|
Windows 7 BSOD
Hello,
I had come to this site years ago and got good help.. things were going ok til today. Computer was running fine, it was in sleep and hit space bar to wake it up as usual and it ran for a number a seconds then bsod. Rebooted it into safe mode and looked around.. said something about Explorer.. then tried to reboot again to full and it got past the manufacturer logo to the welcome screen then bsod. Now in safe mode again.. said something about Explorer not running again. The blue screen was only visible for like a second Have Windows 7 Home Premium on a Dell Inspiron 620. I have saved the blue screen messages from safe mode dialog window as well as the dump files but don't see any way to attach them. I was not able to find the second file in the Temp folder First blue screen: Problem signature: Problem Event Name: BlueScreen OS Version: 6.1.7601.2.1.0.768.3 Locale ID: 1033 Additional information about the problem: BCCode: f7 BCP1: 0000B880012991D5 BCP2: 0000F880012991D5 BCP3: FFFF077FFED66E2A BCP4: 0000000000000000 OS Version: 6_1_7601 Service Pack: 1_0 Product: 768_1 Files that help describe the problem: C:\Windows\Minidump\010621-24133-01.dmp C:\Users\Hans\AppData\Local\Temp\WER-43009-0.sysdata.xml Second: Problem signature: Problem Event Name: BlueScreen OS Version: 6.1.7601.2.1.0.768.3 Locale ID: 1033 Additional information about the problem: BCCode: 50 BCP1: FFFFB8A0041941B0 BCP2: 0000000000000000 BCP3: FFFFF80001FDF120 BCP4: 0000000000000007 OS Version: 6_1_7601 Service Pack: 1_0 Product: 768_1 Files that help describe the problem: C:\Windows\Minidump\010621-23337-01.dmp C:\Users\Hans\AppData\Local\Temp\WER-45302-0.sysdata.xml Trying to figure out how to open the dump files.. seems complicated Was looking at some previous related post and downloaded bluescreenview from Nirsoft and see 4 dump files from today.. Forth: 010621-23337-01.dmp 1/6/2021 3:19:38 PM PAGE_FAULT_IN_NONPAGED_AREA 0x00000050 ffffb8a0`041941b0 00000000`00000000 fffff800`01fdf120 00000000`00000007 ntoskrnl.exe ntoskrnl.exe+93ba0 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.24384 (win7sp1_ldr_escrow.190220-1800) x64 ntoskrnl.exe+93ba0 C:\Windows\Minidump\010621-23337-01.dmp 4 15 7601 278,504 1/6/2021 3:20:55 PM Third: 010621-24133-01.dmp 1/6/2021 2:49:54 PM DRIVER_OVERRAN_STACK_BUFFER 0x000000f7 0000b880`012991d5 0000f880`012991d5 ffff077f`fed66e2a 00000000`00000000 Ntfs.sys Ntfs.sys+209da x64 ntoskrnl.exe+93ba0 C:\Windows\Minidump\010621-24133-01.dmp 4 15 7601 278,504 1/6/2021 2:50:57 PM Second: 010621-19125-01.dmp 1/6/2021 2:48:15 PM MEMORY_MANAGEMENT 0x0000001a 00000000`00041790 fffffa80`05f02530 00000000`0000ffff 00000000`00000000 ntoskrnl.exe ntoskrnl.exe+93ba0 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.24384 (win7sp1_ldr_escrow.190220-1800) x64 ntoskrnl.exe+93ba0 C:\Windows\Minidump\010621-19125-01.dmp 4 15 7601 278,504 1/6/2021 2:49:29 PM First: 010621-23306-01.dmp 1/6/2021 2:46:41 PM MEMORY_MANAGEMENT 0x0000001a 00000000`00041790 fffffa80`05f02530 00000000`0000ffff 00000000`00000000 ntoskrnl.exe ntoskrnl.exe+93ba0 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.24384 (win7sp1_ldr_escrow.190220-1800) x64 ntoskrnl.exe+93ba0 C:\Windows\Minidump\010621-23306-01.dmp 4 15 7601 278,560 1/6/2021 2:47:51 PM each of the Dump files in the Nirsoft software has a preview pane of the files involved.. can try to provide that as well if needed. I haven't installed any software lately.. not for several months that can recall.. maybe upgraded the Proton VPN software to latest. The only hardware upgrade done was upgrading from 4 to 8 gigs memory like 6 months ago. I had bought an SSD a while back but never installed it because reluctant to to do the cloning and images because past bad experiences dealing with OS upgrades otherwise would have upgraded to Windows 10 long time ago. I found a guy locally who can do it and was planning on doing it like next month.. At a minimum would like to get computer to a state in which could do this upgrade.. From what i understand can't do it from Window 7 safe mode.. This looks serious. Please help thank you, Hans |
Hello Han Solo,
