0syyf3.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2013-10-01] [not signed]

FF ProfilePath: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default [2017-02-23]

FF user.js: detected! => C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js [2014-08-20]

FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\4luj5tdd.default -> Search the web (Babylon)

FF SelectedSearchEngine: Mozilla\Firefox\Profiles\4luj5tdd.default -> blekko

FF Homepage: Mozilla\Firefox\Profiles\4luj5tdd.default -> hxxps://www.aspenshopsonline.com/a_1419control/login.php

FF Keyword.URL: Mozilla\Firefox\Profiles\4luj5tdd.default -> hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF NetworkProxy: Mozilla\Firefox\Profiles\4luj5tdd.default -> type", 0

FF Extension: (iCloud Bookmarks) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\[email protected] [2014-02-26] [not signed]

FF Extension: (SaveFrom.net - helper) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\[email protected] [2016-04-26]

FF Extension: (Lavasoft Search Plugin) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\[email protected] [2012-12-04] [not signed]

FF Extension: (Add Google Search To New Tab Page) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\[email protected] [2014-05-16] [not signed]

FF Extension: (AmazonSmile 1Button for Firefox) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\[email protected] [2014-06-20] [not signed]

FF Extension: (LastPass) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\[email protected] [2014-08-20] [not signed]

FF Extension: (DNS Flusher) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\{7d575baa-b543-11dc-8314-0800200c9a66}.xpi [2014-09-20] [not signed]

FF Extension: (Ad-Aware Security Add-on) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2013-10-08] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG10\Firefox4

FF Extension: (AVG Safe Search) - C:\Program Files (x86)\AVG\AVG10\Firefox4 [2012-09-17] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi

FF Extension: (RoboForm Toolbar) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2017-02-19]

FF HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Firefox\Extensions: [{D8555115-7DE9-11E1-826D-B8AC6F996F26}] - C:\Users\Ron\AppData\Local\{D8555115-7DE9-11E1-826D-B8AC6F996F26}

FF Extension: (Translate This!) - C:\Users\Ron\AppData\Local\{D8555115-7DE9-11E1-826D-B8AC6F996F26} [2012-04-03] [not signed]

FF HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] ()

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()

FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-19] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-19] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

FF Plugin-x32: @mozilla.zeniko.ch/PDFLite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [2014-02-26] (Simon Bünzli)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: @mozilla.zeniko.ch/PDFLite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [2014-02-26] (Simon Bünzli)

FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Ron\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)

FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: @talk.google.com/O1DPlugin -> C:\Users\Ron\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)

FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: SkypePlugin -> C:\Users\Ron\AppData\Local\SkypePlugin\7.12.0.55\npGatewayNpapi.dll [2015-12-08] (Skype Technologies S.A.)

FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: SkypePlugin64 -> C:\Users\Ron\AppData\Local\SkypePlugin\7.12.0.55\npGatewayNpapi-x64.dll [2015-12-08] (Skype Technologies S.A.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2011-03-18] (Coupons, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPEltr32.dll [2008-07-28] (UPS)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2011-03-18] (Coupons, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-09-30] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-09-30] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-09-30] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-09-30] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-09-30] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Ron\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\Ron\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)


Chrome:

=======

CHR DefaultProfile: Default

CHR HomePage: Default -> hxxp://www.google.com/

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\gcswf32.dll => No File

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File

CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File

CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File

CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File

CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File

CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File

CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File

CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll => No File

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File

CHR Plugin: (RoboForm Plugin for Google Chrome/Opera/etc.) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\plugin/rf-np-plugin.dll (Siber Systems Inc.)

CHR Plugin: (AVG Internet Security) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll (AVG Technologies CZ, s.r.o.)

CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll => No File

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll => No File

CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Profile: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default [2017-02-23]

CHR Extension: (Entanglement Web App) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2013-10-16]

CHR Extension: (Honey) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-02-22]

CHR Extension: (Tampermonkey) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-01-02]

CHR Extension: (iCloud Bookmarks) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2016-04-24]

CHR Extension: (LastPass: Free Password Manager) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-02-09]

CHR Extension: (AVG Safe Search) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2011-10-14]

CHR Extension: (SearchLock) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\madakpajlmcpaodhfbekojajlhbdklol [2017-01-31]

CHR Extension: (Poppit!) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-11-21]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-21]

CHR Extension: (Lavasoft NewTab) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole [2013-10-16]

CHR Extension: (Chrome Media Router) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]

CHR Extension: (RoboForm Password Manager) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2017-02-16]

CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-07]

CHR HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - C:\Program Files (x86)\LastPass\lpchrome.crx [2013-06-19]

CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG10\Chrome\safesearch.crx [2011-09-09]

CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2013-09-20]

CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-07]


==================== Services (Whitelisted) ====================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


S4 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)

S4 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)

S4 BRA_Scheduler; C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [99328 2015-01-14] () [File not signed]

S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)

S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)

R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46400 2017-02-06] (Dropbox, Inc.)

S4 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()

S4 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]

S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1039376 2017-01-16] (Garmin Ltd. or its subsidiaries)

S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]

S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [File not signed]

S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2013-06-07] (LogMeIn, Inc.)

S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2013-06-07] (LogMeIn, Inc.)

S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2010-11-08] (LogMeIn, Inc.)

R2 MSSQL$UPSWSDBSERVER; c:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)

S4 RunSwUSB; C:\Windows\runSW.exe [48856 2013-10-18] ()

S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

S4 WSWUSB6300; C:\Program Files (x86)\Linksys WUSB6300\WifiSvc.exe [312144 2013-07-22] () [File not signed]


===================== Drivers (Whitelisted) ======================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [35456 2012-10-24] () [File not signed]

R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-01] (GFI Software)

S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-30] (Broadcom Corporation)

R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.)

S4 LMIRfsClientNP; no ImagePath

R3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-13] (Microsoft Corporation)

S3 NPF; C:\Windows\System32\drivers\NPF.sys [40464 2007-11-06] (CACE Technologies)

S3 PcaSp50; C:\Windows\System32\Drivers\PcaSp50.sys [45624 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA))

S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2978520 2014-01-10] (Realtek Semiconductor Corporation )

R3 SPorts; C:\Windows\System32\DRIVERS\SPorts.sys [122880 2009-08-17] ()

S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16056 2015-09-30] (SlimWare Utilities, Inc.)

S1 BdfNdisf; \??\c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [X]

S1 bdftdif; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdftdif.sys [X]

S3 dbx; system32\DRIVERS\dbx.sys [X]

S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2017-02-23 06:50 - 2017-02-23 06:52 - 00046157 _____ C:\Users\Ron\Desktop\FRST.txt

2017-02-23 06:50 - 2017-02-23 06:50 - 00000000 ____D C:\FRST

2017-02-23 06:49 - 2017-02-23 06:49 - 02423296 _____ (Farbar) C:\Users\Ron\Desktop\FRST64.exe

2017-02-23 06:23 - 2017-02-23 06:23 - 00000165 ____H C:\Users\Ron\Desktop\~$PRIZEGRAB.xlsx

2017-02-22 09:00 - 2017-02-22 09:00 - 00000000 ____D C:\ProgramData\Lavasoft

2017-02-18 19:20 - 2017-02-18 19:20 - 00000321 _____ C:\Users\Ron\Downloads\Buffalo_Grass_Acoustic_Society.vcf

2017-02-16 23:26 - 2017-02-17 15:34 - 00000000 ____D C:\Users\Ron\Desktop\BGAS dailies

2017-02-14 11:57 - 2017-02-14 11:57 - 00000000 ____D C:\Users\Ron\AppData\Local\AdAwareUpdater

2017-02-14 11:54 - 2017-02-14 11:54 - 00000000 ____D C:\ProgramData\adaware

2017-02-12 20:33 - 2017-02-23 06:31 - 00010250 _____ C:\Users\Ron\Desktop\PRIZEGRAB.xlsx

2017-02-10 08:59 - 2017-02-10 08:59 - 00000055 _____ C:\Users\Ron\Desktop\Brad birthday ideas.txt

2017-02-07 17:15 - 2017-02-07 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox

2017-02-06 21:38 - 2017-02-06 21:38 - 00046400 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe

2017-02-06 21:38 - 2017-02-06 21:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys

2017-02-06 21:38 - 2017-02-06 21:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys

2017-02-06 21:38 - 2017-02-06 21:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys

2017-02-05 20:03 - 2017-02-05 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs

2017-02-05 20:02 - 2017-02-05 20:02 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk

2017-02-05 20:02 - 2017-02-05 20:02 - 00001153 _____ C:\Users\Public\Desktop\Debut Video Capture Software.lnk

2017-02-04 21:31 - 2017-02-04 21:31 - 00002183 _____ C:\Users\Public\Desktop\Google Earth.lnk

2017-02-04 21:31 - 2017-02-04 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

2017-02-01 13:03 - 2017-02-06 13:16 - 00000000 ____D C:\Users\Ron\Desktop\UPS Print Services

2017-02-01 11:31 - 2017-02-01 11:31 - 00004096 ____H C:\Users\Ron\AppData\Local\keyfile3.drm

2017-01-31 21:27 - 2017-01-31 21:27 - 00001792 _____ C:\Users\Public\Desktop\iTunes.lnk

2017-01-31 21:27 - 2017-01-31 21:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2017-01-31 21:25 - 2017-01-31 21:27 - 00000000 ____D C:\Program Files\iTunes

2017-01-31 21:25 - 2017-01-31 21:25 - 00000000 ____D C:\Program Files\iPod

2017-01-31 21:19 - 2017-01-31 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2017-02-23 06:49 - 2013-03-15 13:39 - 01000448 ___SH C:\Users\Ron\Desktop\Thumbs.db

2017-02-23 06:29 - 2012-05-11 13:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2017-02-23 06:15 - 2015-10-08 20:50 - 00000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job

2017-02-23 06:10 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\tracing

2017-02-23 05:46 - 2016-07-14 23:39 - 00000000 ____D C:\Users\Ron\AppData\Local\4B746940-4173-44A8-928A-9477EFAB0062.aplzod

2017-02-23 04:51 - 2009-07-13 21:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2017-02-23 04:51 - 2009-07-13 21:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2017-02-22 21:15 - 2015-10-08 20:50 - 00000898 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job

2017-02-22 20:35 - 2016-12-03 20:35 - 00000000 ____D C:\Users\Ron\AppData\Roaming\FileAdvisor

2017-02-22 15:39 - 2014-09-28 18:19 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Audacity

2017-02-22 15:27 - 2016-12-02 20:03 - 00000000 ____D C:\Users\Ron\AppData\Roaming\mp3tagpro

2017-02-22 13:13 - 2016-02-20 12:44 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2017-02-22 09:50 - 2015-09-09 08:50 - 00000362 _____ C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Ron).job

2017-02-22 09:32 - 2015-05-05 03:28 - 00000000 ____D C:\Users\Ron\AppData\Local\CrashDumps

2017-02-22 09:32 - 2013-02-21 19:02 - 00000000 ___RD C:\Users\Ron\Dropbox

2017-02-22 09:30 - 2016-07-14 23:38 - 00000000 ___RD C:\Users\Ron\iCloudDrive

2017-02-22 09:30 - 2010-03-11 11:10 - 00000199 _____ C:\Windows\wstdUPSWSHIP.INI

2017-02-22 09:29 - 2012-07-23 13:04 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection

2017-02-22 09:26 - 2011-09-17 15:11 - 00065536 _____ C:\Windows\system32\Ikeext.etl

2017-02-22 09:26 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2017-02-21 03:20 - 2016-03-20 21:39 - 00000000 ____D C:\Users\Ron\My IMS Projects

2017-02-21 03:19 - 2011-07-24 12:36 - 00000000 ____D C:\Users\Ron\AppData\Roaming\FileZilla

2017-02-19 22:16 - 2010-03-12 12:55 - 00001082 _____ C:\Windows\Brpfx04a.ini

2017-02-19 22:15 - 2010-02-22 10:34 - 00000466 _____ C:\Windows\BRWMARK.INI

2017-02-19 12:41 - 2011-06-16 20:23 - 00004104 _____ C:\Windows\System32\Tasks\Open URL by RoboForm

2017-02-19 12:41 - 2011-03-16 22:53 - 00003486 _____ C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon

2017-02-19 12:33 - 2011-12-16 04:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm

2017-02-17 22:36 - 2016-02-21 01:05 - 00000000 ____D C:\Users\Ron\Desktop\TEMPORARY PICS

2017-02-17 13:20 - 2017-01-06 14:16 - 00000000 ____D C:\Users\Ron\AppData\Local\FileZilla

2017-02-16 23:26 - 2014-02-21 00:01 - 00000000 ____D C:\Users\Ron\BGAS

2017-02-16 23:14 - 2016-09-27 17:38 - 00000000 ____D C:\Users\Ron\Desktop\a-KCEG UPLOADS

2017-02-16 14:11 - 2015-08-21 21:11 - 00000000 ____D C:\Users\Ron\Wilks Home Sale

2017-02-11 19:17 - 2016-06-05 23:41 - 00000861 _____ C:\Users\Public\Desktop\CCleaner.lnk

2017-02-11 19:12 - 2013-02-21 19:02 - 00001269 _____ C:\Users\Ron\Desktop\Dropbox.lnk

2017-02-10 19:55 - 2013-09-09 06:58 - 00268288 ___SH C:\Users\Ron\Thumbs.db

2017-02-09 15:29 - 2010-11-19 11:32 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForRon

2017-02-09 15:29 - 2010-11-19 11:32 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForRon.job

2017-02-09 15:27 - 2013-07-26 19:45 - 00000000 ____D C:\BGAS WEBFILES

2017-02-08 13:06 - 2017-01-08 00:52 - 00000000 ____D C:\Users\Ron\Desktop\SCRIPTS 2017

2017-02-08 01:35 - 2016-12-02 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mp3Tag Pro 9

2017-02-08 01:35 - 2016-12-02 20:03 - 00000000 ____D C:\Program Files (x86)\mp3Tag Pro 9

2017-02-07 17:15 - 2015-10-08 20:49 - 00000000 ____D C:\Program Files (x86)\Dropbox

2017-02-07 15:22 - 2017-01-05 14:50 - 00000000 ____D C:\Users\Ron\AppData\LocalLow\Mozilla

2017-02-06 13:31 - 2010-04-06 17:27 - 00002234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2017-02-05 20:11 - 2016-12-02 20:50 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software

2017-02-05 20:03 - 2016-12-08 02:15 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Free YouTube to MP3 Converter Studio

2017-02-05 20:03 - 2016-12-02 20:50 - 00000000 ____D C:\ProgramData\NCH Software

2017-02-05 20:03 - 2016-12-02 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite

2017-02-05 20:02 - 2011-09-29 09:10 - 00000000 ____D C:\Users\Ron\AppData\Roaming\NCH Software

2017-02-05 20:02 - 2010-04-07 17:40 - 00000000 ____D C:\Program Files (x86)\NCH Software

2017-02-04 21:31 - 2010-04-01 20:50 - 00000000 ____D C:\Program Files (x86)\Google

2017-02-04 18:05 - 2010-01-27 01:03 - 00000000 ___RD C:\Users\Ron

2017-02-03 02:18 - 2016-03-28 23:02 - 00000000 ____D C:\Users\Ron\Aspen Shops

2017-02-02 13:44 - 2016-01-08 00:32 - 00002136 _____ C:\Users\Public\Desktop\FileZilla Client.lnk

2017-02-02 13:44 - 2011-07-24 12:36 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client

2017-02-02 02:20 - 2016-11-10 14:12 - 00000000 ____D C:\Users\Ron\Desktop\Linda - health-death

2017-02-01 13:11 - 2016-08-31 10:34 - 00000000 ____D C:\Users\Ron\Desktop\Jam Poster images

2017-01-31 21:25 - 2012-05-17 20:30 - 00000000 ____D C:\Program Files\Common Files\Apple

2017-01-31 10:00 - 2010-02-21 21:18 - 00000544 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job

2017-01-24 22:00 - 2015-06-24 10:49 - 00000000 ____D C:\TEMP


==================== Files in the root of some directories =======


2013-01-19 00:09 - 2013-01-19 00:10 - 0031126 __RSH () C:\Program Files (x86)\DLS8Uninstall.log

2013-06-19 22:54 - 2013-06-19 22:54 - 14880256 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe

2015-12-31 23:20 - 2016-04-18 20:14 - 0601088 _____ () C:\Users\Ron\AppData\Roaming\SharedSettings.ccs

2010-03-12 13:17 - 2014-11-05 20:43 - 0000258 _____ () C:\Users\Ron\AppData\Roaming\wklnhst.dat

2013-01-19 16:46 - 2016-10-21 12:45 - 0114176 _____ () C:\Users\Ron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2017-02-01 11:31 - 2017-02-01 11:31 - 0004096 ____H () C:\Users\Ron\AppData\Local\keyfile3.drm

2011-07-12 04:35 - 2013-09-08 23:15 - 0000600 _____ () C:\Users\Ron\AppData\Local\PUTTY.RND

2016-10-12 13:06 - 2016-10-12 13:06 - 0000837 _____ () C:\Users\Ron\AppData\Local\recently-used.xbel

2010-03-19 07:32 - 2016-09-29 21:09 - 0007606 _____ () C:\Users\Ron\AppData\Local\resmon.resmoncfg

2011-02-13 22:09 - 2011-02-13 22:09 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

2015-10-01 09:12 - 2015-10-01 09:12 - 0010392 _____ () C:\ProgramData\regid.2015-09.com.zebra_382F6BCF-CF0F-4390-94F1-6CEF82FFFB02.swidtag


Files to move or delete:

====================

C:\Users\Public\pass.dat

C:\Users\Ron\en_res.dll

C:\Users\Ron\es_res.dll

C:\Users\Ron\fr_res.dll

C:\Users\Ron\grm_res.dll

C:\Users\Ron\it_res.dll

C:\Users\Ron\jp_res.dll

C:\Users\Ron\lyrics-finder.exe

C:\Users\Ron\mfc80u.dll

C:\Users\Ron\msvcr80.dll

C:\Users\Ron\PCPE Setup.exe

C:\Users\Ron\pt_res.dll

C:\Users\Ron\ResourceReader.dll

C:\Users\Ron\ripsetup.exe

C:\Users\Ron\ru_res.dll

C:\Users\Ron\zh_res.dll



Some files in TEMP:

====================

2013-11-29 18:48 - 2013-11-29 18:48 - 0000000 _____ () C:\Users\Employee Access\AppData\Local\Temp\c3bty7qd.dll

2016-12-02 20:50 - 2016-12-02 20:50 - 0875792 _____ (NCH Software) C:\Users\Ron\AppData\Local\Temp\burnsetup.exe

2017-02-05 20:02 - 2017-02-05 20:02 - 1681656 _____ (NCH Software) C:\Users\Ron\AppData\Local\Temp\debutsetup.exe

2016-12-16 19:17 - 2017-02-19 12:32 - 21360360 _____ (Siber Systems) C:\Users\Ron\AppData\Local\Temp\RoboForm-Setup.exe

2016-12-02 20:50 - 2016-12-02 20:50 - 0727784 _____ (NCH Software) C:\Users\Ron\AppData\Local\Temp\rpsetup.exe


==================== Bamital & volsnap ======================


(There is no automatic fix for files that do not pass verification.)


C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2017-02-22 00:14


==================== End of FRST.txt ============================











Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017

Ran by Ron (23-02-2017 06:53:41)

Running from C:\Users\Ron\Desktop

Windows 7 Home Premium Service Pack 1 (X64) (2010-01-27 08:03:43)

Boot Mode: Normal

==========================================================



==================== Accounts: =============================


Administrator (S-1-5-21-1719432816-2042769076-3470656445-500 - Administrator - Disabled)

Employee Access (S-1-5-21-1719432816-2042769076-3470656445-1009 - Limited - Enabled) => C:\Users\Employee Access

Guest (S-1-5-21-1719432816-2042769076-3470656445-501 - Limited - Enabled)

HomeGroupUser$ (S-1-5-21-1719432816-2042769076-3470656445-1002 - Limited - Enabled)

LogMeInRemoteUser (S-1-5-21-1719432816-2042769076-3470656445-1006 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser

Ron (S-1-5-21-1719432816-2042769076-3470656445-1001 - Administrator - Enabled) => C:\Users\Ron

Test (S-1-5-21-1719432816-2042769076-3470656445-1007 - Administrator - Enabled) => C:\Users\Test

UpdatusUser (S-1-5-21-1719432816-2042769076-3470656445-1008 - Limited - Enabled) => C:\Users\UpdatusUser


==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)


AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


==================== Installed Programs ======================


(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version: - )

Ad-Aware Security Add-on (HKLM-x32\...\adawaretb) (Version: 3.5.0.2 - Lavasoft)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)

Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)

Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)

Amazon Kindle (HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)

ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden

Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)

Artweaver 1.0 (HKLM-x32\...\{A025CFB8-64E7-4432-824F-11E7C5ED2ECE}_is1) (Version: 1.0 - Boris Eyrich Software)

Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)

Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)

AudioConverter Studio 9.1 (HKLM-x32\...\AudioConverter Studio_is1) (Version: - ManiacTools.com)

Auto Updater 1.2.0.3 (HKLM-x32\...\AutoUpdater_is1) (Version: - )

AutoHotkey 1.1.13.01 (HKLM\...\AutoHotkey) (Version: 1.1.13.01 - Lexikos)

Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)

BitTorrent (HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\BitTorrent) (Version: 7.9.7.42331 - BitTorrent Inc.)

Blueberry PDF Form Filler (x32 Version: 1.0.0.89 - Blueberry Consultants) Hidden

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

BRAdmin Professional 3 (HKLM-x32\...\{75C885D4-C758-4896-A3B4-90DA34B44C31}) (Version: 3.58.0003 - Brother)

Brother HL-4040CDN (HKLM-x32\...\{341F242E-90A8-471E-A72B-4306040E5416}) (Version: 1.00 - Brother)

Brother MFL-Pro Suite MFC-7840W (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.0.1.0 - Brother Industries, Ltd.)

CCC (x32 Version: 12.00.0000 - United Parcel Service, Inc.) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Core FTP LE 2.1 (HKLM-x32\...\Core FTP LE 2.1) (Version: - )

Crimson Editor SVN286 (HKLM-x32\...\Crimson Editor SVN286) (Version: SVN286 - Emerald Editor Community)

CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DAZzle (HKLM-x32\...\DAZzle) (Version: - )

Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 3.07 - NCH Software)

DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)

DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden

Dropbox (HKLM-x32\...\Dropbox) (Version: 19.4.13 - Dropbox, Inc.)

Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden

DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.2.0.794 - Sanford, L.P.)

DYMO LabelWriter Drivers (HKLM\...\{CE16D92B-50F3-4FC5-B29C-13FAFEE1A6C6}) (Version: 8.3.0.443 - Sanford L.P.)

DYMO Printable Postage (HKLM-x32\...\Printable Postage.exe) (Version: 4.0 - Endicia Internet Postage)

Elevated Installer (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden

Evernote v. 6.1.2 (HKLM-x32\...\{A46ABD1E-2837-11E6-9E7C-005056951CAD}) (Version: 6.1.2.2292 - Evernote Corp.)

Express Burn Disc Burning Software (HKLM-x32\...\ExpressBurn) (Version: 5.15 - NCH Software)

Express Rip CD Ripper Software (HKLM-x32\...\ExpressRip) (Version: 1.97 - NCH Software)

FastStone Image Viewer 4.0 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.0 - FastStone Soft)

Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)

File Type Advisor 1.6 (HKLM-x32\...\File Type Advisor_is1) (Version: - )

FileZilla Client 3.24.0 (HKLM-x32\...\FileZilla Client) (Version: 3.24.0 - Tim Kosse)

FlipShare (HKLM-x32\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video)

FormsComponent (x32 Version: 12.00.0000 - UPS) Hidden

FOSS (x32 Version: 12.50.0000 - UPS) Hidden

Free M4a to MP3 Converter 9.3 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)

Free YouTube to MP3 Converter Studio 9.0 (HKLM-x32\...\Free YouTube to MP3 Converter Studio_is1) (Version: - mediaprolab.com)

Gadwin PrintScreen (64-Bit) (HKLM\...\{819A52E1-0929-469A-BEB6-1AEBE0873CFC}) (Version: 5.4.2.0 - Gadwin Systems)

Garmin Express (HKLM-x32\...\{9fbf4745-0038-4ed3-aee1-87af9b9ef8f1}) (Version: 5.1.1.0 - Garmin Ltd or its subsidiaries)

Garmin Express (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin Express Tray (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden

GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)

GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 8.4.3.3 - Siber Systems)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)

Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)

Google Talk (remove only) (HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - )

Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden

Google Web Designer (HKLM\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 1.3.10.0 - Google Inc.)

Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)

HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)

HP Media Vault Pro (HKLM-x32\...\{01ACF590-90FE-43EE-906E-EC051D587CA8}) (Version: 1.2.1.16218 - Hewlett-Packard)

HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)

HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 9.7.3 - Hewlett-Packard Company)

HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)

HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)

HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)

HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)

ICCHelp (HKLM-x32\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 1.0.0.2 - UPS)

iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.)

Inbox Toolbar (HKLM-x32\...\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1) (Version: 2.0.1.110 - Xacti, LLC)

IP Camera (HKLM-x32\...\IP Camera) (Version: - )

iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)

Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)

Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Korean Fonts Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5670-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)

LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)

LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden

LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )

LastPass(uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)

Launch-n-Go (HKLM-x32\...\{7CE12FDF-B758-46A5-A8CD-785EDFDC5B84}) (Version: 2.0 - Tethys Solutions, LLC)

LightScribe Diagnostic Utility (HKLM-x32\...\{8FE019AA-8C1C-46D3-A6CA-E45C5E332736}) (Version: 1.18.27.10 - LightScribe)

LightScribe System Software (HKLM-x32\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe)

Linksys Dual Band Wireless-AC USB Adapter (HKLM-x32\...\{C094F1A2-5EDF-4550-AE67-5FC1F4D2186F}) (Version: 1.0.0.22 - Linksys LLC)

LogMeIn (HKLM-x32\...\{34F93E31-E1A0-421C-8E86-BCF7C4193A91}) (Version: 4.0.982 - LogMeIn, Inc.)

LogMeIn (HKLM-x32\...\{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}) (Version: 4.1.1578 - LogMeIn, Inc.)

MAMP & MAMP PRO version 3.2.2 (HKLM-x32\...\{A62E77D4-9B74-4CA0-A254-EFE711F7A298}_is1) (Version: 3.2.2 - appsolute Gmbh)

Mega Video Converter 2.2 (HKLM-x32\...\Mega Video Converter_is1) (Version: - Mega Video Converter)

Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)

Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)

Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

Microsoft Office Access 2003 (HKLM-x32\...\{90150409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - )

Microsoft Office Outlook 2007 (HKLM-x32\...\OUTLOOKR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)

Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)

Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Mozilla Firefox 50.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0.2 (x86 en-US)) (Version: 50.0.2 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.2.6177 - Mozilla)

mp3Tag Pro 9.5 (HKLM-x32\...\mp3Tag Pro_is1) (Version: - ManiacTools.com)

MSIChecker (x32 Version: 9.00.0000 - UPS) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.3.2 - MusicBrainz)

NA1Messenger (x32 Version: 12.00.6000 - Your Company Name) Hidden

NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.2.27.1 - NETGEAR Inc.)

NETGEAR Powerline Utility (HKLM-x32\...\InstallShield_{2753B568-6F85-4E31-A114-A7F8D8606DDD}) (Version: 2.0.0.6 - NETGEAR Powerline)

NETGEAR Powerline Utility (x32 Version: 2.0.0.6 - NETGEAR Powerline) Hidden

Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.5 - )

NRF (x32 Version: 12.00.0000 - UPS) Hidden

NTI DriveBackup! 4 (HKLM-x32\...\{651DF20A-B6D8-4C7A-BBD8-EBC5FC7CF1C1}) (Version: 4.8.35.0 - NewTech Infosystems)

NTI Shadow 3 (HKLM-x32\...\{E9EB5689-4F76-4E3C-A675-5ED5F52AB890}) (Version: 3.8.2.59 - NewTech Infosystems)

NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9739 - NVIDIA Corporation)

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.6 - NVIDIA Corporation)

NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)

NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)

Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Octoshape add-in for Adobe Flash Player) (Version: - )

ocxinstall (HKLM-x32\...\{1A2606DD-5E86-4ADA-954B-D98012A174E0}) (Version: 1.0.0.32 - apexis)

OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)

OutlookTempCleaner (HKLM-x32\...\{6CBD7BE6-D9C7-4856-9B40-8C67037D1A72}) (Version: 1.2.0 - HowTo-Outlook)

Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)

PDF reDirect (remove only) (HKLM-x32\...\PDF reDirect) (Version: v2.2.8 - EXP Systems LLC)

PDFlite 1.0.0.0 (HKLM-x32\...\PDFlite) (Version: 1.0.0.0 - Amnis Technology Ltd)

PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

PolicyManager (x32 Version: 12.00.0000 - UPS) Hidden

Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)

Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden

PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)

PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3405 - CyberLink Corp.)

PowerDirector (x32 Version: 7.0.3405 - CyberLink Corp.) Hidden

PreSonus Studio One 3 (HKLM-x32\...\PreSonus Studio One 3) (Version: 3.2.2.37876 - PreSonus Audio Electronics)

PrimoPDF -- by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5.0.0.19 - Nitro PDF Software)

PuTTY version 0.60 (HKLM-x32\...\PuTTY_is1) (Version: 0.60 - Simon Tatham)

puzzle.watype.net/jigsawlite (HKLM-x32\...\net.watype.puzzle.jigsawlite.59CF40312C069B2E5F3F9C70D453B8E2C77D2E60.1) (Version: 0.18.2.20 - UNKNOWN)

puzzle.watype.net/jigsawlite (x32 Version: 0.18.2 - UNKNOWN) Hidden

PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden

QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6531 - Realtek Semiconductor Corp.)

Reconciler (x32 Version: 12.00.0000 - UPS) Hidden

RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 5.35 - NCH Software)

Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden

Recuva (HKLM\...\Recuva) (Version: 1.49 - Piriform)

ReportServer (x32 Version: 12.00.0000 - Your Company Name) Hidden

RoboForm 7-9-27-7 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-27-7 - Siber Systems)

Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)

SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.)

SecureTunnel Private Network (HKLM-x32\...\SecureTunnel Private Network 2.9.0) (Version: 2.9.0 - SecureTunnel.com)

SecureTunnel Private Network (x32 Version: 2.9.0 - SecureTunnel.com) Hidden

SiteSpinner Pro V2 (HKLM-x32\...\{8F2F5883-646E-472E-85B9-BBE5D6F37803}) (Version: 2.92.17 - Virtual Mechanics)

Skype Web Plugin (HKLM-x32\...\{F6C18D35-D3EB-4AEA-B266-C2F11B6DB723}) (Version: 7.12.0.55 - Skype Technologies S.A.)

Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.106 - Skype Technologies S.A.)

SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: - NCH Software)

StormPredator 3.6 (HKLM-x32\...\StormPredator_3.31) (Version: 3.6 - IntelliWeather, Inc)

SupportUtility (x32 Version: 12.00.0000 - Your Company Name) Hidden

System (x32 Version: 12.00.0000 - UPS) Hidden

TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )

TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)

the LATEST VERSION OF THE GVJACKAPP (HKLM-x32\...\{GVJackAppUpdate-94F9C78F-EA53-45CA-B980-F3CBB199A2D5}_is1) (Version: - PCPhoneSoft.com)

Tracks Live (HKLM\...\{7CDFC114-1808-4C24-B69C-9EE265F890FC}) (Version: 1.2 - Waves Audio)

Ubuntu (HKLM-x32\...\Wubi) (Version: 12.04.1-rev273 - Ubuntu)

UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.0.9.5 - uvnc bvba)

UmmyVideoDownloader (HKLM-x32\...\{E028DBDA-EEE7-48A0-ADF7-D250589A02C5}_is1) (Version: 1.6.0.3 - ) <==== ATTENTION

UnifiedPrinting (x32 Version: 12.00.0000 - UPS) Hidden

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

UPS Thermal Printer Plugin - Version 8.10 (HKLM-x32\...\{BB2F9840-531D-4C8E-9F19-A101ECD9ABC0}) (Version: - )

UPS WorldShip (HKLM-x32\...\UPS WorldShip) (Version: 12.0 - UPS)

UPSDB (x32 Version: 12.00.0000 - UPS) Hidden

UPSICC (x32 Version: 1.0.0.16 - UPS) Hidden

UPSlinkHTTP (x32 Version: 1.0.0.13 - UPS) Hidden

UPSVCMM (x32 Version: 12.00.0000 - UPS) Hidden

Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)

Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)

VuePrint (HKLM-x32\...\VuePrint) (Version: - )

WebFilteringEngine (Version: 2.2.1.0 - Lavasoft) Hidden

WebHelp (HKLM-x32\...\{8C5BD501-AD5D-4A75-9321-076509B438FC}) (Version: 1.00.0000 - UPS)

Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)

Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

WinMerge 2.12.4 (HKLM-x32\...\WinMerge_is1) (Version: 2.12.4 - Thingamahoochie Software)

WMA 9 Lossless to PCM Conversion Tool (HKLM-x32\...\wmal2pcm) (Version: - )

WorldShip (x32 Version: 12.00.0000 - UPS) Hidden

ZebraNet Bridge 1_3_3 (HKLM-x32\...\{67A1CB41-3DCA-4872-9485-FFEDFF25C95C}) (Version: 1.3.302 - Zebra Technologies)

ZyXEL PLA Series Utility (HKLM-x32\...\{65FB8889-07CF-4ECC-859D-927EA587A7C1}) (Version: 7.00.0004 - ZyXEL Communications Corp.)


==================== Custom CLSID (Whitelisted): ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\ChromeHTML: -> <==== ATTENTION

CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{147D75F3-19D5-4810-800D-7F50A02E8B60}\InprocServer32 -> C:\Users\Ron\AppData\Local\SkypePlugin\7.12.0.55\GatewayActiveX-x64.dll (Skype Technologies S.A.)

CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {184C3844-9468-D082-12A8-3DE985889A47} => No File

CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{B9BE850C-F3F7-48AD-BB5B-A0CDA0706DB5}\localserver32 -> C:\Users\Ron\AppData\Local\SkypePlugin\7.12.0.55\GatewayVersion-x64.exe (Skype Technologies S.A.)

CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Ron\AppData\Local\SkypePlugin\7.12.0.55\EdgeCalling.exe (Skype Technologies S.A.)

CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {40DE96E7-9468-D082-B106-AFB185889A47} => No File

CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)


==================== Scheduled Tasks (Whitelisted) =============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Task: {018C8B41-7568-41E9-9B06-8F5E9EB86F21} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [2015-07-15] (File Type Advisor)

Task: {0C45D057-3956-401D-9F80-E63391787284} - System32\Tasks\{DA0A0907-C0AE-4D7F-B317-61412A8F56F3} => pcalua.exe -a C:\Users\Ron\Desktop\setup.exe -d C:\Users\Ron\Desktop

Task: {171EE4DF-0493-4CC0-A7E8-2C358D3D75E6} - System32\Tasks\{2CC58E79-14EC-4202-A6C7-D9D05FF2D1F7} => pcalua.exe -a C:\brodnt\HL-2170W\install\usa\inst\setup.exe -d C:\brodnt\HL-2170W\install\usa\inst

Task: {1B617820-169F-4EFE-827B-E04640DD2476} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

Task: {1F7B9E04-3B56-42B4-9043-34B84CC81787} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxps://www.roboform.com/test-pass.html?aaa=KICMNJHMLJMMPMKJKMIMCNIMMJKJIMCNLMMJPMLJCNHMKJGMKMCNJMNMJMLJLJLJNJLJJJNJPMPMJNJICMIMCNGMCNNMIMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMNMOMLMJMJNHICMMJBJKJLIMJJNBJCMNKAJBJJNKJCMJNNICMJNDJCMKJBJJNMJCMOMFMH (the data entry has 44 more characters).

Task: {35DE0D53-566B-4257-BEBD-8B51A6614734} - System32\Tasks\AutoUpdaterTask => C:\Program Files (x86)\Auto Updater\AutoUpdater.exe [2012-09-18] ()

Task: {38CA567C-8D38-43E6-B376-9AF18BB37898} - System32\Tasks\{526058CB-A3FC-4B49-9384-E0C6BE1A8B2D} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation)

Task: {45E20403-D863-4A27-A7BA-BF5249F92389} - System32\Tasks\{3541A9E2-1605-4FAD-8F96-438748432F9D} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation)

Task: {4C8D2E40-464C-44E8-83FA-51C607B604CE} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2017-02-19] (Siber Systems)

Task: {4FD35115-73D5-4D26-B767-FBC93DD15F5C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)

Task: {58C0C529-BC37-4337-B0A0-C08B2F5FAF41} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)

Task: {5A3CEBFD-A8F0-4858-9E07-7E5249B5E4C3} - System32\Tasks\HPCeeScheduleForRon => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07] (Hewlett-Packard)

Task: {5D634D2E-FFBB-4D93-9563-138AB8F66FB0} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMNJHMLJMMPMKJKMIMCNIMMJKJIMCNLMMJPMLJCNHMKJGMKMCNJMNMJMLJLJLJNJLJJJNJPMPMJNJICMIMCNNMCNHMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMNKAJBJJNKJCMJNNICMJNDJCMKJBJ"

Task: {68F6F88A-2670-4CF5-BFFF-2BFFFD14F2A4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1719432816-2042769076-3470656445-1001UA => C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-28] (Google Inc.)

Task: {7078C9F7-1CC5-4BD6-B8A0-26C5241F6879} - System32\Tasks\{9CFD2462-2C82-4C34-B8B5-EB1925AA4EBA} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation)

Task: {7CF7CFB7-D44C-46BB-B50B-297DF727E8D6} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)

Task: {7FC36B8F-7346-4E96-A201-FCB59358456C} - System32\Tasks\{280F04D4-7E1E-4FFB-8BA1-B9C9DF95ED4B} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2015-12-29] (Skype Technologies S.A.)

Task: {82362E66-1F65-4AF2-95C9-7BB25D4B760E} - System32\Tasks\{52A341EC-FFC4-4969-B3CB-D11F0D781F43} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe" -c /AppMode=SETUP /Uninstall

Task: {8FBDA4A1-2911-4DA6-8505-2E6C550E3071} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)

Task: {9E191FCE-73EA-4502-8B5B-589C3880DF87} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)

Task: {9EFA47FE-7763-46CB-B61B-85A5BEB2778E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

Task: {B5DB96E3-56F6-4106-AA61-09346EC76FB5} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe

Task: {CB06BE51-9DF6-46F8-9035-B07468322293} - System32\Tasks\{56023160-B799-4645-B063-AFFAE4234881} => pcalua.exe -a E:\setup.exe -d E:\

Task: {D3F54BCA-642F-4313-84B8-40C3C67C730D} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-01-16] ()

Task: {E8025BB0-CA5C-474B-9310-02A9A80C789C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1719432816-2042769076-3470656445-1001Core => C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-28] (Google Inc.)

Task: {E94BAD03-5685-4E6D-B696-EA09F280530F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe

Task: {EEDEE430-FBEC-4D69-B2A5-C0A9BA413A68} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)

Task: {F16515E8-06F1-4EA1-823C-BB85BCBA892E} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Ron) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

Task: {F52D2128-CD63-4D46-9204-4470FEE35DD5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-13] (Adobe Systems Incorporated)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForRon.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe 5-fh scripts\monthly.xml

Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Ron).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe


==================== Shortcuts =============================


(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Ron\images\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm

Shortcut: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co


==================== Loaded Modules (Whitelisted) ==============


2008-08-04 23:07 - 2008-08-04 23:07 - 00064704 _____ () C:\Windows\System32\PDFreDirectMon64.dll

2010-03-24 23:13 - 2009-07-30 18:58 - 00090624 _____ () C:\Windows\System32\Primomonnt.dll

2011-06-18 14:27 - 2005-03-11 17:07 - 00087040 _____ () C:\Windows\System32\redmonnt.dll

2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2010-03-12 12:54 - 2005-04-22 13:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll

2017-01-13 12:10 - 2017-01-13 12:10 - 00052400 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll

2012-10-16 06:54 - 2012-10-16 06:54 - 01041736 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe

2009-12-01 21:36 - 2009-12-01 21:36 - 00024576 _____ () C:\UPS\WSTD\UPSNA1Msgr.exe

2009-12-01 21:39 - 2011-03-09 01:49 - 00422912 _____ () C:\UPS\WSTD\WSTDMessaging.exe

2012-09-24 23:06 - 2012-09-24 23:06 - 00122696 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe

2016-12-15 13:05 - 2016-12-15 13:05 - 09533688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareTray.exe

2016-12-15 13:06 - 2016-12-15 13:06 - 03713272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\RCF.dll

2016-12-15 13:06 - 2016-12-15 13:06 - 00145144 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_filesystem-vc140-mt-1_61.dll

2016-12-15 13:06 - 2016-12-15 13:06 - 00030968 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_system-vc140-mt-1_61.dll

2016-12-15 13:06 - 2016-12-15 13:06 - 00067832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_date_time-vc140-mt-1_61.dll

2016-12-15 13:06 - 2016-12-15 13:06 - 00733432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_log-vc140-mt-1_61.dll

2016-12-15 13:06 - 2016-12-15 13:06 - 00039672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_chrono-vc140-mt-1_61.dll

2016-12-15 13:06 - 2016-12-15 13:06 - 00122104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_thread-vc140-mt-1_61.dll

2016-12-15 13:06 - 2016-12-15 13:06 - 00525048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_locale-vc140-mt-1_61.dll

2016-12-15 13:05 - 2016-12-15 13:05 - 02479864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\HtmlFramework.dll

2016-12-15 13:05 - 2016-12-15 13:05 - 00871672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareTrayDefaultSkin.dll

2012-05-10 23:24 - 2012-05-10 23:24 - 02537472 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtCore4.dll

2012-05-09 19:34 - 2012-05-09 19:34 - 00011362 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\mingwm10.dll

2012-05-09 19:34 - 2012-05-09 19:34 - 00043008 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll

2012-05-10 23:24 - 2012-05-10 23:24 - 09814016 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtGui4.dll

2012-10-11 17:57 - 2012-10-11 17:57 - 00478720 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll

2012-10-11 17:57 - 2012-10-11 17:57 - 01553408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll

2012-05-10 23:24 - 2012-05-10 23:24 - 01140224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtNetwork4.dll

2012-05-10 23:24 - 2012-05-10 23:24 - 00399360 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtXml4.dll

2012-10-11 17:57 - 2012-10-11 17:57 - 00229888 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll

2012-10-11 17:57 - 2012-10-11 17:57 - 01062400 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll

2012-10-16 18:41 - 2012-10-16 18:41 - 03775488 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll

2012-10-11 17:57 - 2012-10-11 17:57 - 00500736 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll

2012-10-11 17:57 - 2012-10-11 17:57 - 00186368 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll

2012-10-11 17:57 - 2012-10-11 17:57 - 01132032 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll

2012-10-11 17:57 - 2012-10-11 17:57 - 08295424 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll

2012-10-11 17:57 - 2012-10-11 17:57 - 01188352 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll

2012-10-11 17:57 - 2012-10-11 17:57 - 00088064 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll

2012-10-11 17:57 - 2012-10-11 17:57 - 00641536 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll

2012-10-11 17:57 - 2012-10-11 17:57 - 00920064 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll

2012-10-11 17:57 - 2012-10-11 17:57 - 00438272 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll

2012-05-10 23:24 - 2012-05-10 23:24 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif4.dll

2012-05-10 23:24 - 2012-05-10 23:24 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico4.dll

2012-05-10 23:24 - 2012-05-10 23:24 - 00287232 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg4.dll

2012-10-11 17:57 - 2012-10-11 17:57 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll

2012-10-11 17:57 - 2012-10-11 17:57 - 00150528 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll

2012-09-24 23:06 - 2012-09-24 23:06 - 01233389 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll

2012-10-11 17:57 - 2012-10-11 17:57 - 00082432 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.DLL

2012-10-11 17:57 - 2012-10-11 17:57 - 00083968 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll

2012-10-11 17:57 - 2012-10-11 17:57 - 00138752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll

2012-10-11 17:57 - 2012-10-11 17:57 - 00702464 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll

2012-10-11 17:57 - 2012-10-11 17:57 - 00504832 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll

2012-10-11 17:57 - 2012-10-11 17:57 - 00116224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll

2012-10-11 17:57 - 2012-10-11 17:57 - 00076288 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll

2017-01-13 13:56 - 2017-01-13 13:56 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2016-09-01 17:13 - 2016-09-01 17:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2017-01-13 13:56 - 2017-01-13 13:56 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll

2009-12-01 21:36 - 2009-12-01 21:36 - 00045056 _____ () C:\UPS\WSTD\PolicyMgr\UPS.Components.NA1MessengerServer.dll

2009-12-01 19:34 - 2009-12-01 19:34 - 00018944 _____ () C:\UPS\WSTD\UPSResourceManager.dll

2009-12-01 21:37 - 2009-12-01 21:37 - 00053248 _____ () C:\UPS\WSTD\PolicyMgr\UPS.Components.PolicyHolder.dll

2009-12-01 21:37 - 2009-12-01 21:37 - 00024576 _____ () C:\UPS\WSTD\PolicyMgr\Microsoft.ApplicationBlocks.Data.dll

2017-02-07 17:14 - 2017-02-06 21:48 - 00801600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll

2015-12-11 17:57 - 2017-01-13 16:53 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd

2015-12-11 17:57 - 2017-01-13 16:53 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd

2015-12-11 17:57 - 2017-01-13 16:53 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd

2015-12-11 17:57 - 2017-02-06 21:50 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd

2015-12-11 17:57 - 2017-01-13 16:53 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd

2017-02-07 17:14 - 2017-02-06 21:50 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd

2015-12-11 17:57 - 2017-01-13 16:54 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd

2017-02-07 17:14 - 2017-02-06 21:50 - 01682768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd

2017-02-07 17:14 - 2017-02-06 21:50 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd

2017-02-07 17:14 - 2017-01-13 16:53 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd

2017-02-07 17:14 - 2017-01-13 16:54 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd

2017-02-07 17:14 - 2017-01-13 16:53 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll

2015-12-11 17:57 - 2017-01-13 16:56 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd

2016-08-05 09:54 - 2017-02-06 21:50 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd

2017-02-07 17:14 - 2017-02-06 21:50 - 00052544 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd

2017-02-07 17:14 - 2017-02-06 21:50 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd

2017-02-07 17:14 - 2017-01-13 16:53 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll

2017-02-07 17:14 - 2017-01-13 16:56 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd

2015-12-11 17:57 - 2017-01-13 16:56 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd

2015-12-11 17:57 - 2017-01-13 16:57 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd

2015-12-11 17:57 - 2017-02-06 21:50 - 00381760 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd

2015-12-11 17:57 - 2017-01-13 16:56 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd

2016-08-05 09:54 - 2017-02-06 21:50 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd

2015-12-11 17:57 - 2017-01-13 16:56 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd

2015-12-11 17:57 - 2017-01-13 16:56 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd

2015-12-11 17:57 - 2017-01-13 16:57 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd

2015-12-11 17:57 - 2017-01-13 16:57 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd

2015-12-11 17:57 - 2017-01-13 16:57 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd

2015-12-11 17:57 - 2017-01-13 16:56 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd

2015-12-11 17:57 - 2017-01-13 16:57 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd

2017-02-07 17:14 - 2017-02-06 21:50 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd

2017-02-07 17:14 - 2017-02-06 21:50 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd

2016-08-05 09:54 - 2017-01-13 16:55 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd

2017-02-07 17:14 - 2017-02-06 21:50 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd

2015-12-11 17:57 - 2017-01-13 16:57 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd

2017-02-07 17:14 - 2017-02-06 21:50 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd

2015-12-11 17:57 - 2017-01-13 16:54 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd

2017-02-07 17:14 - 2017-02-06 21:50 - 01972536 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd

2017-02-07 17:14 - 2017-02-06 21:50 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd

2017-02-07 17:14 - 2017-02-06 21:50 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd

2015-12-11 17:57 - 2017-02-06 21:50 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd

2017-02-07 17:14 - 2017-02-06 21:50 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd

2017-02-07 17:14 - 2017-02-06 21:50 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd

2017-02-07 17:14 - 2017-02-06 21:50 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd

2017-01-23 14:00 - 2017-02-06 21:50 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd

2017-01-23 14:00 - 2017-02-06 21:50 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd

2017-01-23 14:00 - 2017-02-06 21:50 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd

2017-01-23 14:00 - 2017-02-06 21:50 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd

2015-12-11 17:57 - 2017-01-13 16:57 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd

2016-02-12 03:03 - 2017-02-06 21:50 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd

2017-02-07 17:14 - 2017-02-06 21:50 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd

2017-02-07 17:14 - 2017-01-13 16:51 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll

2017-02-07 17:14 - 2017-02-06 21:50 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL

2017-02-07 17:14 - 2017-01-13 17:02 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll

2017-02-07 17:14 - 2017-01-13 17:02 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll

2017-02-07 17:14 - 2017-02-06 21:50 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd

2017-02-07 17:14 - 2017-02-06 21:50 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd

2017-02-07 17:14 - 2017-02-06 21:50 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd

2015-12-11 17:57 - 2017-01-13 16:57 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd

2016-08-05 09:54 - 2017-02-06 21:50 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd

2017-02-07 17:14 - 2017-02-06 21:50 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd

2015-11-11 15:11 - 2017-01-13 17:04 - 00697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll

2010-03-12 12:54 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

2016-06-01 13:39 - 2016-06-01 13:39 - 00439480 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll

2016-06-01 13:39 - 2016-06-01 13:39 - 00321208 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll

2015-11-11 03:41 - 2015-11-11 03:41 - 00756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

2017-02-06 13:30 - 2017-02-01 02:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll

2017-02-06 13:30 - 2017-02-01 02:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll


==================== Alternate Data Streams (Whitelisted) =========


(If an entry is included in the fixlist, only the ADS will be removed.)



==================== Safe Mode (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen => ""="Service"


==================== Association (Whitelisted) ===============


(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Classes\.exe: => <===== ATTENTION

HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Classes\.scr: => <===== ATTENTION

HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Classes\.bat: => <===== ATTENTION

HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Classes\.com: => <===== ATTENTION

HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Classes\.cmd: => <===== ATTENTION

HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Classes\.reg: => <===== ATTENTION


==================== Internet Explorer trusted/restricted ===============


(If an entry is included in the fixlist, it will be removed from the registry.)


IE trusted site: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\member-data.com -> hxxps://www.member-data.com


==================== Hosts content: ==========================


(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


2012-04-26 20:36 - 2013-08-22 14:56 - 00000410 ____A C:\Windows\system32\Drivers\etc\hosts


127.0.0.1 localhost

255.255.255.255 broadcasthost


==================== Other Areas ============================


(Currently there is no automatic fix for this section.)


HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Control Panel\Desktop\\Wallpaper ->

DNS Servers: 75.75.75.75 - 75.75.76.76

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.


==================== MSCONFIG/TASK MANAGER disabled items ==


MSCONFIG\Services: AdobeARMservice => 2

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3

MSCONFIG\Services: AgereModemAudio => 2

MSCONFIG\Services: APC Data Service => 2

MSCONFIG\Services: APC UPS Service => 2

MSCONFIG\Services: Apple Mobile Device Service => 2

MSCONFIG\Services: Bonjour Service => 2

MSCONFIG\Services: BRA_Scheduler => 2

MSCONFIG\Services: dbupdate => 2

MSCONFIG\Services: dbupdatem => 3

MSCONFIG\Services: DbxSvc => 2

MSCONFIG\Services: GameConsoleService => 3

MSCONFIG\Services: Garmin Device Interaction Service => 2

MSCONFIG\Services: gupdate => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: gusvc => 3

MSCONFIG\Services: hpqwmiex => 3

MSCONFIG\Services: IDriverT => 3

MSCONFIG\Services: iPod Service => 3

MSCONFIG\Services: LavasoftAdAwareService11 => 2

MSCONFIG\Services: LightScribeService => 2

MSCONFIG\Services: LMIGuardianSvc => 2

MSCONFIG\Services: MozillaMaintenance => 3

MSCONFIG\Services: nvsvc => 2

MSCONFIG\Services: nvUpdatusService => 2

MSCONFIG\Services: SkypeUpdate => 2

MSCONFIG\Services: TeamViewer => 2

MSCONFIG\Services: WSWUSB6300 => 2


==================== FirewallRules (Whitelisted) ===============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


FirewallRules: [{04CFBCA5-D46F-4261-AF05-054C15FEA067}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE

FirewallRules: [{CF3F4ACC-ECD5-462C-B096-B9AA9AD48612}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [{02BE86F2-D561-42A0-AFF3-F123A0B12779}] => (Allow) svchost.exe

FirewallRules: [{FA059FB8-007D-4D10-A57C-CC0DC49699D3}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe

FirewallRules: [TCP Query User{96E0F301-D6AF-4D3D-B7B4-9CB51499FA9B}C:\program files (x86)\hewlett-packard\hp media vault pro\hpmvtray.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp media vault pro\hpmvtray.exe

FirewallRules: [uDP Query User{D4E22FA9-D054-4F1C-8CE2-34EEFB651F6C}C:\program files (x86)\hewlett-packard\hp media vault pro\hpmvtray.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp media vault pro\hpmvtray.exe

FirewallRules: [TCP Query User{53F41E42-E181-4A21-9590-E46DB8A5A190}C:\program files (x86)\hewlett-packard\hp media vault pro\nascfg.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp media vault pro\nascfg.exe

FirewallRules: [uDP Query User{745AB414-2463-4574-B036-8EFA75FBFA22}C:\program files (x86)\hewlett-packard\hp media vault pro\nascfg.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp media vault pro\nascfg.exe

FirewallRules: [{A5CA82CD-A30D-4D0D-BC53-AFDFF78FDE3B}] => (Allow) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe

FirewallRules: [{B3EA48C0-18EF-460F-8101-8B0AF4C13CA8}] => (Allow) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe

FirewallRules: [{EBAF833E-9F01-4B24-99B2-EF4647509BA3}] => (Allow) LPort=1434

FirewallRules: [{E4120D3E-A9C6-4892-B966-264C6BC48A67}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe

FirewallRules: [{9899B5CC-1AC4-4253-B36C-D2A27E7D796B}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe

FirewallRules: [{77F7158E-CEF0-41E4-BEA6-CF042B55A7BA}] => (Allow) LPort=54925

FirewallRules: [{F9AC21CC-ABFB-46E9-9142-C422AD900BD8}] => (Allow) LPort=2869

FirewallRules: [{AF9F98ED-72A3-4D41-BEE5-9A5921F0D6C8}] => (Allow) LPort=1900

FirewallRules: [{121C20F9-71F5-4E8F-BD65-86309D27865E}] => (Allow) C:\Program Files\UltraVNC\vncviewer.exe

FirewallRules: [{C845D225-7045-4CB8-AAF6-4C19AE653FA6}] => (Allow) C:\Program Files\UltraVNC\vncviewer.exe

FirewallRules: [{58967C13-CDF9-4F3E-97D2-D1DED470D1FA}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe

FirewallRules: [{5EDA4F80-FD2D-49B5-9409-AB6412D13910}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe

FirewallRules: [{84CAE729-C8E8-4B5B-B202-4F9A88BBF192}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe

FirewallRules: [{EEDD2655-0487-4562-83BB-F92117D01005}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe

FirewallRules: [{7FCC12D4-2597-4725-AFAE-47EA39AE5769}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe

FirewallRules: [{125DD76A-7F2C-4637-A34B-28AE6BBAC108}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe

FirewallRules: [{4B3E40A2-5249-44A5-80C2-5489728F1408}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe

FirewallRules: [{D9AC19C1-0DAD-45FA-A6B5-6F5689434355}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe

FirewallRules: [{B74BF052-ABE8-4877-B1F1-2FD1395213AC}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe

FirewallRules: [{BB9E8922-E01B-4497-BAB6-BA0DE0DB1363}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe

FirewallRules: [{1575BDC3-DF99-4EC0-91D8-1603AD9B0E67}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe

FirewallRules: [{8B2BAFE7-F941-44F1-8D55-8D2C80E66CE7}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe

FirewallRules: [{41C7AE45-BAD3-4A6F-AFC4-5CC0FF1510C7}] => (Allow) LPort=24726

FirewallRules: [{96402590-1298-4881-846A-F7EB65EF211B}] => (Allow) LPort=24727

FirewallRules: [{CF4E4349-0AFF-4356-93E1-178C84805906}] => (Allow) svchost.exe

FirewallRules: [{EAA09862-6215-482A-B8A2-A6C7C83F23AC}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe

FirewallRules: [TCP Query User{B249BE15-7982-4ACA-8447-C4F896C7997D}C:\windows\syswow64\ipcamera.exe] => (Allow) C:\windows\syswow64\ipcamera.exe

FirewallRules: [uDP Query User{BF8F1B0C-8CD1-48B1-A22A-777DF22F1B88}C:\windows\syswow64\ipcamera.exe] => (Allow) C:\windows\syswow64\ipcamera.exe

FirewallRules: [TCP Query User{22FF9D9F-11F8-499A-8B51-A68B23F4DC03}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe

FirewallRules: [uDP Query User{94364BE9-2099-4CE7-BFEF-F83A8B6B1DFC}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe

FirewallRules: [TCP Query User{FF22984D-FC8C-4728-B939-96B73E0276A9}C:\program files (x86)\samsung\intelli-studio\istudio.exe] => (Block) C:\program files (x86)\samsung\intelli-studio\istudio.exe

FirewallRules: [uDP Query User{1006FE27-8BC6-4D74-BA72-A5BF703774BF}C:\program files (x86)\samsung\intelli-studio\istudio.exe] => (Block) C:\program files (x86)\samsung\intelli-studio\istudio.exe

FirewallRules: [{B73FA5C0-B373-4929-B790-DF3A59970FE2}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe

FirewallRules: [{AB15C78D-3377-475E-A700-3768463CCFF6}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe

FirewallRules: [{0C5953A3-404B-48CF-AC3D-36B2F74079C3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

FirewallRules: [{65AEBF1F-2B29-4B47-AE8E-3D653EAFF55C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

FirewallRules: [{E4E747B7-FA5C-453E-B4DD-B9F7272188D3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{C624922B-2A83-496A-B626-D0B3AD93FC82}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{DE027B55-E711-4D09-97BA-B103C7238FF7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{EB32C7CE-C687-4FF6-B3EB-B615F6A381DF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{0F9D9F04-614F-4A7E-958A-59F422F756D0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{4B3071DE-6D84-4271-B303-770B2C3D3B39}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{91BD0D73-8E06-4F8F-93F5-205738B06BCA}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe

FirewallRules: [{2902C0CE-9285-498E-ACCB-3B3FAE66530E}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe

FirewallRules: [{E36AFE51-4C82-4EDA-B626-F17326893986}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe

FirewallRules: [{1B7919B3-BEBB-421C-9019-7CCE21C37F8A}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe

FirewallRules: [{727E9DD5-A32C-418E-9C18-3C88F0D5B27C}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe

FirewallRules: [{DD32FDDC-EE86-46F5-A917-5D1494C338E7}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe

FirewallRules: [{63E501F5-CBD5-458C-94FF-97F93EF55289}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe

FirewallRules: [{109A1587-7F54-49AC-97B6-A677BACF145D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{34D57141-8198-452A-8C4C-545989FE1BCF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{57019B5F-F3C3-4987-83D0-20078E3E80CB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{6C809256-F108-4F94-94DB-6C37A8407BBD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{5E2B95F8-5265-4AAF-8A6D-05F7ADEB4C0C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{53D9A3E1-C3C9-4047-B990-E8643367EE8F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{E09EE821-C50D-4C5A-B645-C4D5B95CB311}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{BC13EABF-79A6-40EB-8457-9BB3AA57130F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{EC33304A-89A8-477B-9766-EAFC22B367FF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{BA2DAC2C-6E7B-4EF7-B306-554D8B3D161D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{234154C8-8698-482D-BDF4-9DD665CB03E2}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{6FE39A68-60CC-4A90-9993-6642BCB6FA83}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{9644C4AA-1CDB-43E5-AC42-1B991B935B3D}] => (Allow) C:\Users\Ron\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{08A19798-139F-46E4-82B4-27E6161ED1BC}] => (Allow) C:\Users\Ron\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{FFAFD776-7CF2-4644-9B06-F40778DADA97}] => (Allow) C:\Users\Ron\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{EF9903A1-EB6D-46EA-B231-8E2EF08169F5}] => (Allow) C:\Users\Ron\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{98DED0C1-5934-4C91-BC20-DA050893EDA5}] => (Allow) C:\Users\Ron\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{F429B5AF-9034-4A9B-98EA-B0A9F8DB2377}] => (Allow) C:\Users\Ron\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [TCP Query User{58829809-6052-4801-9F84-F51F3DB7D882}C:\program files (x86)\zebralink\zebranet bridge\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\zebralink\zebranet bridge\jre\bin\javaw.exe

FirewallRules: [uDP Query User{6211E949-E850-4C49-8FF8-3A28FAD9A819}C:\program files (x86)\zebralink\zebranet bridge\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\zebralink\zebranet bridge\jre\bin\javaw.exe

FirewallRules: [TCP Query User{63F4F807-1D24-442A-94BC-39FF19A77785}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe

FirewallRules: [uDP Query User{3F1C97F7-306F-4F22-947D-2303C282BF62}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe

FirewallRules: [TCP Query User{A4285092-38F4-4068-9DF2-32EEF72A6943}C:\mamp\bin\apache\bin\httpd.exe] => (Allow) C:\mamp\bin\apache\bin\httpd.exe

FirewallRules: [uDP Query User{F96AE503-12BD-4681-B331-37D7B701D20A}C:\mamp\bin\apache\bin\httpd.exe] => (Allow) C:\mamp\bin\apache\bin\httpd.exe

FirewallRules: [TCP Query User{E8D1ECE3-C62A-4A51-8D3C-EE2697173DAA}C:\mamp\bin\mysql\bin\mysqld.exe] => (Allow) C:\mamp\bin\mysql\bin\mysqld.exe

FirewallRules: [uDP Query User{19CB9674-82E0-41E9-BBEE-A8FCBEC9B614}C:\mamp\bin\mysql\bin\mysqld.exe] => (Allow) C:\mamp\bin\mysql\bin\mysqld.exe

FirewallRules: [{22E5D8EF-CD8C-4849-BF01-190C6D90BB37}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{88CB1EA0-AD13-4286-9A40-63347529240C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{B94F20FB-6F7B-4827-BED3-B668CEBC1E9E}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\NASCfg.exe] => Enabled:HP Media Vault Configuration

DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\NASDriveMapper.exe] => Enabled:HP Media Vault DriveMapper

DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\HPMVTray.exe] => Enabled:HP Media Vault Monitor

DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\NASSelector.exe] => Enabled:HP Media Vault Selector

StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\NASDriveMapper.exe] => Enabled:HP Media Vault DriveMapper

StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\NASCfg.exe] => Enabled:HP Media Vault Configuration

StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\HPMVTray.exe] => Enabled:HP Media Vault Monitor

StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\NASSelector.exe] => Enabled:HP Media Vault Selector


==================== Restore Points =========================


14-02-2017 11:54:42 AA11

22-02-2017 00:21:26 Scheduled Checkpoint

22-02-2017 13:37:41 Windows Update


==================== Faulty Device Manager Devices =============


Name: SBRE

Description: SBRE

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: SBRE

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.


Name: BitDefender Firewall NDIS 6 Filter Driver

Description: BitDefender Firewall NDIS 6 Filter Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: BdfNdisf

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.


Name: bdftdif

Description: bdftdif

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: bdftdif

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.



==================== Event log errors: =========================


Application errors:

==================

Error: (02/22/2017 11:23:57 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program iexplore.exe version 11.0.9600.18538 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.


Process ID: e5c


Start Time: 01d28d29392a80a0


Termination Time: 0


Application Path: C:\Program Files\Internet Explorer\iexplore.exe


Report Id:


Error: (02/22/2017 09:31:37 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iCloudDrive.exe, version: 1.6.10.167, time stamp: 0x58791a03

Faulting module name: iCloudDrive_main.dll, version: 1.6.10.167, time stamp: 0x587e6920

Exception code: 0xc0000005

Fault offset: 0x0010025c

Faulting process id: 0x7b4

Faulting application start time: 0x01d28d28c2cef8f0

Faulting application path: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe

Faulting module path: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive_main.dll

Report Id: 612cfe70-f91c-11e6-8e85-90e6ba591fe0


Error: (02/22/2017 09:26:51 AM) (Source: DbxSvc) (EventID: 320) (User: )

Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.


Error: (02/22/2017 09:18:33 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program iexplore.exe version 11.0.9600.18538 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.


Process ID: 3334


Start Time: 01d28d2331c01790


Termination Time: 0


Application Path: C:\Program Files\Internet Explorer\iexplore.exe


Report Id:


Error: (02/20/2017 01:00:01 AM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).


Error: (02/18/2017 10:16:51 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program SiteSpinnerProV2.exe version 2.9.2.17 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.


Process ID: 1fa0


Start Time: 01d28a549d3c0118


Termination Time: 63


Application Path: C:\Program Files (x86)\Virtual Mechanics\SiteSpinner Pro V2\bin\SiteSpinnerProV2.exe


Report Id: 8e605e59-f662-11e6-8fe7-90e6ba591fe0


Error: (02/17/2017 10:58:49 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.7601.17610, time stamp: 0x4dc0c63a

Faulting module name: mspst32.dll_unloaded, version: 0.0.0.0, time stamp: 0x511ab2ea

Exception code: 0xc0000005

Fault offset: 0x6e986515

Faulting process id: 0x2690

Faulting application start time: 0x01d289abe8433810

Faulting application path: C:\Windows\sysWow64\SearchProtocolHost.exe

Faulting module path: mspst32.dll

Report Id: 50ff13b0-f59f-11e6-8fe7-90e6ba591fe0


Error: (02/16/2017 02:11:49 PM) (Source: Microsoft Office 12) (EventID: 2001) (User: )

Description: Rejected Safe Mode action : Microsoft Office Outlook.


Error: (02/15/2017 12:24:16 PM) (Source: DbxSvc) (EventID: 320) (User: )

Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.


Error: (02/14/2017 12:05:16 PM) (Source: DbxSvc) (EventID: 320) (User: )

Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.