This problem is probably related to your drivers or other hardware issues. Let's take a look. For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to the desktop. For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to the desktop. Please run it and click Scan, post back with the 2 logfiles. Best regards. |
Hi olgun52, thank you for taking a look and helping me
here are the two files. I didn't click on any additional options First: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-01-2021 Ran by Hans (administrator) on PC (Dell Inc. Inspiron 620) (11-01-2021 09:46:33) Running from C:\Users\Hans\Desktop Loaded Profiles: Hans Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Safe Mode (with Networking) ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <59> (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Nir Sofer -> NirSoft) C:\Users\Hans\Downloads\New Downloads\Now\bluescreenview\BlueScreenView.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-29] (Unlimited Realities -> ) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-25] (Canon Inc. -> CANON INC.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc. -> Apple Inc.) HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc) HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1519312 2017-06-25] (Open Source Developer, Phillip Gibbons -> Highresolution Enterprises) HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions -> Sonic Solutions) HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-04-29] () [File not signed] HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1213848 2010-09-14] (Canon Inc. -> CANON INC.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-11-17] (Apple Inc. -> Apple Inc.) HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft, Inc. -> ArcSoft Inc.) HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Symantec Corporation -> Dell, Inc.) HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] (Sonic Solutions -> ) HKLM-x32\...\Run: [SilentCleanService] => C:\Program Files (x86)\iMobie\AnyTrans\${CHECK_RUNSERVICE_NAME} HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-11-17] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [24283120 2020-01-23] (Plex, Inc. -> Plex, Inc.) HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\Run: [ProtonVPN] => C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe [7452480 2020-10-06] (ProtonVPN AG -> ) HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_ 0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe) HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [24283120 2020-01-23] (Plex, Inc. -> Plex, Inc.) HKLM\...\Windows x64\Print Processors\Canon MX880 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAN.DLL [30208 2012-03-14] (CANON INC.) [File not signed] HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX880 series: C:\Windows\system32\CNCALAN.DLL [302080 2010-11-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJ Language Monitor MX880 series: C:\Windows\system32\CNMLMAN.DLL [385024 2012-03-14] (CANON INC.) [File not signed] HKLM\...\Print\Monitors\Canon BJNP Port: C:\Windows\system32\CNMN6PPM.DLL [328192 2010-09-08] (CANON INC.) [File not signed] HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\Insta ller\chrmstp.exe [2020-12-02] (Google LLC -> Google LLC) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Insta ller\chrmstp.exe" --configure-user-settings --verbose-logging --system-level HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2020-05-03] (Adobe Inc. -> Adobe Systems, Inc.) HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk [2012-04-01] ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company) [File not signed] Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2012-09-02] ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia -> Secunia) GroupPolicy: Restriction - Chrome <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0110782D-8874-4428-9253-0FC0001794D1} - System32\Tasks\NWC => C:\Program Files (x86)\ASCOMP Software\Synchredible\nwc.exe [332288 2014-09-30] () [File not signed] Task: {0D0524A3-E68F-41E8-B8A2-324632A5A01A} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} Task: {49A214E5-828F-47E3-9685-505850C22A4B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [3545880 