System errors:

=============

Error: (02/22/2017 09:28:57 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

Description: The following fatal alert was received: 20.


Error: (02/22/2017 05:25:32 PM) (Source: DCOM) (EventID: 10000) (User: )

Description: Unable to start a DCOM Server: {5F246A9A-A919-11D3-AB60-00C04FA3014E}. The error:

"740"

Happened while starting this command:

C:\Program Files (x86)\Photoshop6.0\Photoshp.exe -Embedding


Error: (02/22/2017 09:46:53 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: The server {9E6E74C7-0E85-4D14-8851-7635E2C1C528} did not register with DCOM within the required timeout.


Error: (02/22/2017 09:28:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID

{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}

and APPID

{344ED43D-D086-4961-86A6-1106F4ACAD9B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.


Error: (02/22/2017 09:27:08 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

BdfNdisf

bdftdif

cdrom

SBRE


Error: (02/22/2017 08:50:10 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

Description: The following fatal alert was received: 40.


Error: (02/21/2017 08:58:01 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: The server {9E6E74C7-0E85-4D14-8851-7635E2C1C528} did not register with DCOM within the required timeout.


Error: (02/20/2017 10:12:19 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

Description: The following fatal alert was received: 20.


Error: (02/20/2017 07:17:06 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: The server {9E6E74C7-0E85-4D14-8851-7635E2C1C528} did not register with DCOM within the required timeout.


Error: (02/19/2017 05:17:06 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: The server {9E6E74C7-0E85-4D14-8851-7635E2C1C528} did not register with DCOM within the required timeout.



CodeIntegrity:

===================================

Date: 2015-08-03 17:53:44.366

Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


Date: 2015-08-03 17:53:44.354

Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


Date: 2015-08-03 17:53:44.337

Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


Date: 2015-08-03 17:53:44.321

Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


Date: 2015-08-03 17:53:44.240

Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


Date: 2015-08-03 17:53:44.233

Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


Date: 2015-08-03 17:53:44.227

Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


Date: 2015-08-03 17:53:44.221

Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


Date: 2015-08-03 17:53:43.443

Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


Date: 2015-08-03 17:53:43.428

Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.



==================== Memory info ===========================


Processor: AMD Athlon II X2 240 Processor

Percentage of memory in use: 83%

Total physical RAM: 3839.3 MB

Available physical RAM: 648.63 MB

Total Virtual: 12837.49 MB

Available Virtual: 8020.92 MB


==================== Drives ================================


Drive c: (COMPAQ) (Fixed) (Total:455.94 GB) (Free:251.17 GB) NTFS

Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.72 GB) (Free:1.42 GB) NTFS ==>[system with boot components (obtained from drive)]


==================== MBR & Partition Table ==================


========================================================

Disk: 0 (Size: 465.8 GB) (Disk ID: 1549F232)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=455.9 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=9.7 GB) - (Type=07 NTFS)


==================== End of Addition.txt ============================

Share this post


Link to post
Share on other sites
There are several bad search engines and add-ons in the browsers.
Please, save AdwCleaner on the desktop: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

Turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.

Click on the Scan button.
Wait until the search has finished.

Click on the Log file button.
A report will be displayed, copy its content and paste into your reply.
If the report isn't displayed, it's available as C:\AdwCleaner\AdwCleaner[s1].txt.
There are also left-overs from Ad-Aware version 10 and those can disturb (un)installation of newer versions of Ad-Aware. But we'll take care of them when the adware is gone.
I can't see any service or driver of Ad-Aware 11.

Share this post


Link to post
Share on other sites
# AdwCleaner v6.043 - Logfile created 23/02/2017 at 23:42:29

# Updated on 27/01/2017 by Malwarebytes

# Database : 2017-02-23.4 [server]

# Operating System : Windows 7 Home Premium Service Pack 1 (X64)

# Username : Ron - SEMICHI

# Running from : C:\Users\Ron\Desktop\adwcleaner_6.043.exe

# Mode: Scan





***** [ Services ] *****


Service Found: swdumon



***** [ Folders ] *****


Folder Found: C:\Users\Ron\AppData\Local\Babylon

Folder Found: C:\Users\Ron\AppData\Local\Conduit

Folder Found: C:\Users\Ron\AppData\Local\PackageAware

Folder Found: C:\Users\Ron\AppData\Local\slimware utilities inc

Folder Found: C:\Users\Ron\AppData\Local\SlimWare Utilities Inc

Folder Found: C:\Users\Ron\AppData\LocalLow\adawaretb

Folder Found: C:\Users\Ron\AppData\LocalLow\Conduit

Folder Found: C:\Users\Ron\AppData\LocalLow\Inbox Toolbar

Folder Found: C:\Users\Ron\AppData\LocalLow\PriceGong

Folder Found: C:\Users\Ron\AppData\Roaming\AdvertismentImages

Folder Found: C:\Users\Ron\AppData\Roaming\Babylon

Folder Found: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Auto Updater

Folder Found: C:\Users\Employee Access\AppData\LocalLow\adawaretb

Folder Found: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\adawaretb

Folder Found: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Inbox Toolbar

Folder Found: C:\ProgramData\Auto Updater

Folder Found: C:\ProgramData\blekko toolbars

Folder Found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar

Folder Found: C:\Users\Public\Documents\Downloaded Installers

Folder Found: C:\Program Files (x86)\adawaretb

Folder Found: C:\Program Files (x86)\Auto Updater

Folder Found: C:\Program Files (x86)\Conduit

Folder Found: C:\Program Files (x86)\Inbox Toolbar

Folder Found: C:\Program Files (x86)\Toolbar Cleaner

Folder Found: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}

Folder Found: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\extensions\[email protected]

Folder Found: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla

Folder Found: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole

Folder Found: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\madakpajlmcpaodhfbekojajlhbdklol



***** [ Files ] *****


File Found: C:\Users\Ron\AppData\Local\Microsoft\Internet Explorer\DOMStore\IWRI2Z9F\fromdoctopdf.dl.myway[1].xml

File Found: C:\Windows\SysNative\drivers\swdumon.sys

File Found: C:\user.js



***** [ DLL ] *****


No malicious DLLs found.



***** [ WMI ] *****


No malicious keys found.



***** [ Shortcuts ] *****


Shortcut infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Help.lnk ( /showurl hxxp://www2.inbox.com/faq.aspx )

Shortcut infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Inbox.com.lnk ( /showurl hxxp://www.inbox.com/homepage.aspx?tbid=80105&iwk=318&lng=en )

Shortcut infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Settings.lnk ( /showurl hxxp://www2.inbox.com/settings/settings.aspx?lng=en )



***** [ Scheduled Tasks ] *****


Task Found: SlimCleaner Plus (Scheduled Scan - Ron)

Task Found: SlimCleaner Plus (Scheduled Scan - Ron)



***** [ Registry ] *****


Key Found: HKLM\SOFTWARE\Classes\Toolbar.CT3209604

Key Found: HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Key Found: HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Key Found: HKLM\SOFTWARE\Classes\Inbox.AppServer

Key Found: HKLM\SOFTWARE\Classes\Inbox.IBX404

Key Found: HKLM\SOFTWARE\Classes\Inbox.JSServer

Key Found: HKLM\SOFTWARE\Classes\Inbox.JSServer2

Key Found: HKLM\SOFTWARE\Classes\Inbox.Toolbar

Key Found: HKLM\SOFTWARE\Classes\Prod.cap

Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector

Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector.1

Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho

Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1

Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib

Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1

Key Found: [x64] HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Key Found: [x64] HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Key Found: [x64] HKLM\SOFTWARE\Classes\Inbox.AppServer

Key Found: [x64] HKLM\SOFTWARE\Classes\Inbox.IBX404

Key Found: [x64] HKLM\SOFTWARE\Classes\Inbox.JSServer

Key Found: [x64] HKLM\SOFTWARE\Classes\Inbox.JSServer2

Key Found: [x64] HKLM\SOFTWARE\Classes\Inbox.Toolbar

Key Found: [x64] HKLM\SOFTWARE\Classes\Prod.cap

Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector

Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1

Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho

Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1

Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib

Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1

Key Found: HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Found: HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found: HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}

Key Found: HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found: HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}

Key Found: HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found: HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Found: HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}

Key Found: HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}

Key Found: HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Found: HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

Key Found: HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Found: HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}

Key Found: HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}

Key Found: HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}

Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}

Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}

Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}

Key Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}

Value Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]

Key Found: HKU\.DEFAULT\Software\IGearSettings

Key Found: HKU\.DEFAULT\Software\Auslogics

Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Inbox Toolbar

Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\InstallCore

Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\SlimWare Utilities Inc

Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Zugo

Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\AppDataLow\Software\adawarebp

Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\AppDataLow\Software\adawaretb

Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\AppDataLow\Software\ConduitSearchScopes

Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\AppDataLow\Software\PriceGong

Key Found: HKU\S-1-5-18\Software\IGearSettings

Key Found: HKU\S-1-5-18\Software\Auslogics

Key Found: HKCU\Software\Inbox Toolbar

Key Found: HKCU\Software\InstallCore

Key Found: HKCU\Software\SlimWare Utilities Inc

Key Found: HKCU\Software\Zugo

Key Found: HKCU\Software\AppDataLow\Software\adawarebp

Key Found: HKCU\Software\AppDataLow\Software\adawaretb

Key Found: HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Found: HKCU\Software\AppDataLow\Software\PriceGong

Key Found: HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.

Key Found: HKLM\SOFTWARE\adawaretb

Key Found: HKLM\SOFTWARE\Babylon

Key Found: HKLM\SOFTWARE\Conduit

Key Found: HKLM\SOFTWARE\Freeze.com

Key Found: HKLM\SOFTWARE\Inbox Toolbar

Key Found: HKLM\SOFTWARE\InstallIQ

Key Found: HKLM\SOFTWARE\SlimWare Utilities Inc

Key Found: HKLM\SOFTWARE\Toolbar Cleaner

Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1

Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb

Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoUpdater_is1

Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

Key Found: [x64] HKCU\Software\Inbox Toolbar

Key Found: [x64] HKCU\Software\InstallCore

Key Found: [x64] HKCU\Software\SlimWare Utilities Inc

Key Found: [x64] HKCU\Software\Zugo

Key Found: [x64] HKCU\Software\AppDataLow\Software\adawarebp

Key Found: [x64] HKCU\Software\AppDataLow\Software\adawaretb

Key Found: [x64] HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Found: [x64] HKCU\Software\AppDataLow\Software\PriceGong

Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\SearchScopes\{07FD3917-1596-4165-9C39-D78089ED0FD1}

Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}

Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\SearchScopes\{7C560F43-CF86-4D10-BF85-D534839184F1}

Key Found: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\SearchScopes\{831AD50D-2C35-4C64-8FEE-E154A489B122}

Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{07FD3917-1596-4165-9C39-D78089ED0FD1}

Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}

Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7C560F43-CF86-4D10-BF85-D534839184F1}

Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{831AD50D-2C35-4C64-8FEE-E154A489B122}

Key Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{07FD3917-1596-4165-9C39-D78089ED0FD1}

Key Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}

Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{07FD3917-1596-4165-9C39-D78089ED0FD1}

Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}

Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7C560F43-CF86-4D10-BF85-D534839184F1}

Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{831AD50D-2C35-4C64-8FEE-E154A489B122}

Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{07FD3917-1596-4165-9C39-D78089ED0FD1}

Key Found: HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Found: HKLM\SOFTWARE\Classes\PROTOCOLS\handler\inbox

Key Found: HKLM\SOFTWARE\Classes\protocols\handler\inbox

Key Found: HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla

Key Found: HKLM\SOFTWARE\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole



***** [ Web browsers ] *****


Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "browser.babylon.HPOnNewTab" - "search.babylon.com"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "browser.search.order.1" - "Search the web (Babylon)"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "browser.search.selectedEngine" - "blekko"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.admin" - false

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.aflt" - "babsst"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.babExt" - ""

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.babTrack" - "affID=109930"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.bbDpng" - 30

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.dfltSrch" - false

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.hmpg" - false

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.id" - "64107edb000000000000c0c1c06054e4"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.instlDay" - "15420"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.instlRef" - "sst"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.lastDP" - 30

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.lastVrsnTs" - "1.5.3.1721:52:39"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.mntrFFxVrsn" - "17.0"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.newTab" - true

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.newTabUrl" - "hxxp://search.babylon.com/?babsrc=NT_bb"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.noFFXTlbr" - false

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.prdct" - "BabylonToolbar"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.propectorlck" - 92904910

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.prtkDS" - 1

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.prtkHmpg" - 1

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.prtnrId" - "babylon"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.ptch_0717" - true

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.smplGrp" - "tzb"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.srcExt" - "ss"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.tlbrId" - "tb9"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.vrsn" - "1.5.3.17"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.vrsnTs" - "1.5.3.1721:52:39"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar.vrsni" - "1.5.3.17"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.aflt" - "babsst"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.babExt" - ""

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.babTrack" - "affID=109930"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.hardId" - "64107edb000000000000c0c1c06054e4"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.id" - "64107edb000000000000c0c1c06054e4"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.instlDay" - "15420"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.instlRef" - "sst"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.newTab" - true

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.newTabUrl" - "hxxp://search.babylon.com/?AF=109930&babsrc=NT_ss&mntrId=64107edb00000000

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.prdct" - "BabylonToolbar"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.prtnrId" - "babylon"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.smplGrp" - "none"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.srcExt" - "ss"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.tlbrId" - "tb9"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.vrsn" - "1.5.3.17"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.vrsnTs" - "1.5.3.1721:52:39"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\prefs.js] - "extensions.BabylonToolbar_i.vrsni" - "1.5.3.17"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.babTrack" - "affID=109930"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.babExt" - ""

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.srcExt" - "ss"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.id" - "64107edb000000000000c0c1c06054e4"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.hardId" - "64107edb000000000000c0c1c06054e4"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.instlDay" - "15420"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.vrsn" - "1.5.3.17"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.vrsni" - "1.5.3.17"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.vrsnTs" - "1.5.3.1721:52:39"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.prtnrId" - "babylon"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.prdct" - "BabylonToolbar"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.aflt" - "babsst"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.smplGrp" - "none"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.tlbrId" - "tb9"

Firefox pref Found: [C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js] - "extensions.BabylonToolbar_i.instlRef" - "sst"

Chrome pref Found: [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com_

Chrome pref Found: [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com

Chrome pref Found: [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com

Chrome pref Found: [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - bopakagnckmlgajfccecajhnimjiiedh

Chrome pref Found: [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - jmfkcklnlgedgbglfkkgedjfmejoahla

Chrome pref Found: [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - madakpajlmcpaodhfbekojajlhbdklol

Chrome pref Found: [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - oejkcgajlodefenbbjdnaiahmbnnoole


*************************


C:\AdwCleaner\AdwCleaner[s0].txt - [23697 Bytes] - [23/02/2017 23:42:29]


########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [23771 Bytes] ##########

Share this post


Link to post
Share on other sites

A lot to delete there.

If you still use Inbox and Slimware utilities, you probably need to reinstall them afterwards.

 

1. Please, turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.

Click on the Scan button.
Wait until the search has finished.

Click on the Clean button.

Click on OK.
Click on OK on any message that pops up.
The computer will be restarted.

A report will be displayed, copy its content and paste into your reply.
If the report isn't displayed, it exist as C:\AdwCleaner\AdwCleaner[C0].txt.

 

2. Please, start FRST

Select Addition.txt and then let the program scan the computer.

Attach the two new log files and to do that you need to click on the More Reply Options button first.

 

 

3. Run an online scan with Eset (easiest with Internet Explorer) by following the instruction on http://support.eset.com/kb2921/ .

Select Enable detection of potentially unwanted applications.
Click Advanced Settings.

Deselect Remove found threats (important due to false positives).

Select:
Scan Archives
Enable detection of potentially unsafe applications
Enable detection of suspicious applications
Enable Anti-Stealth Technology

Click Start.

When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your reply.

Share this post


Link to post
Share on other sites

Sorry it took a few days to locate a usb drive and make a full backup before performing this operation.

 