2013-04-23] (Piriform Ltd -> Piriform Ltd) Task: {4F723766-9267-4A0F-9E80-D4E473128B8D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1491664 2013-05-13] (Microsoft Corporation -> Microsoft Corporation) Task: {55C3090F-E86F-4E6C-A6B8-5D233BA03727} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {6E62607A-A35F-40C0-8F80-E2C36B212A02} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyb oardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2179792 2013-05-13] (Microsoft Corporation -> Microsoft) Task: {6E8648CE-0E52-48D2-851F-17A79C334E78} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe Task: {776D0E2E-4453-445C-9DAF-D36387F055DC} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe Task: {77CCD346-000C-4879-AD86-4593016FA8D7} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2108624 2013-05-13] (Microsoft Corporation -> Microsoft Corporation) Task: {7AC189AF-7198-46AE-AAC5-C9E80539CC24} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-12-19] (Google Inc -> Google Inc.) Task: {8104CE8F-1675-47ED-85F8-1C7A7ABC903C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1491664 2013-05-13] (Microsoft Corporation -> Microsoft Corporation) Task: {8331C3DD-5990-4F43-8B2C-2CB9B6765CA2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.) Task: {A2080677-F342-4763-97C0-B18542DEE646} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_ 0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe) Task: {B06D5F00-8C5D-4EF5-BD3B-97D1AF788933} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) Task: {B7B8E81D-307B-4C1F-9CF8-633D619CFA41} - System32\Tasks\{F4F46FA1-7FD6-4681-A330-8AD497C43C02} => C:\Windows\system32\pcalua.exe -a "C:\Users\Hans\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\5XOIFA2S\WBSP_IE_Setup.exe" -d C:\Users\Hans\Desktop Task: {BEBA5329-B275-46AA-9B33-842800D3B30A} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_ exe => rundll32.exe url.dll,OpenURL http://go.microsoft.com/fwlink/?LinkID=230628 Task: {D788AB35-C928-481C-AE04-49F6A2E2CD42} - System32\Tasks\{FCEF3078-6348-4EF2-A133-EA5922813B83} => C:\Windows\system32\pcalua.exe -a C:\Users\Hans\Downloads\WBSP_IE_Setup.exe -d C:\Users\Hans\Desktop Task: {DA526EE1-9119-49D3-A2EB-D46AC198046E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe) Task: {DDD9C578-3B5F-4035-99FD-B3C48CC2126D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-12-19] (Google Inc -> Google Inc.) Task: {E4F6B829-35D7-4354-9AA1-B10A7AC332F3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [569416 2016-02-23] (Apple Inc. -> Apple Inc.) Task: {EC0AC83F-1CB1-4464-A104-888B1807169E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_ex e => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2108624 2013-05-13] (Microsoft Corporation -> Microsoft Corporation) Task: {EEE16815-66A5-4908-BAEB-30D61334AE14} - System32\Tasks\{E22B9F1E-B872-4306-8F1C-2D709707F048} => C:\Windows\system32\pcalua.exe -a "C:\Users\Hans\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\MQ3KEK3B\PCHCInstallerPackage.ex e" -d C:\Users\Hans\Desktop Task: {EEEAA326-2308-475C-99AF-BABE00811BD0} - System32\Tasks\{1D7851FC-923C-4BF0-9EF7-98C14DFD5E08} => C:\Windows\system32\pcalua.exe -a "C:\Users\Hans\Downloads\Shockwave_Installer_S lim 11.6.1.629.exe" -d C:\Users\Hans\Downloads Task: {F15BA0EF-5B72-42B2-B343-928E8E85294F} - System32\Tasks\ProtonVPN Update => C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-10-06] (ProtonVPN AG -> ) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.) Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.) Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.) Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.) Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.) Winsock: Catalog5-x64 09 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.) Tcpip\..\Interfaces\{66647859-4A98-410D-A6EA-64B8B46ABB45}: [NameServer] 209.18.47.61,209.18.47.62 Tcpip\..