# AdwCleaner v6.043 - Logfile created 27/02/2017 at 21:19:16
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-28.1 [server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Ron - SEMICHI
# Running from : C:\Users\Ron\Desktop\adwcleaner_6.043.exe
# Mode: Clean
***** [ Services ] *****
[-] Service deleted: swdumon
***** [ Folders ] *****
[-] Folder deleted: C:\Users\Ron\AppData\Local\Babylon
[-] Folder deleted: C:\Users\Ron\AppData\Local\Conduit
[-] Folder deleted: C:\Users\Ron\AppData\Local\PackageAware
[-] Folder deleted: C:\Users\Ron\AppData\Local\slimware utilities inc
[#] Folder deleted on reboot: C:\Users\Ron\AppData\Local\SlimWare Utilities Inc
[-] Folder deleted: C:\Users\Ron\AppData\LocalLow\adawaretb
[-] Folder deleted: C:\Users\Ron\AppData\LocalLow\Conduit
[-] Folder deleted: C:\Users\Ron\AppData\LocalLow\Inbox Toolbar
[-] Folder deleted: C:\Users\Ron\AppData\LocalLow\PriceGong
[-] Folder deleted: C:\Users\Ron\AppData\Roaming\AdvertismentImages
[-] Folder deleted: C:\Users\Ron\AppData\Roaming\Babylon
[-] Folder deleted: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Auto Updater
[-] Folder deleted: C:\Users\Employee Access\AppData\LocalLow\adawaretb
[-] Folder deleted: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\adawaretb
[-] Folder deleted: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Inbox Toolbar
[-] Folder deleted: C:\ProgramData\Auto Updater
[-] Folder deleted: C:\ProgramData\blekko toolbars
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar
[-] Folder deleted: C:\Users\Public\Documents\Downloaded Installers
[-] Folder deleted: C:\Program Files (x86)\adawaretb
[-] Folder deleted: C:\Program Files (x86)\Auto Updater
[-] Folder deleted: C:\Program Files (x86)\Conduit
[-] Folder deleted: C:\Program Files (x86)\Inbox Toolbar
[-] Folder deleted: C:\Program Files (x86)\Toolbar Cleaner
[-] Folder deleted: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[-] Folder deleted: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\extensions\[email protected]
[-] Folder deleted: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
[-] Folder deleted: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole
[-] Folder deleted: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\madakpajlmcpaodhfbekojajlhbdklol
***** [ Files ] *****
[-] File deleted: C:\Users\Ron\AppData\Local\Microsoft\Internet Explorer\DOMStore\IWRI2Z9F\fromdoctopdf.dl.myway[1].xml
[-] File deleted: C:\Windows\SysNative\drivers\swdumon.sys
[-] File deleted: C:\user.js
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
[!] Shortcut not deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Help.lnk
[!] Shortcut not deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Inbox.com.lnk
[!] Shortcut not deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Settings.lnk
***** [ Scheduled Tasks ] *****
[-] Task deleted: SlimCleaner Plus (Scheduled Scan - Ron)
[-] Task deleted: SlimCleaner Plus (Scheduled Scan - Ron)
***** [ Registry ] *****
[-] Key deleted: HKLM\SOFTWARE\Classes\Toolbar.CT3209604
[-] Key deleted: HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
[-] Key deleted: HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Inbox.AppServer
[-] Key deleted: HKLM\SOFTWARE\Classes\Inbox.IBX404
[-] Key deleted: HKLM\SOFTWARE\Classes\Inbox.JSServer
[-] Key deleted: HKLM\SOFTWARE\Classes\Inbox.JSServer2
[-] Key deleted: HKLM\SOFTWARE\Classes\Inbox.Toolbar
[-] Key deleted: HKLM\SOFTWARE\Classes\Prod.cap
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Inbox.AppServer
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Inbox.IBX404
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Inbox.JSServer
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Inbox.JSServer2
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Inbox.Toolbar
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Prod.cap
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
[-] Key deleted: HKU\.DEFAULT\Software\IGearSettings
[-] Key deleted: HKU\.DEFAULT\Software\Auslogics
[-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Inbox Toolbar
[-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\InstallCore
[-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\SlimWare Utilities Inc
[-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Zugo
[-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\AppDataLow\Software\adawarebp
[-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\AppDataLow\Software\adawaretb
[-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\AppDataLow\Software\ConduitSearchScopes
[-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\AppDataLow\Software\PriceGong
[-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1007\Software\AppDataLow\Software\adawarebp
[-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1009\Software\AppDataLow\Software\adawarebp
[-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1009\Software\AppDataLow\Software\adawaretb
[#] Key deleted on reboot: HKU\S-1-5-18\Software\IGearSettings
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Auslogics
[#] Key deleted on reboot: HKCU\Software\Inbox Toolbar
[#] Key deleted on reboot: HKCU\Software\InstallCore
[#] Key deleted on reboot: HKCU\Software\SlimWare Utilities Inc
[#] Key deleted on reboot: HKCU\Software\Zugo
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\adawarebp
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\adawaretb
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\ConduitSearchScopes
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\PriceGong
[-] Key deleted: HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key deleted: HKLM\SOFTWARE\adawaretb
[-] Key deleted: HKLM\SOFTWARE\Babylon
[-] Key deleted: HKLM\SOFTWARE\Conduit
[-] Key deleted: HKLM\SOFTWARE\Freeze.com
[-] Key deleted: HKLM\SOFTWARE\Inbox Toolbar
[-] Key deleted: HKLM\SOFTWARE\InstallIQ
[-] Key deleted: HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key deleted: HKLM\SOFTWARE\Toolbar Cleaner
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoUpdater_is1
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
[#] Key deleted on reboot: [x64] HKCU\Software\Inbox Toolbar
[#] Key deleted on reboot: [x64] HKCU\Software\InstallCore
[#] Key deleted on reboot: [x64] HKCU\Software\SlimWare Utilities Inc
[#] Key deleted on reboot: [x64] HKCU\Software\Zugo
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\adawarebp
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\adawaretb
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\ConduitSearchScopes
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\PriceGong
[-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\SearchScopes\{07FD3917-1596-4165-9C39-D78089ED0FD1}
[-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
[-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}
[-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
[-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\SearchScopes\{7C560F43-CF86-4D10-BF85-D534839184F1}
[-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\SearchScopes\{831AD50D-2C35-4C64-8FEE-E154A489B122}
[-] Key deleted: HKU\S-1-5-21-1719432816-2042769076-3470656445-1009\Software\Microsoft\Internet Explorer\SearchScopes\{07FD3917-1596-4165-9C39-D78089ED0FD1}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{07FD3917-1596-4165-9C39-D78089ED0FD1}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7C560F43-CF86-4D10-BF85-D534839184F1}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{831AD50D-2C35-4C64-8FEE-E154A489B122}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{07FD3917-1596-4165-9C39-D78089ED0FD1}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{07FD3917-1596-4165-9C39-D78089ED0FD1}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7C560F43-CF86-4D10-BF85-D534839184F1}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{831AD50D-2C35-4C64-8FEE-E154A489B122}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{07FD3917-1596-4165-9C39-D78089ED0FD1}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\escort.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\PROTOCOLS\handler\inbox
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\protocols\handler\inbox
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole
***** [ Web browsers ] *****
[-] Chrome preferences cleaned: "browser.babylon.HPOnNewTab" - "search.babylon.com"
[-] Chrome preferences cleaned: "browser.search.order.1" - "Search the web (Babylon)"
[-] Chrome preferences cleaned: "browser.search.selectedEngine" - "blekko"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar.admin" - false
[-] Chrome preferences cleaned: "extensions.BabylonToolbar.aflt" - "babsst"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar.babExt" - ""
[-] Chrome preferences cleaned: "extensions.BabylonToolbar.babTrack" - "affID=109930"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar.bbDpng" - 30
[-] Chrome preferences cleaned: "extensions.BabylonToolbar.dfltSrch" - false
[-] Chrome preferences cleaned: "extensions.BabylonToolbar.hmpg" - false
[-] Chrome preferences cleaned: "extensions.BabylonToolbar.id" - "64107edb000000000000c0c1c06054e4"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar.instlDay" - "15420"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar.instlRef" - "sst"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar.lastDP" - 30
[-] Chrome preferences cleaned: "extensions.BabylonToolbar.lastVrsnTs" - "1.5.3.1721:52:39"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar.mntrFFxVrsn" - "17.0"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar.newTab" - true
[-] Chrome preferences cleaned: "extensions.BabylonToolbar.newTabUrl" - "hxxp://search.babylon.com/?babsrc=NT_bb"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar.noFFXTlbr" - false
[-] Chrome preferences cleaned: "extensions.BabylonToolbar.prdct" - "BabylonToolbar"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar.propectorlck" - 92904910
[-] Chrome preferences cleaned: "extensions.BabylonToolbar.prtkDS" - 1
[-] Chrome preferences cleaned: "extensions.BabylonToolbar.prtkHmpg" - 1
[-] Chrome preferences cleaned: "extensions.BabylonToolbar.prtnrId" - "babylon"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar.ptch_0717" - true
[-] Chrome preferences cleaned: "extensions.BabylonToolbar.smplGrp" - "tzb"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar.srcExt" - "ss"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar.tlbrId" - "tb9"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar.vrsn" - "1.5.3.17"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar.vrsnTs" - "1.5.3.1721:52:39"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar.vrsni" - "1.5.3.17"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.aflt" - "babsst"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.babExt" - ""
[-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.babTrack" - "affID=109930"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.hardId" - "64107edb000000000000c0c1c06054e4"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.id" - "64107edb000000000000c0c1c06054e4"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.instlDay" - "15420"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.instlRef" - "sst"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.newTab" - true
[-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.newTabUrl" - "hxxp://search.babylon.com/?AF=109930&babsrc=NT_ss&mntrId=64107edb000000000000c0c1c06054e4"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.prdct" - "BabylonToolbar"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.prtnrId" - "babylon"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.smplGrp" - "none"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.srcExt" - "ss"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.tlbrId" - "tb9"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.vrsn" - "1.5.3.17"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.vrsnTs" - "1.5.3.1721:52:39"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.vrsni" - "1.5.3.17"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.babTrack" - "affID=109930"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.babExt" - ""
[-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.srcExt" - "ss"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.id" - "64107edb000000000000c0c1c06054e4"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.hardId" - "64107edb000000000000c0c1c06054e4"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.instlDay" - "15420"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.vrsn" - "1.5.3.17"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.vrsni" - "1.5.3.17"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.vrsnTs" - "1.5.3.1721:52:39"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.prtnrId" - "babylon"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.prdct" - "BabylonToolbar"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.aflt" - "babsst"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.smplGrp" - "none"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.tlbrId" - "tb9"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar_i.instlRef" - "sst"
[-] [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Deleted: ask.com_
[-] [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Deleted: aol.com
[-] [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Deleted: ask.com
[-] [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: bopakagnckmlgajfccecajhnimjiiedh
[-] [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: jmfkcklnlgedgbglfkkgedjfmejoahla
[-] [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: madakpajlmcpaodhfbekojajlhbdklol
[-] [C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: oejkcgajlodefenbbjdnaiahmbnnoole
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [20679 Bytes] - [27/02/2017 21:19:16]
C:\AdwCleaner\AdwCleaner[s0].txt - [23967 Bytes] - [23/02/2017 23:42:29]
C:\AdwCleaner\AdwCleaner[s1].txt - [24503 Bytes] - [27/02/2017 21:14:10]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [20901 Bytes] ##########
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-02-2017 01
Ran by Ron (administrator) on SEMICHI (27-02-2017 21:34:36)
Running from C:\Users\Ron\Desktop
Loaded Profiles: Ron (Available Profiles: Ron & LogMeInRemoteUser & Test & UpdatusUser & Employee Access)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Microsoft Corporation) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\MICROSOFT SQL SERVER\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(File Type Advisor) C:\Program Files (x86)\File Type Advisor\fileadvisor.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Google) C:\Users\Ron\AppData\Roaming\Google\Google Talk\googletalk.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Gadwin Systems) C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen64.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
() C:\UPS\WSTD\UPSNA1Msgr.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Tethys Solutions, LLC) C:\Program Files (x86)\Launch-n-Go\HotKey.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Tethys Solutions, LLC) C:\Program Files (x86)\Launch-n-Go\HotKey.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe
() C:\UPS\WSTD\WSTDMessaging.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [seagull Drivers] => ssdal_nc.exe startup
HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2010-09-17] (LogMeIn, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2016-03-26] (Apple Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
HKLM-x32\...\Run: [NA1Messenger] => C:\UPS\WSTD\UPSNA1Msgr.exe [24576 2009-12-01] ()
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26781320 2017-02-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [DLSService] => C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe [55808 2009-09-29] (Sanford, L.P.)
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [brMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2017-01-13] (Apple Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-04-01] (Google Inc.)
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1041736 2012-10-16] ()
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [googletalk] => C:\Users\Ron\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [Google Update] => C:\Users\Ron\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [eM Client] => "C:\Program Files (x86)\eM Client\MailClient.exe" /startup
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [eFax 4.4] => "C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" /R
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1084688 2016-04-21] (Apple Inc.)
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [Gadwin PrintScreen (64-bit)] => C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen64.exe [14439584 2014-10-15] (Gadwin Systems)
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2017-02-19] (Siber Systems)
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\MountPoints2: {b0312b54-e9fc-11e4-beed-90e6ba591fe0} - F:\autorun.exe
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\MountPoints2: {ecfc6d99-6036-11e2-bea1-90e6ba591fe0} - F:\iStudio.exe
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\MountPoints2: {ecfc6fce-6036-11e2-bea1-90e6ba591fe0} - F:\iLinker.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2016-02-22]
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2013-06-19]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launch-n-Go Hotkeys.lnk [2010-04-30]
ShortcutTarget: Launch-n-Go Hotkeys.lnk -> C:\Program Files (x86)\Launch-n-Go\HotKey.exe (Tethys Solutions, LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-06-09]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk [2009-11-12]
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk [2010-03-11]
ShortcutTarget: UPS WorldShip Messaging Utility.lnk -> C:\UPS\WSTD\WSTDMessaging.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk [2010-03-11]
ShortcutTarget: UPS WorldShip PLD Reminder Utility.lnk -> C:\UPS\WSTD\wstdPldReminder.exe (UPS)
Startup: C:\Users\Employee Access\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2013-11-14]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk [2012-07-12]
ShortcutTarget: eFax 4.4.lnk -> C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe (No File)
Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2012-03-29]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OUTLOOK.EXE - Shortcut.lnk [2016-09-12]
ShortcutTarget: OUTLOOK.EXE - Shortcut.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{0E97319C-1499-443F-8DA1-F948B1EEF128}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{54A572E2-5771-4B92-B793-AB9A69B0E820}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{EC8C1B85-DABD-4F8E-B5DF-520CE2B95ECA}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {BA2C68D5-0C58-4043-8FC8-7AC3A4725332} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {BA2C68D5-0C58-4043-8FC8-7AC3A4725332} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {8816804E-C5E1-411B-ACCC-DEB9C0021740} URL =
SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {BA2C68D5-0C58-4043-8FC8-7AC3A4725332} URL =
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-02-19] (Siber Systems Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-02-19] (Siber Systems Inc.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-19] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-06-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-19] (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-02-19] (Siber Systems Inc.)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2013-06-19] (LastPass)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-02-19] (Siber Systems Inc.)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2013-06-19] (LastPass)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-02-19] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> No Name - {B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} - No File
Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM-x32 {106E49CF-797A-11D2-81A2-00E02C015623} hxxp://www.alternatiff.com/distribution/alternatiff-ax-w32-2.0.4.cab
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {49232000-16E4-426C-A231-62846947304B} hxxps://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: HKLM-x32 {74F4F118-91E6-4AFC-B8D2-04066781F239} hxxps://www.member-data.com/rdc/EZTwainX.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1074
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Ron\AppData\Roaming\Mozilla\SeaMonkey\Profiles\6k0syyf3.default [2017-02-27]
FF Extension: (ChatZilla) - C:\Users\Ron\AppData\Roaming\Mozilla\SeaMonkey\Profiles\6k0syyf3.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2015-04-22] [not signed]
FF Extension: (JavaScript Debugger) - C:\Users\Ron\AppData\Roaming\Mozilla\SeaMonkey\Profiles\6k0syyf3.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2013-10-01] [not signed]
FF ProfilePath: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default [2017-02-27]
FF user.js: detected! => C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\user.js [2017-02-27]
FF Homepage: Mozilla\Firefox\Profiles\4luj5tdd.default -> hxxps://www.aspenshopsonline.com/a_1419control/login.php
FF Keyword.URL: Mozilla\Firefox\Profiles\4luj5tdd.default -> hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF NetworkProxy: Mozilla\Firefox\Profiles\4luj5tdd.default -> type", 0
FF Extension: (iCloud Bookmarks) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\[email protected] [2014-02-26] [not signed]
FF Extension: (SaveFrom.net - helper) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\[email protected] [2016-04-26]
FF Extension: (Add Google Search To New Tab Page) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\[email protected] [2014-05-16] [not signed]
FF Extension: (AmazonSmile 1Button for Firefox) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\[email protected] [2014-06-20] [not signed]
FF Extension: (LastPass) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\[email protected] [2014-08-20] [not signed]
FF Extension: (DNS Flusher) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\4luj5tdd.default\Extensions\{7d575baa-b543-11dc-8314-0800200c9a66}.xpi [2014-09-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG10\Firefox4
FF Extension: (AVG Safe Search) - C:\Program Files (x86)\AVG\AVG10\Firefox4 [2012-09-17] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: (RoboForm Toolbar) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2017-02-19]
FF HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Firefox\Extensions: [{D8555115-7DE9-11E1-826D-B8AC6F996F26}] - C:\Users\Ron\AppData\Local\{D8555115-7DE9-11E1-826D-B8AC6F996F26}
FF Extension: (Translate This!) - C:\Users\Ron\AppData\Local\{D8555115-7DE9-11E1-826D-B8AC6F996F26} [2012-04-03] [not signed]
FF HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/PDFLite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [2014-02-26] (Simon Bünzli)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: @mozilla.zeniko.ch/PDFLite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [2014-02-26] (Simon Bünzli)
FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Ron\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: @talk.google.com/O1DPlugin -> C:\Users\Ron\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: SkypePlugin -> C:\Users\Ron\AppData\Local\SkypePlugin\7.12.0.55\npGatewayNpapi.dll [2015-12-08] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-1719432816-2042769076-3470656445-1001: SkypePlugin64 -> C:\Users\Ron\AppData\Local\SkypePlugin\7.12.0.55\npGatewayNpapi-x64.dll [2015-12-08] (Skype Technologies S.A.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2011-03-18] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPEltr32.dll [2008-07-28] (UPS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2011-03-18] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-09-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-09-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-09-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-09-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-09-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Ron\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Ron\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File
CHR Plugin: (RoboForm Plugin for Google Chrome/Opera/etc.) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\plugin/rf-np-plugin.dll (Siber Systems Inc.)
CHR Plugin: (AVG Internet Security) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Profile: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default [2017-02-27]
CHR Extension: (Entanglement Web App) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2013-10-16]
CHR Extension: (iCloud Bookmarks) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2016-04-24]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-02-24]
CHR Extension: (Poppit!) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-11-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-21]
CHR Extension: (Chrome Media Router) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR Extension: (RoboForm Password Manager) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2017-02-16]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-07]
CHR HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - C:\Program Files (x86)\LastPass\lpchrome.crx [2013-06-19]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-07]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
S4 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S4 BRA_Scheduler; C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [99328 2015-01-14] () [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46408 2017-02-09] (Dropbox, Inc.)
S4 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
S4 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1039376 2017-01-16] (Garmin Ltd. or its subsidiaries)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [File not signed]
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2013-06-07] (LogMeIn, Inc.)
S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2013-06-07] (LogMeIn, Inc.)
S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2010-11-08] (LogMeIn, Inc.)
R2 MSSQL$UPSWSDBSERVER; c:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 RunSwUSB; C:\Windows\runSW.exe [48856 2013-10-18] ()
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S4 WSWUSB6300; C:\Program Files (x86)\Linksys WUSB6300\WifiSvc.exe [312144 2013-07-22] () [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [35456 2012-10-24] () [File not signed]
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-01] (GFI Software)
S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-30] (Broadcom Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-13] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [40464 2007-11-06] (CACE Technologies)
S3 PcaSp50; C:\Windows\System32\Drivers\PcaSp50.sys [45624 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA))
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2978520 2014-01-10] (Realtek Semiconductor Corporation )
R3 SPorts; C:\Windows\System32\DRIVERS\SPorts.sys [122880 2009-08-17] ()
S1 BdfNdisf; \??\c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [X]
S1 bdftdif; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdftdif.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-27 21:33 - 2017-02-27 21:33 - 00000000 ____D C:\Users\Ron\Desktop\FRST-OlderVersion
2017-02-27 21:32 - 2017-02-27 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-25 22:50 - 2017-02-25 22:50 - 00000000 ____D C:\Users\Public\Obituary
2017-02-25 22:33 - 2017-02-25 22:33 - 00000000 ____D C:\Users\Ron\Launch-n-Go
2017-02-25 22:33 - 2017-02-25 22:33 - 00000000 ____D C:\Users\Ron\Instructiion Manuals
2017-02-25 22:32 - 2017-02-25 22:32 - 00000000 ____D C:\Users\Ron\Family Documents
2017-02-25 22:26 - 2017-02-25 22:27 - 00000000 ____D C:\Users\Ron\Desktop\signature images
2017-02-25 22:25 - 2017-02-25 22:25 - 00000000 ____D C:\Users\Ron\Farm
2017-02-25 22:22 - 2017-02-25 22:22 - 00001630 _____ C:\Users\Ron\Software licenses for GreatSitkin.txt
2017-02-25 19:29 - 2017-02-25 19:30 - 00000118 _____ C:\Users\Ron\Desktop\2017 BGAS POLL.txt
2017-02-25 17:20 - 2017-02-25 17:20 - 06971584 _____ (Tim Kosse) C:\Users\Ron\Downloads\FileZilla_3.24.1_win64-setup.exe
2017-02-24 15:48 - 2017-02-24 15:48 - 00000000 ____D C:\Users\Test\AppData\Local\ElevatedDiagnostics
2017-02-24 15:32 - 2017-02-24 15:32 - 00000000 ____D C:\Users\Employee Access\AppData\Roaming\Sun
2017-02-24 15:28 - 2017-02-24 15:29 - 00000000 ____D C:\Users\Employee Access\AppData\Local\Dropbox
2017-02-24 15:14 - 2017-02-24 15:14 - 00101580 _____ C:\Windows\ntbtlog.txt
2017-02-24 00:08 - 2017-02-24 00:10 - 00000000 ____D C:\brodnt
2017-02-23 23:40 - 2017-02-27 21:19 - 00000000 ____D C:\AdwCleaner
2017-02-23 23:36 - 2017-02-23 23:36 - 04015056 _____ C:\Users\Ron\Desktop\adwcleaner_6.043.exe
2017-02-23 06:53 - 2017-02-23 06:55 - 00081564 _____ C:\Users\Ron\Desktop\Addition.txt
2017-02-23 06:50 - 2017-02-27 21:37 - 00041570 _____ C:\Users\Ron\Desktop\FRST.txt
2017-02-23 06:50 - 2017-02-27 21:34 - 00000000 ____D C:\FRST
2017-02-23 06:49 - 2017-02-27 21:33 - 02423296 _____ (Farbar) C:\Users\Ron\Desktop\FRST64.exe
2017-02-22 09:00 - 2017-02-22 09:00 - 00000000 ____D C:\ProgramData\Lavasoft
2017-02-21 11:49 - 2017-02-21 11:49 - 00046184 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-02-21 11:49 - 2017-02-21 11:49 - 00046184 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-02-18 19:20 - 2017-02-18 19:20 - 00000321 _____ C:\Users\Ron\Downloads\Buffalo_Grass_Acoustic_Society.vcf
2017-02-16 23:26 - 2017-02-17 15:34 - 00000000 ____D C:\Users\Ron\Desktop\BGAS dailies
2017-02-14 11:57 - 2017-02-14 11:57 - 00000000 ____D C:\Users\Ron\AppData\Local\AdAwareUpdater
2017-02-14 11:54 - 2017-02-14 11:54 - 00000000 ____D C:\ProgramData\adaware
2017-02-12 20:33 - 2017-02-23 06:31 - 00010250 _____ C:\Users\Ron\Desktop\PRIZEGRAB.xlsx
2017-02-10 08:59 - 2017-02-10 08:59 - 00000055 _____ C:\Users\Ron\Desktop\Brad birthday ideas.txt
2017-02-09 01:33 - 2017-02-09 01:33 - 00046408 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-02-09 01:33 - 2017-02-09 01:33 - 00046184 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-02-05 20:03 - 2017-02-05 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
2017-02-05 20:02 - 2017-02-05 20:02 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
2017-02-05 20:02 - 2017-02-05 20:02 - 00001153 _____ C:\Users\Public\Desktop\Debut Video Capture Software.lnk
2017-02-04 21:31 - 2017-02-04 21:31 - 00002183 _____ C:\Users\Public\Desktop\Google Earth.lnk
2017-02-04 21:31 - 2017-02-04 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-02-01 13:03 - 2017-02-06 13:16 - 00000000 ____D C:\Users\Ron\Desktop\UPS Print Services
2017-02-01 11:31 - 2017-02-01 11:31 - 00004096 ____H C:\Users\Ron\AppData\Local\keyfile3.drm
2017-01-31 21:27 - 2017-01-31 21:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-01-31 21:25 - 2017-01-31 21:27 - 00000000 ____D C:\Program Files\iTunes
2017-01-31 21:25 - 2017-01-31 21:25 - 00000000 ____D C:\Program Files\iPod
2017-01-31 21:19 - 2017-01-31 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-27 21:34 - 2016-07-14 23:39 - 00000000 ____D C:\Users\Ron\AppData\Local\4B746940-4173-44A8-928A-9477EFAB0062.aplzod
2017-02-27 21:33 - 2013-02-21 19:02 - 00000000 ___RD C:\Users\Ron\Dropbox
2017-02-27 21:32 - 2015-10-08 20:49 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-27 21:30 - 2012-05-11 13:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-27 21:29 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\tracing
2017-02-27 21:27 - 2016-07-14 23:38 - 00000000 ___RD C:\Users\Ron\iCloudDrive
2017-02-27 21:27 - 2015-05-05 03:28 - 00000000 ____D C:\Users\Ron\AppData\Local\CrashDumps
2017-02-27 21:23 - 2012-07-23 13:04 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2017-02-27 21:22 - 2015-10-08 20:50 - 00000898 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-02-27 21:22 - 2011-09-17 15:11 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2017-02-27 21:22 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-27 21:21 - 2012-05-08 10:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-27 21:15 - 2015-10-08 20:50 - 00000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-02-27 20:35 - 2016-12-03 20:35 - 00000000 ____D C:\Users\Ron\AppData\Roaming\FileAdvisor
2017-02-27 14:17 - 2017-01-05 14:50 - 00000000 ____D C:\Users\Ron\AppData\LocalLow\Mozilla
2017-02-27 14:17 - 2016-08-23 16:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-27 13:43 - 2016-09-27 17:38 - 00000000 ____D C:\Users\Ron\Desktop\a-KCEG UPLOADS
2017-02-27 13:05 - 2016-03-20 21:39 - 00000000 ____D C:\Users\Ron\My IMS Projects
2017-02-27 04:15 - 2009-07-13 21:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-27 04:15 - 2009-07-13 21:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-26 23:59 - 2011-07-24 12:36 - 00000000 ____D C:\Users\Ron\AppData\Roaming\FileZilla
2017-02-26 19:00 - 2009-07-13 22:13 - 00857162 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-26 19:00 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2017-02-25 23:24 - 2015-08-07 11:26 - 00000000 ____D C:\MANUALS
2017-02-25 22:35 - 2015-08-01 18:17 - 00000000 ____D C:\Users\Ron\MEDICAL-HEALTH
2017-02-25 22:33 - 2010-01-27 01:03 - 00000000 ___RD C:\Users\Ron
2017-02-25 22:26 - 2013-03-15 13:39 - 01013248 ___SH C:\Users\Ron\Desktop\Thumbs.db
2017-02-25 22:26 - 2010-03-11 11:01 - 00000000 ____D C:\UPS
2017-02-24 15:50 - 2010-03-11 11:10 - 00000199 _____ C:\Windows\wstdUPSWSHIP.INI
2017-02-24 15:28 - 2013-11-14 17:44 - 00095744 _____ C:\Users\Employee Access\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-24 03:09 - 2013-07-21 02:01 - 00000000 ____D C:\Windows\system32\MRT
2017-02-24 03:02 - 2010-02-22 07:35 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-23 23:01 - 2014-09-28 18:19 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Audacity
2017-02-23 12:29 - 2016-03-28 23:02 - 00000000 ____D C:\Users\Ron\Aspen Shops
2017-02-23 08:13 - 2010-03-12 12:48 - 00000000 ____D C:\Users\Ron\AppData\Local\ElevatedDiagnostics
2017-02-23 08:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2017-02-23 07:13 - 2010-03-12 12:09 - 00000000 ____D C:\Program Files (x86)\Passkeeper
2017-02-22 15:27 - 2016-12-02 20:03 - 00000000 ____D C:\Users\Ron\AppData\Roaming\mp3tagpro
2017-02-22 13:13 - 2016-02-20 12:44 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-19 22:16 - 2010-03-12 12:55 - 00001082 _____ C:\Windows\Brpfx04a.ini
2017-02-19 22:15 - 2010-02-22 10:34 - 00000466 _____ C:\Windows\BRWMARK.INI
2017-02-19 12:41 - 2011-06-16 20:23 - 00004104 _____ C:\Windows\System32\Tasks\Open URL by RoboForm
2017-02-19 12:41 - 2011-03-16 22:53 - 00003486 _____ C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon
2017-02-19 12:33 - 2011-12-16 04:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2017-02-17 22:36 - 2016-02-21 01:05 - 00000000 ____D C:\Users\Ron\Desktop\TEMPORARY PICS
2017-02-17 13:20 - 2017-01-06 14:16 - 00000000 ____D C:\Users\Ron\AppData\Local\FileZilla
2017-02-16 23:26 - 2014-02-21 00:01 - 00000000 ____D C:\Users\Ron\BGAS
2017-02-16 14:11 - 2015-08-21 21:11 - 00000000 ____D C:\Users\Ron\Wilks Home Sale
2017-02-11 19:17 - 2016-06-05 23:41 - 00000861 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-02-11 19:12 - 2013-02-21 19:02 - 00001269 _____ C:\Users\Ron\Desktop\Dropbox.lnk
2017-02-10 19:55 - 2013-09-09 06:58 - 00268288 ___SH C:\Users\Ron\Thumbs.db
2017-02-09 15:29 - 2010-11-19 11:32 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForRon
2017-02-09 15:29 - 2010-11-19 11:32 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForRon.job
2017-02-09 15:27 - 2013-07-26 19:45 - 00000000 ____D C:\BGAS WEBFILES
2017-02-08 13:06 - 2017-01-08 00:52 - 00000000 ____D C:\Users\Ron\Desktop\SCRIPTS 2017
2017-02-08 01:35 - 2016-12-02 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mp3Tag Pro 9
2017-02-08 01:35 - 2016-12-02 20:03 - 00000000 ____D C:\Program Files (x86)\mp3Tag Pro 9
2017-02-06 13:31 - 2010-04-06 17:27 - 00002234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-05 20:11 - 2016-12-02 20:50 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2017-02-05 20:03 - 2016-12-08 02:15 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Free YouTube to MP3 Converter Studio
2017-02-05 20:03 - 2016-12-02 20:50 - 00000000 ____D C:\ProgramData\NCH Software
2017-02-05 20:03 - 2016-12-02 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2017-02-05 20:02 - 2011-09-29 09:10 - 00000000 ____D C:\Users\Ron\AppData\Roaming\NCH Software
2017-02-05 20:02 - 2010-04-07 17:40 - 00000000 ____D C:\Program Files (x86)\NCH Software
2017-02-04 21:31 - 2010-04-01 20:50 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-02 13:44 - 2016-01-08 00:32 - 00002136 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2017-02-02 13:44 - 2011-07-24 12:36 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2017-02-02 02:20 - 2016-11-10 14:12 - 00000000 ____D C:\Users\Ron\Desktop\Linda - health-death
2017-02-01 13:11 - 2016-08-31 10:34 - 00000000 ____D C:\Users\Ron\Desktop\Jam Poster images
2017-01-31 21:25 - 2012-05-17 20:30 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-01-31 10:00 - 2010-02-21 21:18 - 00000544 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
==================== Files in the root of some directories =======
2013-01-19 00:09 - 2013-01-19 00:10 - 0031126 __RSH () C:\Program Files (x86)\DLS8Uninstall.log
2013-06-19 22:54 - 2013-06-19 22:54 - 14880256 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-12-31 23:20 - 2016-04-18 20:14 - 0601088 _____ () C:\Users\Ron\AppData\Roaming\SharedSettings.ccs
2010-03-12 13:17 - 2014-11-05 20:43 - 0000258 _____ () C:\Users\Ron\AppData\Roaming\wklnhst.dat
2013-01-19 16:46 - 2016-10-21 12:45 - 0114176 _____ () C:\Users\Ron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-02-01 11:31 - 2017-02-01 11:31 - 0004096 ____H () C:\Users\Ron\AppData\Local\keyfile3.drm
2011-07-12 04:35 - 2013-09-08 23:15 - 0000600 _____ () C:\Users\Ron\AppData\Local\PUTTY.RND
2016-10-12 13:06 - 2016-10-12 13:06 - 0000837 _____ () C:\Users\Ron\AppData\Local\recently-used.xbel
2010-03-19 07:32 - 2016-09-29 21:09 - 0007606 _____ () C:\Users\Ron\AppData\Local\resmon.resmoncfg
2011-02-13 22:09 - 2011-02-13 22:09 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2015-10-01 09:12 - 2015-10-01 09:12 - 0010392 _____ () C:\ProgramData\regid.2015-09.com.zebra_382F6BCF-CF0F-4390-94F1-6CEF82FFFB02.swidtag
Files to move or delete:
====================
C:\Users\Public\pass.dat
C:\Users\Ron\en_res.dll
C:\Users\Ron\es_res.dll
C:\Users\Ron\fr_res.dll
C:\Users\Ron\grm_res.dll
C:\Users\Ron\it_res.dll
C:\Users\Ron\jp_res.dll
C:\Users\Ron\lyrics-finder.exe
C:\Users\Ron\mfc80u.dll
C:\Users\Ron\msvcr80.dll
C:\Users\Ron\PCPE Setup.exe
C:\Users\Ron\pt_res.dll
C:\Users\Ron\ResourceReader.dll
C:\Users\Ron\ripsetup.exe
C:\Users\Ron\ru_res.dll
C:\Users\Ron\zh_res.dll
Some files in TEMP:
====================
2013-11-29 18:48 - 2013-11-29 18:48 - 0000000 _____ () C:\Users\Employee Access\AppData\Local\Temp\c3bty7qd.dll
2016-12-02 20:50 - 2016-12-02 20:50 - 0875792 _____ (NCH Software) C:\Users\Ron\AppData\Local\Temp\burnsetup.exe
2017-02-05 20:02 - 2017-02-05 20:02 - 1681656 _____ (NCH Software) C:\Users\Ron\AppData\Local\Temp\debutsetup.exe
2016-12-16 19:17 - 2017-02-19 12:32 - 21360360 _____ (Siber Systems) C:\Users\Ron\AppData\Local\Temp\RoboForm-Setup.exe
2016-12-02 20:50 - 2016-12-02 20:50 - 0727784 _____ (NCH Software) C:\Users\Ron\AppData\Local\Temp\rpsetup.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-22 00:14\
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2017 01
Ran by Ron (27-02-2017 21:38:43)
Running from C:\Users\Ron\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-01-27 08:03:43)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1719432816-2042769076-3470656445-500 - Administrator - Disabled)
Employee Access (S-1-5-21-1719432816-2042769076-3470656445-1009 - Limited - Enabled) => C:\Users\Employee Access
Guest (S-1-5-21-1719432816-2042769076-3470656445-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1719432816-2042769076-3470656445-1002 - Limited - Enabled)
LogMeInRemoteUser (S-1-5-21-1719432816-2042769076-3470656445-1006 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser
Ron (S-1-5-21-1719432816-2042769076-3470656445-1001 - Administrator - Enabled) => C:\Users\Ron
Test (S-1-5-21-1719432816-2042769076-3470656445-1007 - Administrator - Enabled) => C:\Users\Test
UpdatusUser (S-1-5-21-1719432816-2042769076-3470656445-1008 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Artweaver 1.0 (HKLM-x32\...\{A025CFB8-64E7-4432-824F-11E7C5ED2ECE}_is1) (Version: 1.0 - Boris Eyrich Software)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AudioConverter Studio 9.1 (HKLM-x32\...\AudioConverter Studio_is1) (Version: - ManiacTools.com)
AutoHotkey 1.1.13.01 (HKLM\...\AutoHotkey) (Version: 1.1.13.01 - Lexikos)
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
BitTorrent (HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\BitTorrent) (Version: 7.9.7.42331 - BitTorrent Inc.)
Blueberry PDF Form Filler (x32 Version: 1.0.0.89 - Blueberry Consultants) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BRAdmin Professional 3 (HKLM-x32\...\{75C885D4-C758-4896-A3B4-90DA34B44C31}) (Version: 3.58.0003 - Brother)
Brother HL-4040CDN (HKLM-x32\...\{341F242E-90A8-471E-A72B-4306040E5416}) (Version: 1.00 - Brother)
Brother MFL-Pro Suite MFC-7840W (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
CCC (x32 Version: 12.00.0000 - United Parcel Service, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Core FTP LE 2.1 (HKLM-x32\...\Core FTP LE 2.1) (Version: - )
Crimson Editor SVN286 (HKLM-x32\...\Crimson Editor SVN286) (Version: SVN286 - Emerald Editor Community)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAZzle (HKLM-x32\...\DAZzle) (Version: - )
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 3.07 - NCH Software)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 20.4.19 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.2.0.794 - Sanford, L.P.)
DYMO LabelWriter Drivers (HKLM\...\{CE16D92B-50F3-4FC5-B29C-13FAFEE1A6C6}) (Version: 8.3.0.443 - Sanford L.P.)
DYMO Printable Postage (HKLM-x32\...\Printable Postage.exe) (Version: 4.0 - Endicia Internet Postage)
Elevated Installer (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Evernote v. 6.1.2 (HKLM-x32\...\{A46ABD1E-2837-11E6-9E7C-005056951CAD}) (Version: 6.1.2.2292 - Evernote Corp.)
Express Burn Disc Burning Software (HKLM-x32\...\ExpressBurn) (Version: 5.15 - NCH Software)
Express Rip CD Ripper Software (HKLM-x32\...\ExpressRip) (Version: 1.97 - NCH Software)
FastStone Image Viewer 4.0 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.0 - FastStone Soft)
Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)
File Type Advisor 1.6 (HKLM-x32\...\File Type Advisor_is1) (Version: - )
FileZilla Client 3.24.0 (HKLM-x32\...\FileZilla Client) (Version: 3.24.0 - Tim Kosse)
FlipShare (HKLM-x32\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video)
FormsComponent (x32 Version: 12.00.0000 - UPS) Hidden
FOSS (x32 Version: 12.50.0000 - UPS) Hidden
Free M4a to MP3 Converter 9.3 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Free YouTube to MP3 Converter Studio 9.0 (HKLM-x32\...\Free YouTube to MP3 Converter Studio_is1) (Version: - mediaprolab.com)
Gadwin PrintScreen (64-Bit) (HKLM\...\{819A52E1-0929-469A-BEB6-1AEBE0873CFC}) (Version: 5.4.2.0 - Gadwin Systems)
Garmin Express (HKLM-x32\...\{9fbf4745-0038-4ed3-aee1-87af9b9ef8f1}) (Version: 5.1.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 8.4.3.3 - Siber Systems)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Talk (remove only) (HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - )
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Google Web Designer (HKLM\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 1.3.10.0 - Google Inc.)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Media Vault Pro (HKLM-x32\...\{01ACF590-90FE-43EE-906E-EC051D587CA8}) (Version: 1.2.1.16218 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 9.7.3 - Hewlett-Packard Company)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
ICCHelp (HKLM-x32\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 1.0.0.2 - UPS)
iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.)
IP Camera (HKLM-x32\...\IP Camera) (Version: - )
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Korean Fonts Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5670-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LastPass(uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Launch-n-Go (HKLM-x32\...\{7CE12FDF-B758-46A5-A8CD-785EDFDC5B84}) (Version: 2.0 - Tethys Solutions, LLC)
LightScribe Diagnostic Utility (HKLM-x32\...\{8FE019AA-8C1C-46D3-A6CA-E45C5E332736}) (Version: 1.18.27.10 - LightScribe)
LightScribe System Software (HKLM-x32\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe)
Linksys Dual Band Wireless-AC USB Adapter (HKLM-x32\...\{C094F1A2-5EDF-4550-AE67-5FC1F4D2186F}) (Version: 1.0.0.22 - Linksys LLC)
LogMeIn (HKLM-x32\...\{34F93E31-E1A0-421C-8E86-BCF7C4193A91}) (Version: 4.0.982 - LogMeIn, Inc.)
LogMeIn (HKLM-x32\...\{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}) (Version: 4.1.1578 - LogMeIn, Inc.)
MAMP & MAMP PRO version 3.2.2 (HKLM-x32\...\{A62E77D4-9B74-4CA0-A254-EFE711F7A298}_is1) (Version: 3.2.2 - appsolute Gmbh)
Mega Video Converter 2.2 (HKLM-x32\...\Mega Video Converter_is1) (Version: - Mega Video Converter)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Access 2003 (HKLM-x32\...\{90150409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - )
Microsoft Office Outlook 2007 (HKLM-x32\...\OUTLOOKR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
mp3Tag Pro 9.5 (HKLM-x32\...\mp3Tag Pro_is1) (Version: - ManiacTools.com)
MSIChecker (x32 Version: 9.00.0000 - UPS) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.3.2 - MusicBrainz)
NA1Messenger (x32 Version: 12.00.6000 - Your Company Name) Hidden
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.2.27.1 - NETGEAR Inc.)
NETGEAR Powerline Utility (HKLM-x32\...\InstallShield_{2753B568-6F85-4E31-A114-A7F8D8606DDD}) (Version: 2.0.0.6 - NETGEAR Powerline)
NETGEAR Powerline Utility (x32 Version: 2.0.0.6 - NETGEAR Powerline) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.5 - )
NRF (x32 Version: 12.00.0000 - UPS) Hidden
NTI DriveBackup! 4 (HKLM-x32\...\{651DF20A-B6D8-4C7A-BBD8-EBC5FC7CF1C1}) (Version: 4.8.35.0 - NewTech Infosystems)
NTI Shadow 3 (HKLM-x32\...\{E9EB5689-4F76-4E3C-A675-5ED5F52AB890}) (Version: 3.8.2.59 - NewTech Infosystems)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9739 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.6 - NVIDIA Corporation)
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\Octoshape add-in for Adobe Flash Player) (Version: - )
ocxinstall (HKLM-x32\...\{1A2606DD-5E86-4ADA-954B-D98012A174E0}) (Version: 1.0.0.32 - apexis)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
OutlookTempCleaner (HKLM-x32\...\{6CBD7BE6-D9C7-4856-9B40-8C67037D1A72}) (Version: 1.2.0 - HowTo-Outlook)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
PDF reDirect (remove only) (HKLM-x32\...\PDF reDirect) (Version: v2.2.8 - EXP Systems LLC)
PDFlite 1.0.0.0 (HKLM-x32\...\PDFlite) (Version: 1.0.0.0 - Amnis Technology Ltd)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PolicyManager (x32 Version: 12.00.0000 - UPS) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3405 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3405 - CyberLink Corp.) Hidden
PreSonus Studio One 3 (HKLM-x32\...\PreSonus Studio One 3) (Version: 3.2.2.37876 - PreSonus Audio Electronics)
PrimoPDF -- by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5.0.0.19 - Nitro PDF Software)
PuTTY version 0.60 (HKLM-x32\...\PuTTY_is1) (Version: 0.60 - Simon Tatham)
puzzle.watype.net/jigsawlite (HKLM-x32\...\net.watype.puzzle.jigsawlite.59CF40312C069B2E5F3F9C70D453B8E2C77D2E60.1) (Version: 0.18.2.20 - UNKNOWN)
puzzle.watype.net/jigsawlite (x32 Version: 0.18.2 - UNKNOWN) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6531 - Realtek Semiconductor Corp.)
Reconciler (x32 Version: 12.00.0000 - UPS) Hidden
RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 5.35 - NCH Software)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.49 - Piriform)
ReportServer (x32 Version: 12.00.0000 - Your Company Name) Hidden
RoboForm 7-9-27-7 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-27-7 - Siber Systems)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.)
SecureTunnel Private Network (HKLM-x32\...\SecureTunnel Private Network 2.9.0) (Version: 2.9.0 - SecureTunnel.com)
SecureTunnel Private Network (x32 Version: 2.9.0 - SecureTunnel.com) Hidden
SiteSpinner Pro V2 (HKLM-x32\...\{8F2F5883-646E-472E-85B9-BBE5D6F37803}) (Version: 2.92.17 - Virtual Mechanics)
Skype Web Plugin (HKLM-x32\...\{F6C18D35-D3EB-4AEA-B266-C2F11B6DB723}) (Version: 7.12.0.55 - Skype Technologies S.A.)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.106 - Skype Technologies S.A.)
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: - NCH Software)
StormPredator 3.6 (HKLM-x32\...\StormPredator_3.31) (Version: 3.6 - IntelliWeather, Inc)
SupportUtility (x32 Version: 12.00.0000 - Your Company Name) Hidden
System (x32 Version: 12.00.0000 - UPS) Hidden
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
the LATEST VERSION OF THE GVJACKAPP (HKLM-x32\...\{GVJackAppUpdate-94F9C78F-EA53-45CA-B980-F3CBB199A2D5}_is1) (Version: - PCPhoneSoft.com)
Tracks Live (HKLM\...\{7CDFC114-1808-4C24-B69C-9EE265F890FC}) (Version: 1.2 - Waves Audio)
Ubuntu (HKLM-x32\...\Wubi) (Version: 12.04.1-rev273 - Ubuntu)
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.0.9.5 - uvnc bvba)
UmmyVideoDownloader (HKLM-x32\...\{E028DBDA-EEE7-48A0-ADF7-D250589A02C5}_is1) (Version: 1.6.0.3 - ) <==== ATTENTION
UnifiedPrinting (x32 Version: 12.00.0000 - UPS) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
UPS Thermal Printer Plugin - Version 8.10 (HKLM-x32\...\{BB2F9840-531D-4C8E-9F19-A101ECD9ABC0}) (Version: - )
UPS WorldShip (HKLM-x32\...\UPS WorldShip) (Version: 12.0 - UPS)
UPSDB (x32 Version: 12.00.0000 - UPS) Hidden
UPSICC (x32 Version: 1.0.0.16 - UPS) Hidden
UPSlinkHTTP (x32 Version: 1.0.0.13 - UPS) Hidden
UPSVCMM (x32 Version: 12.00.0000 - UPS) Hidden
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VuePrint (HKLM-x32\...\VuePrint) (Version: - )
WebFilteringEngine (Version: 2.2.1.0 - Lavasoft) Hidden
WebHelp (HKLM-x32\...\{8C5BD501-AD5D-4A75-9321-076509B438FC}) (Version: 1.00.0000 - UPS)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinMerge 2.12.4 (HKLM-x32\...\WinMerge_is1) (Version: 2.12.4 - Thingamahoochie Software)
WMA 9 Lossless to PCM Conversion Tool (HKLM-x32\...\wmal2pcm) (Version: - )
WorldShip (x32 Version: 12.00.0000 - UPS) Hidden
ZebraNet Bridge 1_3_3 (HKLM-x32\...\{67A1CB41-3DCA-4872-9485-FFEDFF25C95C}) (Version: 1.3.302 - Zebra Technologies)
ZyXEL PLA Series Utility (HKLM-x32\...\{65FB8889-07CF-4ECC-859D-927EA587A7C1}) (Version: 7.00.0004 - ZyXEL Communications Corp.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\ChromeHTML: -> <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{147D75F3-19D5-4810-800D-7F50A02E8B60}\InprocServer32 -> C:\Users\Ron\AppData\Local\SkypePlugin\7.12.0.55\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {184C3844-9468-D082-12A8-3DE985889A47} => No File
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{B9BE850C-F3F7-48AD-BB5B-A0CDA0706DB5}\localserver32 -> C:\Users\Ron\AppData\Local\SkypePlugin\7.12.0.55\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Ron\AppData\Local\SkypePlugin\7.12.0.55\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {40DE96E7-9468-D082-B106-AFB185889A47} => No File
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {018C8B41-7568-41E9-9B06-8F5E9EB86F21} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [2015-07-15] (File Type Advisor)
Task: {0C45D057-3956-401D-9F80-E63391787284} - System32\Tasks\{DA0A0907-C0AE-4D7F-B317-61412A8F56F3} => pcalua.exe -a C:\Users\Ron\Desktop\setup.exe -d C:\Users\Ron\Desktop
Task: {171EE4DF-0493-4CC0-A7E8-2C358D3D75E6} - System32\Tasks\{2CC58E79-14EC-4202-A6C7-D9D05FF2D1F7} => pcalua.exe -a C:\brodnt\HL-2170W\install\usa\inst\setup.exe -d C:\brodnt\HL-2170W\install\usa\inst
Task: {1B617820-169F-4EFE-827B-E04640DD2476} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {1F7B9E04-3B56-42B4-9043-34B84CC81787} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxps://www.roboform.com/test-pass.html?aaa=KICMNJHMLJMMPMKJKMIMCNIMMJKJIMCNLMMJPMLJCNHMKJGMKMCNJMNMJMLJLJLJNJLJJJNJPMPMJNJICMIMCNGMCNNMIMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMNMOMLMJMJNHICMMJBJKJLIMJJNBJCMNKAJBJJNKJCMJNNICMJNDJCMKJBJJNMJCMOMFMH (the data entry has 44 more characters).
Task: {35DE0D53-566B-4257-BEBD-8B51A6614734} - System32\Tasks\AutoUpdaterTask => C:\Program Files (x86)\Auto Updater\AutoUpdater.exe
Task: {38CA567C-8D38-43E6-B376-9AF18BB37898} - System32\Tasks\{526058CB-A3FC-4B49-9384-E0C6BE1A8B2D} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation)
Task: {45E20403-D863-4A27-A7BA-BF5249F92389} - System32\Tasks\{3541A9E2-1605-4FAD-8F96-438748432F9D} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation)
Task: {4C8D2E40-464C-44E8-83FA-51C607B604CE} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2017-02-19] (Siber Systems)
Task: {4FD35115-73D5-4D26-B767-FBC93DD15F5C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {58C0C529-BC37-4337-B0A0-C08B2F5FAF41} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {5A3CEBFD-A8F0-4858-9E07-7E5249B5E4C3} - System32\Tasks\HPCeeScheduleForRon => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07] (Hewlett-Packard)
Task: {5D634D2E-FFBB-4D93-9563-138AB8F66FB0} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMNJHMLJMMPMKJKMIMCNIMMJKJIMCNLMMJPMLJCNHMKJGMKMCNJMNMJMLJLJLJNJLJJJNJPMPMJNJICMIMCNNMCNHMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMNKAJBJJNKJCMJNNICMJNDJCMKJBJ"
Task: {68F6F88A-2670-4CF5-BFFF-2BFFFD14F2A4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1719432816-2042769076-3470656445-1001UA => C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-28] (Google Inc.)
Task: {7078C9F7-1CC5-4BD6-B8A0-26C5241F6879} - System32\Tasks\{9CFD2462-2C82-4C34-B8B5-EB1925AA4EBA} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation)
Task: {7CF7CFB7-D44C-46BB-B50B-297DF727E8D6} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)
Task: {7FC36B8F-7346-4E96-A201-FCB59358456C} - System32\Tasks\{280F04D4-7E1E-4FFB-8BA1-B9C9DF95ED4B} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2015-12-29] (Skype Technologies S.A.)
Task: {82362E66-1F65-4AF2-95C9-7BB25D4B760E} - System32\Tasks\{52A341EC-FFC4-4969-B3CB-D11F0D781F43} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe" -c /AppMode=SETUP /Uninstall
Task: {8FBDA4A1-2911-4DA6-8505-2E6C550E3071} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {9E191FCE-73EA-4502-8B5B-589C3880DF87} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {9EFA47FE-7763-46CB-B61B-85A5BEB2778E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B5DB96E3-56F6-4106-AA61-09346EC76FB5} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {CB06BE51-9DF6-46F8-9035-B07468322293} - System32\Tasks\{56023160-B799-4645-B063-AFFAE4234881} => pcalua.exe -a E:\setup.exe -d E:\
Task: {D3F54BCA-642F-4313-84B8-40C3C67C730D} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-01-16] ()
Task: {E8025BB0-CA5C-474B-9310-02A9A80C789C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1719432816-2042769076-3470656445-1001Core => C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-28] (Google Inc.)
Task: {E94BAD03-5685-4E6D-B696-EA09F280530F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {EEDEE430-FBEC-4D69-B2A5-C0A9BA413A68} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {F52D2128-CD63-4D46-9204-4470FEE35DD5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-13] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForRon.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe 5-fh scripts\monthly.xml
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Ron\images\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
Shortcut: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
==================== Loaded Modules (Whitelisted) ==============
2008-08-04 23:07 - 2008-08-04 23:07 - 00064704 _____ () C:\Windows\System32\PDFreDirectMon64.dll
2010-03-24 23:13 - 2009-07-30 18:58 - 00090624 _____ () C:\Windows\System32\Primomonnt.dll
2011-06-18 14:27 - 2005-03-11 17:07 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-12 12:54 - 2005-04-22 13:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll
2017-01-13 12:10 - 2017-01-13 12:10 - 00052400 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-10-16 06:54 - 2012-10-16 06:54 - 01041736 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
2009-12-01 21:36 - 2009-12-01 21:36 - 00024576 _____ () C:\UPS\WSTD\UPSNA1Msgr.exe
2009-12-01 21:39 - 2011-03-09 01:49 - 00422912 _____ () C:\UPS\WSTD\WSTDMessaging.exe
2012-09-24 23:06 - 2012-09-24 23:06 - 00122696 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
2012-05-10 23:24 - 2012-05-10 23:24 - 02537472 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtCore4.dll
2012-05-09 19:34 - 2012-05-09 19:34 - 00011362 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\mingwm10.dll
2012-05-09 19:34 - 2012-05-09 19:34 - 00043008 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2012-05-10 23:24 - 2012-05-10 23:24 - 09814016 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtGui4.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 00478720 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 01553408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
2012-05-10 23:24 - 2012-05-10 23:24 - 01140224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtNetwork4.dll
2012-05-10 23:24 - 2012-05-10 23:24 - 00399360 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtXml4.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 00229888 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 01062400 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2012-10-16 18:41 - 2012-10-16 18:41 - 03775488 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 00500736 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 00186368 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 01132032 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 08295424 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 01188352 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 00088064 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 00641536 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 00920064 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 00438272 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2012-05-10 23:24 - 2012-05-10 23:24 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif4.dll
2012-05-10 23:24 - 2012-05-10 23:24 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico4.dll
2012-05-10 23:24 - 2012-05-10 23:24 - 00287232 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg4.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 00150528 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
2012-09-24 23:06 - 2012-09-24 23:06 - 01233389 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 00082432 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.DLL
2012-10-11 17:57 - 2012-10-11 17:57 - 00083968 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 00138752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 00702464 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 00504832 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 00116224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
2012-10-11 17:57 - 2012-10-11 17:57 - 00076288 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 17:13 - 2016-09-01 17:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2009-12-01 21:36 - 2009-12-01 21:36 - 00045056 _____ () C:\UPS\WSTD\PolicyMgr\UPS.Components.NA1MessengerServer.dll
2009-12-01 19:34 - 2009-12-01 19:34 - 00018944 _____ () C:\UPS\WSTD\UPSResourceManager.dll
2009-12-01 21:37 - 2009-12-01 21:37 - 00053248 _____ () C:\UPS\WSTD\PolicyMgr\UPS.Components.PolicyHolder.dll
2009-12-01 21:37 - 2009-12-01 21:37 - 00024576 _____ () C:\UPS\WSTD\PolicyMgr\Microsoft.ApplicationBlocks.Data.dll
2010-03-12 12:54 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-06-01 13:39 - 2016-06-01 13:39 - 00439480 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2016-06-01 13:39 - 2016-06-01 13:39 - 00321208 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2015-11-11 03:41 - 2015-11-11 03:41 - 00756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2017-02-06 13:30 - 2017-02-01 02:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-06 13:30 - 2017-02-01 02:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2017-02-27 21:31 - 2017-02-21 11:58 - 00802112 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2015-12-11 17:57 - 2017-01-25 14:03 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2015-12-11 17:57 - 2017-01-25 14:03 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-11 17:57 - 2017-01-25 14:03 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-11 17:57 - 2017-02-21 12:01 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-11 17:57 - 2017-01-25 14:03 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-02-27 21:31 - 2017-02-21 12:01 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 17:57 - 2017-01-25 14:04 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-02-27 21:31 - 2017-02-21 12:01 - 01682768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-02-27 21:31 - 2017-02-21 12:01 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-02-27 21:31 - 2017-01-25 14:03 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-02-27 21:31 - 2017-01-25 14:04 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-02-27 21:31 - 2017-01-25 14:03 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-11 17:57 - 2017-01-25 14:06 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-05 09:54 - 2017-02-21 12:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-02-27 21:31 - 2017-02-21 12:01 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-02-27 21:31 - 2017-02-21 12:01 - 00052544 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2015-12-11 17:57 - 2017-01-25 14:06 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-02-27 21:31 - 2017-01-25 14:03 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-02-27 21:31 - 2017-01-25 14:06 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-11 17:57 - 2017-01-25 14:06 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-11 17:57 - 2017-02-21 12:01 - 00381760 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-11 17:57 - 2017-01-25 14:06 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-05 09:54 - 2017-02-21 12:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2015-12-11 17:57 - 2017-01-25 14:06 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-11 17:57 - 2017-01-25 14:06 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-11 17:57 - 2017-01-25 14:06 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-11 17:57 - 2017-01-25 14:06 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-11 17:57 - 2017-01-25 14:06 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2015-12-11 17:57 - 2017-01-25 14:06 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2015-12-11 17:57 - 2017-01-25 14:06 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-02-27 21:31 - 2017-02-21 12:01 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-02-27 21:31 - 2017-02-21 12:01 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-05 09:54 - 2017-01-25 14:05 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-02-27 21:31 - 2017-02-21 12:01 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2015-12-11 17:57 - 2017-01-25 14:06 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-02-27 21:31 - 2017-02-21 12:01 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2015-12-11 17:57 - 2017-01-25 14:04 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-02-27 21:31 - 2017-02-21 12:01 - 01972536 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-02-27 21:31 - 2017-02-21 12:01 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-02-27 21:31 - 2017-02-21 12:01 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-02-27 21:32 - 2017-02-21 12:01 - 00053072 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2015-12-11 17:57 - 2017-02-21 12:01 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-02-27 21:31 - 2017-02-21 12:01 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-02-27 21:31 - 2017-02-21 12:01 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-02-27 21:31 - 2017-02-21 12:01 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-01-23 14:00 - 2017-02-21 12:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-01-23 14:00 - 2017-02-21 12:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-23 14:00 - 2017-02-21 12:01 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-23 14:00 - 2017-02-21 12:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2015-12-11 17:57 - 2017-01-25 14:06 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-12 03:03 - 2017-02-21 12:01 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-02-27 21:31 - 2017-02-21 12:01 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-02-27 21:31 - 2017-01-25 14:01 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-02-27 21:31 - 2017-02-21 12:01 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-02-27 21:31 - 2017-01-25 14:11 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-02-27 21:31 - 2017-01-25 14:11 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-02-27 21:31 - 2017-02-21 12:01 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-02-27 21:31 - 2017-02-21 12:01 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-02-27 21:31 - 2017-02-21 12:01 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2015-12-11 17:57 - 2017-01-25 14:06 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-08-05 09:54 - 2017-02-21 12:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-02-27 21:31 - 2017-02-21 12:01 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Classes\.exe: => <===== ATTENTION
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Classes\.scr: => <===== ATTENTION
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Classes\.bat: => <===== ATTENTION
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Classes\.com: => <===== ATTENTION
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Classes\.cmd: => <===== ATTENTION
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Classes\.reg: => <===== ATTENTION
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\member-data.com -> hxxps://www.member-data.com
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-04-26 20:36 - 2013-08-22 14:56 - 00000410 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
255.255.255.255 broadcasthost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: APC Data Service => 2
MSCONFIG\Services: APC UPS Service => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BRA_Scheduler => 2
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: DbxSvc => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: Garmin Device Interaction Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LavasoftAdAwareService11 => 2
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: WSWUSB6300 => 2
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{04CFBCA5-D46F-4261-AF05-054C15FEA067}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{CF3F4ACC-ECD5-462C-B096-B9AA9AD48612}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{02BE86F2-D561-42A0-AFF3-F123A0B12779}] => (Allow) svchost.exe
FirewallRules: [{FA059FB8-007D-4D10-A57C-CC0DC49699D3}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{96E0F301-D6AF-4D3D-B7B4-9CB51499FA9B}C:\program files (x86)\hewlett-packard\hp media vault pro\hpmvtray.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp media vault pro\hpmvtray.exe
FirewallRules: [uDP Query User{D4E22FA9-D054-4F1C-8CE2-34EEFB651F6C}C:\program files (x86)\hewlett-packard\hp media vault pro\hpmvtray.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp media vault pro\hpmvtray.exe
FirewallRules: [TCP Query User{53F41E42-E181-4A21-9590-E46DB8A5A190}C:\program files (x86)\hewlett-packard\hp media vault pro\nascfg.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp media vault pro\nascfg.exe
FirewallRules: [uDP Query User{745AB414-2463-4574-B036-8EFA75FBFA22}C:\program files (x86)\hewlett-packard\hp media vault pro\nascfg.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp media vault pro\nascfg.exe
FirewallRules: [{A5CA82CD-A30D-4D0D-BC53-AFDFF78FDE3B}] => (Allow) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe
FirewallRules: [{B3EA48C0-18EF-460F-8101-8B0AF4C13CA8}] => (Allow) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe
FirewallRules: [{EBAF833E-9F01-4B24-99B2-EF4647509BA3}] => (Allow) LPort=1434
FirewallRules: [{E4120D3E-A9C6-4892-B966-264C6BC48A67}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe
FirewallRules: [{9899B5CC-1AC4-4253-B36C-D2A27E7D796B}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe
FirewallRules: [{77F7158E-CEF0-41E4-BEA6-CF042B55A7BA}] => (Allow) LPort=54925
FirewallRules: [{F9AC21CC-ABFB-46E9-9142-C422AD900BD8}] => (Allow) LPort=2869
FirewallRules: [{AF9F98ED-72A3-4D41-BEE5-9A5921F0D6C8}] => (Allow) LPort=1900
FirewallRules: [{121C20F9-71F5-4E8F-BD65-86309D27865E}] => (Allow) C:\Program Files\UltraVNC\vncviewer.exe
FirewallRules: [{C845D225-7045-4CB8-AAF6-4C19AE653FA6}] => (Allow) C:\Program Files\UltraVNC\vncviewer.exe
FirewallRules: [{58967C13-CDF9-4F3E-97D2-D1DED470D1FA}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe
FirewallRules: [{5EDA4F80-FD2D-49B5-9409-AB6412D13910}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe
FirewallRules: [{84CAE729-C8E8-4B5B-B202-4F9A88BBF192}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
FirewallRules: [{EEDD2655-0487-4562-83BB-F92117D01005}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
FirewallRules: [{7FCC12D4-2597-4725-AFAE-47EA39AE5769}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe
FirewallRules: [{125DD76A-7F2C-4637-A34B-28AE6BBAC108}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe
FirewallRules: [{4B3E40A2-5249-44A5-80C2-5489728F1408}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
FirewallRules: [{D9AC19C1-0DAD-45FA-A6B5-6F5689434355}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
FirewallRules: [{B74BF052-ABE8-4877-B1F1-2FD1395213AC}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe
FirewallRules: [{BB9E8922-E01B-4497-BAB6-BA0DE0DB1363}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe
FirewallRules: [{1575BDC3-DF99-4EC0-91D8-1603AD9B0E67}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
FirewallRules: [{8B2BAFE7-F941-44F1-8D55-8D2C80E66CE7}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
FirewallRules: [{41C7AE45-BAD3-4A6F-AFC4-5CC0FF1510C7}] => (Allow) LPort=24726
FirewallRules: [{96402590-1298-4881-846A-F7EB65EF211B}] => (Allow) LPort=24727
FirewallRules: [{CF4E4349-0AFF-4356-93E1-178C84805906}] => (Allow) svchost.exe
FirewallRules: [{EAA09862-6215-482A-B8A2-A6C7C83F23AC}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{B249BE15-7982-4ACA-8447-C4F896C7997D}C:\windows\syswow64\ipcamera.exe] => (Allow) C:\windows\syswow64\ipcamera.exe
FirewallRules: [uDP Query User{BF8F1B0C-8CD1-48B1-A22A-777DF22F1B88}C:\windows\syswow64\ipcamera.exe] => (Allow) C:\windows\syswow64\ipcamera.exe
FirewallRules: [TCP Query User{22FF9D9F-11F8-499A-8B51-A68B23F4DC03}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [uDP Query User{94364BE9-2099-4CE7-BFEF-F83A8B6B1DFC}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{FF22984D-FC8C-4728-B939-96B73E0276A9}C:\program files (x86)\samsung\intelli-studio\istudio.exe] => (Block) C:\program files (x86)\samsung\intelli-studio\istudio.exe
FirewallRules: [uDP Query User{1006FE27-8BC6-4D74-BA72-A5BF703774BF}C:\program files (x86)\samsung\intelli-studio\istudio.exe] => (Block) C:\program files (x86)\samsung\intelli-studio\istudio.exe
FirewallRules: [{B73FA5C0-B373-4929-B790-DF3A59970FE2}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe
FirewallRules: [{AB15C78D-3377-475E-A700-3768463CCFF6}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe
FirewallRules: [{0C5953A3-404B-48CF-AC3D-36B2F74079C3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{65AEBF1F-2B29-4B47-AE8E-3D653EAFF55C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{E4E747B7-FA5C-453E-B4DD-B9F7272188D3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C624922B-2A83-496A-B626-D0B3AD93FC82}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DE027B55-E711-4D09-97BA-B103C7238FF7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{EB32C7CE-C687-4FF6-B3EB-B615F6A381DF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0F9D9F04-614F-4A7E-958A-59F422F756D0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4B3071DE-6D84-4271-B303-770B2C3D3B39}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{91BD0D73-8E06-4F8F-93F5-205738B06BCA}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe
FirewallRules: [{2902C0CE-9285-498E-ACCB-3B3FAE66530E}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe
FirewallRules: [{E36AFE51-4C82-4EDA-B626-F17326893986}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe
FirewallRules: [{1B7919B3-BEBB-421C-9019-7CCE21C37F8A}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe
FirewallRules: [{727E9DD5-A32C-418E-9C18-3C88F0D5B27C}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe
FirewallRules: [{DD32FDDC-EE86-46F5-A917-5D1494C338E7}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe
FirewallRules: [{63E501F5-CBD5-458C-94FF-97F93EF55289}] => (Allow) C:\Users\Ron\AppData\Local\GVJackApp\GVJackApp.exe
FirewallRules: [{109A1587-7F54-49AC-97B6-A677BACF145D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{34D57141-8198-452A-8C4C-545989FE1BCF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{57019B5F-F3C3-4987-83D0-20078E3E80CB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{6C809256-F108-4F94-94DB-6C37A8407BBD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5E2B95F8-5265-4AAF-8A6D-05F7ADEB4C0C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{53D9A3E1-C3C9-4047-B990-E8643367EE8F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E09EE821-C50D-4C5A-B645-C4D5B95CB311}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BC13EABF-79A6-40EB-8457-9BB3AA57130F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EC33304A-89A8-477B-9766-EAFC22B367FF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BA2DAC2C-6E7B-4EF7-B306-554D8B3D161D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{234154C8-8698-482D-BDF4-9DD665CB03E2}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6FE39A68-60CC-4A90-9993-6642BCB6FA83}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9644C4AA-1CDB-43E5-AC42-1B991B935B3D}] => (Allow) C:\Users\Ron\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{08A19798-139F-46E4-82B4-27E6161ED1BC}] => (Allow) C:\Users\Ron\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{FFAFD776-7CF2-4644-9B06-F40778DADA97}] => (Allow) C:\Users\Ron\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{EF9903A1-EB6D-46EA-B231-8E2EF08169F5}] => (Allow) C:\Users\Ron\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{98DED0C1-5934-4C91-BC20-DA050893EDA5}] => (Allow) C:\Users\Ron\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F429B5AF-9034-4A9B-98EA-B0A9F8DB2377}] => (Allow) C:\Users\Ron\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{58829809-6052-4801-9F84-F51F3DB7D882}C:\program files (x86)\zebralink\zebranet bridge\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\zebralink\zebranet bridge\jre\bin\javaw.exe
FirewallRules: [uDP Query User{6211E949-E850-4C49-8FF8-3A28FAD9A819}C:\program files (x86)\zebralink\zebranet bridge\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\zebralink\zebranet bridge\jre\bin\javaw.exe
FirewallRules: [TCP Query User{63F4F807-1D24-442A-94BC-39FF19A77785}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [uDP Query User{3F1C97F7-306F-4F22-947D-2303C282BF62}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{A4285092-38F4-4068-9DF2-32EEF72A6943}C:\mamp\bin\apache\bin\httpd.exe] => (Allow) C:\mamp\bin\apache\bin\httpd.exe
FirewallRules: [uDP Query User{F96AE503-12BD-4681-B331-37D7B701D20A}C:\mamp\bin\apache\bin\httpd.exe] => (Allow) C:\mamp\bin\apache\bin\httpd.exe
FirewallRules: [TCP Query User{E8D1ECE3-C62A-4A51-8D3C-EE2697173DAA}C:\mamp\bin\mysql\bin\mysqld.exe] => (Allow) C:\mamp\bin\mysql\bin\mysqld.exe
FirewallRules: [uDP Query User{19CB9674-82E0-41E9-BBEE-A8FCBEC9B614}C:\mamp\bin\mysql\bin\mysqld.exe] => (Allow) C:\mamp\bin\mysql\bin\mysqld.exe
FirewallRules: [{22E5D8EF-CD8C-4849-BF01-190C6D90BB37}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{88CB1EA0-AD13-4286-9A40-63347529240C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D2415291-4194-454E-AE6B-DE3A025BF02E}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\NASCfg.exe] => Enabled:HP Media Vault Configuration
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\NASDriveMapper.exe] => Enabled:HP Media Vault DriveMapper
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\HPMVTray.exe] => Enabled:HP Media Vault Monitor
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\NASSelector.exe] => Enabled:HP Media Vault Selector
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\NASDriveMapper.exe] => Enabled:HP Media Vault DriveMapper
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\NASCfg.exe] => Enabled:HP Media Vault Configuration
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\HPMVTray.exe] => Enabled:HP Media Vault Monitor
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Hewlett-Packard\HP Media Vault Pro\NASSelector.exe] => Enabled:HP Media Vault Selector
==================== Restore Points =========================
22-02-2017 00:21:26 Scheduled Checkpoint
22-02-2017 13:37:41 Windows Update
24-02-2017 03:00:15 Windows Update
25-02-2017 23:54:48 Windows Backup
26-02-2017 12:26:07 Windows Backup
==================== Faulty Device Manager Devices =============
Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: BitDefender Firewall NDIS 6 Filter Driver
Description: BitDefender Firewall NDIS 6 Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BdfNdisf
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: bdftdif
Description: bdftdif
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: bdftdif
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/27/2017 09:32:18 PM) (Source: DbxSvc) (EventID: 270) (User: )
Description: (-2145452013) The system could not find the filter specified.
Error: (02/27/2017 09:25:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iCloudDrive.exe, version: 1.6.10.167, time stamp: 0x58791a03
Faulting module name: iCloudDrive_main.dll, version: 1.6.10.167, time stamp: 0x587e6920
Exception code: 0xc0000005
Fault offset: 0x0010025c
Faulting process id: 0xfd0
Faulting application start time: 0x01d2917a5da4e150
Faulting application path: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
Faulting module path: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive_main.dll
Report Id: e34a2a90-fd6d-11e6-b9b8-90e6ba591fe0
Error: (02/27/2017 09:22:22 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: (-2147024894) The system cannot find the file specified.
Error: (02/27/2017 01:00:08 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
Error: (02/26/2017 04:39:31 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: There is not enough free space on the backup storage location to back up the data. (0x80780048).
Error: (02/24/2017 03:24:55 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: (-2147024894) The system cannot find the file specified.
Error: (02/24/2017 03:06:17 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: (-2147024894) The system cannot find the file specified.
Error: (02/23/2017 10:55:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18538, time stamp: 0x582749db
Faulting module name: MSHTML.dll, version: 11.0.9600.18538, time stamp: 0x58275c38
Exception code: 0xc0000005
Fault offset: 0x002094df
Faulting process id: 0xcfc
Faulting application start time: 0x01d28e6134fd11d0
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\Windows\system32\MSHTML.dll
Report Id: d53cedb8-fa55-11e6-951c-90e6ba591fe0
Error: (02/23/2017 08:13:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iCloudDrive.exe, version: 1.6.10.167, time stamp: 0x58791a03
Faulting module name: iCloudDrive_main.dll, version: 1.6.10.167, time stamp: 0x587e6920
Exception code: 0xc0000005
Fault offset: 0x0010025c
Faulting process id: 0x7d0
Faulting application start time: 0x01d28de6a315efa0
Faulting application path: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
Faulting module path: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive_main.dll
Report Id: 993d6840-f9da-11e6-951c-90e6ba591fe0
Error: (02/23/2017 08:07:22 AM) (Source: DbxSvc) (EventID: 320) (User: )
Description: (-2147024894) The system cannot find the file specified.
System errors:
=============
Error: (02/27/2017 09:32:28 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
Error: (02/27/2017 09:29:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {9E6E74C7-0E85-4D14-8851-7635E2C1C528} did not register with DCOM within the required timeout.
Error: (02/27/2017 09:23:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (02/27/2017 09:22:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BdfNdisf
bdftdif
cdrom
SBRE
Error: (02/27/2017 09:16:29 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.
Error: (02/27/2017 09:16:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
Error: (02/27/2017 09:16:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (02/27/2017 09:15:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).
Error: (02/27/2017 09:15:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (02/27/2017 09:15:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server (UPSWSDBSERVER) service terminated unexpectedly. It has done this 1 time(s).
CodeIntegrity:
===================================
Date: 2015-08-03 17:53:44.366
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.
Date: 2015-08-03 17:53:44.354
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.
Date: 2015-08-03 17:53:44.337
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.
Date: 2015-08-03 17:53:44.321
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.
Date: 2015-08-03 17:53:44.240
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.
Date: 2015-08-03 17:53:44.233
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.
Date: 2015-08-03 17:53:44.227
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.
Date: 2015-08-03 17:53:44.221
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.
Date: 2015-08-03 17:53:43.443
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.
Date: 2015-08-03 17:53:43.428
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.
==================== Memory info ===========================
Processor: AMD Athlon II X2 240 Processor
Percentage of memory in use: 73%
Total physical RAM: 3839.3 MB
Available physical RAM: 1019.51 MB
Total Virtual: 12837.49 MB
Available Virtual: 10276.55 MB
==================== Drives ================================
Drive c: (COMPAQ) (Fixed) (Total:455.94 GB) (Free:247.87 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.72 GB) (Free:1.42 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=455.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
ESET:
C:\AdwCleaner\quarantine\files\asbffvqtenrfkfwyzdljdjjbakekpigx\adawaretb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\AdwCleaner\quarantine\files\asbffvqtenrfkfwyzdljdjjbakekpigx\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\AdwCleaner\quarantine\files\ionsgdvrxwkendvgxswbvknbiwrpduxx\Inbox.dll a variant of Win32/Toolbar.Inbox.J potentially unwanted application
C:\AdwCleaner\quarantine\files\ugfnrbjlopcyrfaxiehwkhwrbqfqnbzc\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\AdwCleaner\quarantine\files\ukfkcibqcccpsahasxbkkzzbzbzeqryo\Setup\BExternal.dll a variant of Win32/Toolbar.Babylon.F potentially unwanted application
C:\AdwCleaner\quarantine\files\ukfkcibqcccpsahasxbkkzzbzbzeqryo\Setup\IECookieLow.dll a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\AdwCleaner\quarantine\files\ukfkcibqcccpsahasxbkkzzbzbzeqryo\Setup\Setup.exe a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\AdwCleaner\quarantine\files\urzytymfgkylsssvcajphxjqxmoyuqnx\adawaretb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\AdwCleaner\quarantine\files\urzytymfgkylsssvcajphxjqxmoyuqnx\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\DYMO Label\Downloads\Primo PDF\FreewarePrimoPDF.exe Win32/OpenCandy potentially unsafe application
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawaretb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll a variant of Win32/Adware.Coupons.AA application
C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll a variant of Win32/Adware.Coupons.AA application
C:\Program Files (x86)\NCH Swift Sound\SoundTap\soundtap.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application
C:\Program Files (x86)\NCH Swift Sound\SoundTap\stsetup_v2.00.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application
C:\Program Files (x86)\NCH Swift Sound\SoundTap\uninst.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application
C:\Users\Ron\Desktop\ccsetup525.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Ron\Downloads\cnet_tintii-2_5_2_exe.exe a variant of Win32/InstallCore.D potentially unwanted application
C:\Users\Ron\Downloads\FlashPlayerPro.exe a variant of Win32/InstallCore.AFF.gen potentially unwanted application
C:\Users\Ron\Downloads\MusicSetup(1).exe a variant of Win32/Toolbar.Inbox.L potentially unwanted application,Win32/Toolbar.Crawler.B potentially unwanted application
C:\Users\Ron\Downloads\MusicSetup.exe a variant of Win32/Toolbar.Inbox.L potentially unwanted application,Win32/Toolbar.Crawler.B potentially unwanted application
C:\Users\Ron\Downloads\pdflite_d3759449.exe a variant of Win32/InstallIQ.A potentially unwanted application
C:\Users\Ron\Downloads\rcsetup149.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Ron\Downloads\setup-cnet.exe Win32/Toolbar.Zugo.A potentially unwanted application,a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application,Win32/Toolbar.Zugo.E potentially unwanted application,Win32/Toolbar.Zugo potentially unwanted application
C:\Users\Ron\Downloads\UmmyVD-Web-Loader-[130-yt-WcvWd3y74Bc].exe a variant of Win32/Magicbit.D potentially unwanted application
Autostart locations virus

Share this post


Link to post
Share on other sites

1. Eset's scanner found these adware in the computer:

C:\DYMO Label\Downloads\Primo PDF
C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
C:\Program Files (x86)\NCH Swift Sound\SoundTap

You've to decide if you want to keep them anyway or if you want to uninstall them.


2. These installation files are in the Downloads folder and they'll try to install adware during the installation or are unwanted in some other sense:

C:\Users\Ron\Desktop\ccsetup525.exe
C:\Users\Ron\Downloads\cnet_tintii-2_5_2_exe.exe
C:\Users\Ron\Downloads\FlashPlayerPro.exe
C:\Users\Ron\Downloads\MusicSetup(1).exe
C:\Users\Ron\Downloads\MusicSetup.exe
C:\Users\Ron\Downloads\pdflite_d3759449.exe
C:\Users\Ron\Downloads\rcsetup149.exe
C:\Users\Ron\Downloads\setup-cnet.exe
C:\Users\Ron\Downloads\UmmyVD-Web-Loader-[130-yt-WcvWd3y74Bc].exe

You've to decide if you want to keep them or not.


3. Please, start Notepad.
Copy all text that is in the box:

CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (No File)
ShortcutTarget: eFax 4.4.lnk -> C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {8816804E-C5E1-411B-ACCC-DEB9C0021740} URL = 
SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {BA2C68D5-0C58-4043-8FC8-7AC3A4725332} URL =
Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> No Name - {B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} -  No File
Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG10\Firefox4
FF Extension: (AVG Safe Search) - C:\Program Files (x86)\AVG\AVG10\Firefox4 [2012-09-17] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll => No File
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [35456 2012-10-24] () [File not signed]
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-01] (GFI Software)
S1 BdfNdisf; \??\c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [X]
S1 bdftdif; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdftdif.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
C:\ProgramData\Ad-Aware Browsing Protection
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\ChromeHTML: ->  <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {184C3844-9468-D082-12A8-3DE985889A47} => No File
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {40DE96E7-9468-D082-B106-AFB185889A47} => No File
Task: {82362E66-1F65-4AF2-95C9-7BB25D4B760E} - System32\Tasks\{52A341EC-FFC4-4969-B3CB-D11F0D781F43} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe" -c /AppMode=SETUP /Uninstall
Task: {B5DB96E3-56F6-4106-AA61-09346EC76FB5} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe 
Task: {CB06BE51-9DF6-46F8-9035-B07468322293} - System32\Tasks\{56023160-B799-4645-B063-AFFAE4234881} => pcalua.exe -a E:\setup.exe -d E:\
MSCONFIG\Services: LavasoftAdAwareService11 => 2
FirewallRules: [{58967C13-CDF9-4F3E-97D2-D1DED470D1FA}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe
FirewallRules: [{5EDA4F80-FD2D-49B5-9409-AB6412D13910}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe
FirewallRules: [{84CAE729-C8E8-4B5B-B202-4F9A88BBF192}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
FirewallRules: [{EEDD2655-0487-4562-83BB-F92117D01005}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
FirewallRules: [{7FCC12D4-2597-4725-AFAE-47EA39AE5769}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe
FirewallRules: [{125DD76A-7F2C-4637-A34B-28AE6BBAC108}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe
FirewallRules: [{4B3E40A2-5249-44A5-80C2-5489728F1408}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
FirewallRules: [{D9AC19C1-0DAD-45FA-A6B5-6F5689434355}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
FirewallRules: [{B74BF052-ABE8-4877-B1F1-2FD1395213AC}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe
FirewallRules: [{BB9E8922-E01B-4497-BAB6-BA0DE0DB1363}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe
FirewallRules: [{1575BDC3-DF99-4EC0-91D8-1603AD9B0E67}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
FirewallRules: [{8B2BAFE7-F941-44F1-8D55-8D2C80E66CE7}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
FirewallRules: [{B73FA5C0-B373-4929-B790-DF3A59970FE2}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe
FirewallRules: [{AB15C78D-3377-475E-A700-3768463CCFF6}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe
C:\Program Files (x86)\Lavasoft\
Reboot:

and paste in Notepad. Check that no files have been split on two lines.
Save the file as fixlist.txt on the desktop.

Exit all programs.
Start FRST, please.
Click the Fix button.
Wait until the tool has finished.

It creates a log file, called Fixlog.txt, on the desktop.
Please, paste the content of that file in your reply.

 

 

4. Do you see anything related to Ad-Aware now?

Share this post


Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-02-2017 01

Ran by Ron (28-02-2017 13:55:56) Run:1
Running from C:\Users\Ron\Desktop
Loaded Profiles: Ron (Available Profiles: Ron & LogMeInRemoteUser & Test & UpdatusUser & Employee Access)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (No File)
ShortcutTarget: eFax 4.4.lnk -> C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {8816804E-C5E1-411B-ACCC-DEB9C0021740} URL =
SearchScopes: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> {BA2C68D5-0C58-4043-8FC8-7AC3A4725332} URL =
Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> No Name - {B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} - No File
Toolbar: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG10\Firefox4
FF Extension: (AVG Safe Search) - C:\Program Files (x86)\AVG\AVG10\Firefox4 [2012-09-17] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll => No File
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [35456 2012-10-24] () [File not signed]
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-01] (GFI Software)
S1 BdfNdisf; \??\c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [X]
S1 bdftdif; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdftdif.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
C:\ProgramData\Ad-Aware Browsing Protection
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\...\ChromeHTML: -> <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {184C3844-9468-D082-12A8-3DE985889A47} => No File
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {40DE96E7-9468-D082-B106-AFB185889A47} => No File
Task: {82362E66-1F65-4AF2-95C9-7BB25D4B760E} - System32\Tasks\{52A341EC-FFC4-4969-B3CB-D11F0D781F43} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe" -c /AppMode=SETUP /Uninstall
Task: {B5DB96E3-56F6-4106-AA61-09346EC76FB5} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {CB06BE51-9DF6-46F8-9035-B07468322293} - System32\Tasks\{56023160-B799-4645-B063-AFFAE4234881} => pcalua.exe -a E:\setup.exe -d E:\
MSCONFIG\Services: LavasoftAdAwareService11 => 2
FirewallRules: [{58967C13-CDF9-4F3E-97D2-D1DED470D1FA}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe
FirewallRules: [{5EDA4F80-FD2D-49B5-9409-AB6412D13910}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe
FirewallRules: [{84CAE729-C8E8-4B5B-B202-4F9A88BBF192}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
FirewallRules: [{EEDD2655-0487-4562-83BB-F92117D01005}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
FirewallRules: [{7FCC12D4-2597-4725-AFAE-47EA39AE5769}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe
FirewallRules: [{125DD76A-7F2C-4637-A34B-28AE6BBAC108}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe
FirewallRules: [{4B3E40A2-5249-44A5-80C2-5489728F1408}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
FirewallRules: [{D9AC19C1-0DAD-45FA-A6B5-6F5689434355}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
FirewallRules: [{B74BF052-ABE8-4877-B1F1-2FD1395213AC}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe
FirewallRules: [{BB9E8922-E01B-4497-BAB6-BA0DE0DB1363}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe
FirewallRules: [{1575BDC3-DF99-4EC0-91D8-1603AD9B0E67}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
FirewallRules: [{8B2BAFE7-F941-44F1-8D55-8D2C80E66CE7}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
FirewallRules: [{B73FA5C0-B373-4929-B790-DF3A59970FE2}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe
FirewallRules: [{AB15C78D-3377-475E-A700-3768463CCFF6}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe
C:\Program Files (x86)\Lavasoft\
Reboot:
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Ad-Aware Browsing Protection => value removed successfully
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe => not found.
C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe => not found.
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8816804E-C5E1-411B-ACCC-DEB9C0021740} => key removed successfully
HKCR\CLSID\{8816804E-C5E1-411B-ACCC-DEB9C0021740} => key not found.
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BA2C68D5-0C58-4043-8FC8-7AC3A4725332} => key removed successfully
HKCR\CLSID\{BA2C68D5-0C58-4043-8FC8-7AC3A4725332} => key not found.
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value removed successfully
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => key not found.
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} => value removed successfully
HKCR\CLSID\{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} => key not found.
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4} => value removed successfully
C:\Program Files (x86)\AVG\AVG10\Firefox4 => moved successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\gcswf32.dll => not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => not found.
C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll => not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => key removed successfully
HKLM\System\CurrentControlSet\Services\gfiark => key removed successfully
gfiark => service removed successfully
gfibto => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\gfibto => key removed successfully
gfibto => service removed successfully
HKLM\System\CurrentControlSet\Services\BdfNdisf => key removed successfully
BdfNdisf => service removed successfully
HKLM\System\CurrentControlSet\Services\bdftdif => key removed successfully
bdftdif => service removed successfully
HKLM\System\CurrentControlSet\Services\SBRE => key removed successfully
SBRE => service removed successfully
C:\ProgramData\Ad-Aware Browsing Protection => moved successfully
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\ChromeHTML => key removed successfully
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => key removed successfully
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key removed successfully
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key removed successfully
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => key removed successfully
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98} => key removed successfully
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key removed successfully
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B} => key removed successfully
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => key removed successfully
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => key removed successfully
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => key removed successfully
HKU\S-1-5-21-1719432816-2042769076-3470656445-1001_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82362E66-1F65-4AF2-95C9-7BB25D4B760E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82362E66-1F65-4AF2-95C9-7BB25D4B760E} => key removed successfully
C:\Windows\System32\Tasks\{52A341EC-FFC4-4969-B3CB-D11F0D781F43} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{52A341EC-FFC4-4969-B3CB-D11F0D781F43} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5DB96E3-56F6-4106-AA61-09346EC76FB5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5DB96E3-56F6-4106-AA61-09346EC76FB5} => key removed successfully
C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Antivirus Scheduled Scan => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB06BE51-9DF6-46F8-9035-B07468322293} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB06BE51-9DF6-46F8-9035-B07468322293} => key removed successfully
C:\Windows\System32\Tasks\{56023160-B799-4645-B063-AFFAE4234881} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{56023160-B799-4645-B063-AFFAE4234881} => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LavasoftAdAwareService11 => key removed successfully
HKLM\System\CurrentControlSet\Services\LavasoftAdAwareService11 => key not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{58967C13-CDF9-4F3E-97D2-D1DED470D1FA} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5EDA4F80-FD2D-49B5-9409-AB6412D13910} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{84CAE729-C8E8-4B5B-B202-4F9A88BBF192} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EEDD2655-0487-4562-83BB-F92117D01005} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7FCC12D4-2597-4725-AFAE-47EA39AE5769} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{125DD76A-7F2C-4637-A34B-28AE6BBAC108} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4B3E40A2-5249-44A5-80C2-5489728F1408} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D9AC19C1-0DAD-45FA-A6B5-6F5689434355} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B74BF052-ABE8-4877-B1F1-2FD1395213AC} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BB9E8922-E01B-4497-BAB6-BA0DE0DB1363} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1575BDC3-DF99-4EC0-91D8-1603AD9B0E67} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8B2BAFE7-F941-44F1-8D55-8D2C80E66CE7} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B73FA5C0-B373-4929-B790-DF3A59970FE2} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AB15C78D-3377-475E-A700-3768463CCFF6} => value removed successfully
C:\Program Files (x86)\Lavasoft => moved successfully
The system needed a reboot.
==== End of Fixlog 13:56:52 ====

Share this post


Link to post
Share on other sites

Good!

 

Do you see anything related to Ad-Aware/adaware antivirus now?

If not, you can try to install adaware antivirus.

Share this post


Link to post
Share on other sites
Yes. There are still Adaware files on the C: drive.

I did a windows file search using AdAware as the keyword got the following hits:


Folder: C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613

Folder C:\Program Files\Lavasoft\Ad-Aware Antivirus

Folder C:\Program Files\Lavasoft\Ad-Aware Antivirus\AdAwareProxyEngine

Folder C:\Program Files\Lavasoft\Ad-Aware Antivirus\AdAwareProxyEngine\1.0.0.8


Foler: C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.129.0\extern\

file: C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.129.0\extern\Ad-Aware.xml


folder: C:\AdAwareProxyEngine

folder: C:\AdwCleaner\quarantine\files

folder: C:\Adaware SecureSearch Toolbar

folder: C:\Adaware SecureSearch Toolbar\Chrome


There are also still several items associated with FRST but I assume those can be deleted.


There may have been other folders that matched in this search. The listing was so extensive I just limited this report to the folders I detected in the list. I didn't think you needed filenames inside the folders, but if you do let me know and I'll figure a way to transcribe them into a notepad list.


BTW.... thanks for all the very good guidance.

Edited by ronlee67

Share this post


Link to post
Share on other sites

Can you delete these folders yourself or are there files in them that can't be deleted?

C:\Program Files\Lavasoft

C:\AdAwareProxyEngine

C:\Adaware SecureSearch Toolbar

Share this post


Link to post
Share on other sites

I deleted them. I purchased AdAware Pro but screwed up and clicked the download button on a still open AdAware page I visited earlier and ended up with AdAware Free installed. Can't find a place to enter the activation key, but that's a question for a different forum. Adaware Free is in and working perfectly.

 

Thank you for all your extensive advice!

 

Ron

Share this post


Link to post
Share on other sites

As far as I know, it's the same installation file for adaware antivirus free and pro. The pro features can be enabled when you've entered your license key.

https://www.adaware.com/user-guide/activation note the information below the first screen shot

 

You're welcome, Ron :)

Share this post


Link to post
Share on other sites

My Free AdAware downloaded and installed without displaying those screens. If I go into App management it shows a key already entered and an expiration date in November (not a year from now.) Very strange. I never download programs from third party sites yet this worries me that I might have a bogus copy? There is a button for "Change Key". If I enter the Pro key will it convert to PRO?

Share this post


Link to post
Share on other sites

If I go into App management it shows a key already entered and an expiration date in November (not a year from now.)

Can it be a year from when you installed Ad-Aware 11?

 

I never download programs from third party sites yet this worries me that I might have a bogus copy?

From which web site did you download adaware antivirus?

 

If I enter the Pro key will it convert to PRO?

It should but please check your keys at https://www.adaware.com/myadaware/loginpage first.

Share this post


Link to post
Share on other sites

Can it be a year from when you installed Ad-Aware 11?

 

From which web site did you download adaware antivirus?

 

It should but please check your keys at https://www.adaware.com/myadaware/loginpage first.

1. It could but I have no way of knowing for sure. I checked thru emails and records I keep in a password vault but found no match for that key. Admittedly those records are not complete.

2. downloaded from Lavasoft.com

3. My AdAware only shows the Pro version I bought the other day and one that expired in 2010. Neither key matches the key that showed up in the Free Version that was accidentally installed. I have no idea how the Free version ended up with a key already entered, especially after we went through the processes to completely eliminate all previous versions.

 

Checking Windows task manager I see two AdAware processes running:

AdAwareDesktop.exe C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareDesktop.exe
AdAwareTray.exe C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareTray.exe
Presumeably 12.0.649.11190 is the version and build. If you can verify this is a valid build number I will feel more comfortable that I have installed a bona fide AdAware Free program and not a knock off. That won't answer why there was already an activation key, but at least I can try entering the new Pro key I purchased and see what happens.
If you would like the activation key that appeared in the free version I have it written down along with the expiration date and time if you would like to look into this further. Perhaps by checking sales records for that date 1 year previous it can be determined who that key was issued to. I assume you would want it sent securely so just let me know how to send it.
Edited by ronlee67

Share this post


Link to post
Share on other sites

2. Then it must be the correct file.

 

The version and build numbers are correct.

 

Since it's a key for the free version, I don't think adaware software (Lavasoft) want to spent any time investigating why you got it and if someone else has used it earlier (I've no access to their internal systems).

Share this post


Link to post
Share on other sites

Thank you CeliaB.

 

I activated Pro with the purchased key and everything went normally. I'm currently running a full scan.

 

Again, thank you for all the fine effort and great guidance.

 

You can consider this "ticket" closed with successful outcome. 5 stars for support.

 

Ron

Share this post


Link to post
Share on other sites

You are welcome, Ron :)

 

I'm glad it's been resolved and you've Pro again.

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.Everyone else please begin a New Topic.Thank you !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this