\Interfaces\{7E5C2F57-B30D-4B48-80C9-D5628F55B906}: [DhcpNameServer] 10.80.0.1 HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.0.1,-1] FireFox: ======== FF ProfilePath: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Prof iles\mwg4kyqa.default [2020-04-12] FF Extension: (HydraReader Class) - C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Prof iles\mwg4kyqa.default\Extensions\{37D4A353-C49B-8A56-4230-FE2A6C825946} [2014-11-06] [Legacy] [not signed] FF Extension: (WOT) - C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Prof iles\mwg4kyqa.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-11-02] [Legacy] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_ 465.dll [2020-12-08] (Adobe Inc. -> ) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_ 465.dll [2020-12-08] (Adobe Inc. -> ) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2013-06-26] (Adobe Systems, Inc.) [File not signed] FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.) [File not signed] FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google Inc. -> Google, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN -> VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp .dll [No File] FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default [2021-01-11] CHR DownloadDir: N:\ CHR StartupUrls: Default -> "hxxps://www.google.com/?gws_rd=ssl" CHR DefaultSearchURL: Default -> hxxps://vortex.accuweather.com/adc2010/images/favicons/awx-2013-master.ico CHR Extension: (Slides) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2017-10-17] CHR Extension: (Sparta: War of Empires) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcokacflmihcgkgjofglkhobj kheeic [2016-01-16] CHR Extension: (Docs) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2017-10-17] CHR Extension: (Google Drive) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2020-10-30] CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpb ikblnp [2021-01-10] CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkop ceiche [2020-10-18] CHR Extension: (YouTube) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2015-12-19] CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddi lifddb [2020-12-24] CHR Extension: (OneTab) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkd nihall [2020-09-21] CHR Extension: (uBlock Origin) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjb keiagm [2021-01-11] CHR Extension: (Google Search) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2015-12-19] CHR Extension: (Tab Restore) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbndgjfafojhfndfgpcibceghe lbbnep [2018-02-04] CHR Extension: (Session Buddy) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbc dcpbko [2020-05-13] CHR Extension: (Recent History) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbmkfdfomhhlonpbnpiibloace mdhjjm [2019-12-23] CHR Extension: (Sheets) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2017-10-17] CHR Extension: (History Button) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofpnhmbgmmeaialapfddhbhfo ngoinh [2018-02-04] CHR Extension: (2nd Toolbar Spacer) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplioachhfdbehddoehahffjbc feinid [2018-02-04] CHR Extension: (Fair Ads) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagfkmknmijppikpcikmbbkdkh ggcmge [2017-05-29] CHR Extension: (Google Docs Offline) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2020-11-27] CHR Extension: (AdBlock — best ad blocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbi glidom [2020-12-25] CHR Extension: (VPN Free - Betternet Unlimited VPN Proxy) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpo ekiipm [2020-10-18] CHR Extension: (Hola Free VPN Proxy Unblocker - Best VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfb nlmeio [2021-01-06] CHR Extension: (Toolbar Spacer) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\golladjmjodbefcoombodcdhim kmgemd [2018-02-04] CHR Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcna nddlhb [2021-01-06] CHR Extension: (Open in VLC™ media player) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihpiinojhnfhpdmmacgmpoonph himkaj [2021-01-01] CHR Extension: (Recently Closed) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\khiocfdofmabcpofejbffpboco abcjib [2020-07-24] CHR Extension: (Zoom for Google Chrome) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojik agldgd [2020-08-13] CHR Extension: (Fair AdBlocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdh pknnjh [2020-10-18] CHR Extension: (Extensions) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjcdccmhfohhffdhmleihkcge fgnghb [2020-05-13] CHR Extension: (Oriental, NC Interactive Weather Rada...) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbkkhmpidoemedicppkhfklljp pccaan [2018-01-29] CHR Extension: (Free VPN Proxy Unlimited VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mojliakllambnopeaalgddbiip ohdgol [2020-12-16] CHR Extension: (Hotspot Shield Free VPN Proxy - Unlimited VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloa ajcffj [2020-10-18] CHR Extension: (Chrome Web Store Payments) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2019-10-14] CHR Extension: (Weather Forecast) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofobaelkgcpicbdoabokjlnmdc bjellg [2020-06-13] CHR Extension: (Bookmarks) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogpfecfneobbmjefimpeomoelo ahjmcm [2019-10-31] CHR Extension: (AdBlocker Ultimate) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohahllgiabjaoigichmmfljhkc fikeof [2020-12-09] CHR Extension: (TunnelBear VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookp fjihpa [2021-01-06] CHR Extension: (Browsec VPN - Free VPN for Chrome) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdo dcjboh [2021-01-06] CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofgbpoabipfcfjapgnbbjjaen ockbdp [2020-10-18] CHR Extension: (uBlock Plus Adblocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofnbdifeelbaidfgpikinijek kjcicg [2018-02-06] CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjp fogcam [2020-12-25] CHR Extension: (VLC Video Downloader) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pggkpkppiimfmjhlnkdhaleiom ejgedd [2018-12-21] CHR Extension: (Gmail) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2020-10-30] CHR Extension: (Chrome Media Router) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2020-12-14] CHR Profile: C:\Users\Hans\AppData\Local\Google\Chrome\User Data\System Profile [2019-05-24] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft, Inc. -> ArcSoft Inc.) S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.) S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe) S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc. -> Apple Inc.) S2 GenieTimelineService; C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimelineService.exe [671744 2016-12-18] (Genie9) [File not signed] R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) S2 NOBU; C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2823000 2010-08-25] (Symantec Corporation -> Dell, Inc.) S2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [2136056 2020-01-23] (Plex, Inc. -> Plex, Inc.) S3 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [99136 2020-10-06] (ProtonVPN AG -> ) S3 ProtonVPN Update Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-10-06] (ProtonVPN AG -> ) S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1326176 2012-07-25] (Secunia -> Secunia) S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [681056 2012-07-25] (Secunia -> Secunia) S2 SftService; C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [1695040 2012-02-16] (Dell Inc -> SoftThinks SAS) S2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [253912 2019-10-30] (Synology Inc. -> ) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation) S2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292480 2012-07-17] (Microsoft Corporation -> Microsoft Corp.) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Windows -> Microsoft Corporation) R3 busenum; C:\Windows\System32\DRIVERS\busenum.sys [55776 2012-08-03] (Synology Inc. -> Windows (R) Win 7 DDK provider) S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation) S3 ProtonVPNSplitTunnel; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win7\ProtonVPN.SplitTun nelDriver.sys [22456 2020-08-19] (ProtonVPN AG -> Proton Technologies AG) R3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [39864 2020-08-19] (ProtonVPN AG -> The OpenVPN Project) R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> ) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2016-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [23200 2015-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies) S3 MpKsl323b3910; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BFC668F6-368B-4AB5-8795-4CA4B6CACD86}\MpKslDrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-01-11 09:46 - 2021-01-11 09:47 - 000028162 _____ C:\Users\Hans\Desktop\FRST.txt 2021-01-10 18:07 - 2021-01-10 18:07 - 002281472 _____ (Farbar) C:\Users\Hans\Desktop\FRST64.exe 2021-01-06 15:20 - 2021-01-06 15:20 - 000278504 _____ C:\Windows\Minidump\010621-23337-01.dmp 2021-01-06 14:50 - 2021-01-09 12:39 - 000097272 _____ C:\Windows\ntbtlog.txt 2021-01-06 14:50 - 2021-01-06 14:50 - 000278504 _____ C:\Windows\Minidump\010621-24133-01.dmp 2021-01-06 14:49 - 2021-01-06 14:49 - 000278504 _____ C:\Windows\Minidump\010621-19125-01.dmp 2021-01-06 14:47 - 2021-01-06 14:47 - 000278560 _____ C:\Windows\Minidump\010621-23306-01.dmp 2020-12-31 12:49 - 2020-12-31 12:49 - 000001194 _____ C:\Users\Public\Desktop\Synology Assistant.lnk 2020-12-31 12:49 - 2020-12-31 12:49 - 000001194 _____ C:\ProgramData\Desktop\Synology Assistant.lnk 2020-12-31 12:49 - 2020-12-31 12:49 - 000000000 ____D C:\ProgramData\Synology 2020-12-31 12:49 - 2020-12-31 12:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology 2020-12-31 11:46 - 2020-12-31 12:49 - 000000000 ____D C:\Program Files (x86)\Synology ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-01-11 09:46 - 2014-11-20 18:54 - 000000000 ____D C:\FRST 2021-01-11 09:44 - 2015-01-07 18:26 - 000000000 ____D C:\Users\Hans\Documents\New Stuff 2021-01-09 12:40 - 2009-07-14 00:13 - 000783424 _____ C:\Windows\system32\PerfStringBackup.INI 2021-01-09 12:40 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf 2021-01-06 15:20 - 2020-09-21 19:04 - 444147567 _____ C:\Windows\MEMORY.DMP 2021-01-06 15:20 - 2015-11-05 09:22 - 000000000 ____D C:\Windows\Minidump 2021-01-06 15:19 - 2012-09-12 15:47 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2021-01-06 15:19 - 2011-08-17 20:36 - 000000000 ____D C:\Users\Default\AppData\Local\SoftThinks 2021-01-06 15:19 - 2011-08-17 20:36 - 000000000 ____D C:\Users\Default User\AppData\Local\SoftThinks 2021-01-06 15:18 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2021-01-06 15:05 - 2011-12-26 14:34 - 000000000 ____D C:\Users\Hans\AppData\Local\ElevatedDiagnostics 2021-01-06 02:04 - 2018-02-03 21:46 - 000000000 ____D C:\Users\Hans\AppData\Roaming\vlc 2021-01-03 20:21 - 2009-07-13 23:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2021-01-03 20:21 - 2009-07-13 23:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2021-01-02 18:58 - 2014-11-07 01:30 - 000000000 ____D C:\Users\Hans\Downloads\New Downloads 2020-12-31 12:18 - 2019-08-17 18:01 - 000000000 ____D C:\Users\Hans\AppData\Local\Plex Media Server 2020-12-24 17:44 - 2011-12-26 15:18 - 000000000 ____D C:\Users\Hans\AppData\Roaming\SoftGrid Client 2020-12-19 15:24 - 2011-12-26 10:20 - 000075248 _____ C:\Users\Hans\AppData\Local\GDIPFONTCACHEV1.DAT 2020-12-16 22:31 - 2009-07-14 00:08 - 000032634 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2020-12-13 08:22 - 2016-06-08 17:50 - 000002089 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk ==================== Files in the root of some directories ======== 2014-11-12 17:42 - 2014-11-12 17:42 - 000000272 _____ () C:\Users\Hans\AppData\Roaming\DECRYPT_INSTRUCTION. URL 2014-11-12 17:41 - 2014-11-12 17:41 - 000000272 _____ () C:\Users\Hans\AppData\Roaming\Microsoft\DECRYPT_IN STRUCTION.URL 2012-12-13 07:48 - 2019-12-15 17:14 - 000164864 _____ () C:\Users\Hans\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-11-12 17:39 - 2014-11-12 17:39 - 000000272 _____ () C:\Users\Hans\AppData\Local\DECRYPT_INSTRUCTION.UR L 2012-04-01 19:23 - 2012-04-01 19:23 - 000000022 _____ () C:\Users\Hans\AppData\Local\kodakpcd.ini 2012-01-09 11:17 - 2020-06-09 19:57 - 000007613 _____ () C:\Users\Hans\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) LastRegBack: 2020-12-23 00:39 ==================== End of FRST.txt ======================== |
Second part 1:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-01-2021 Ran by Hans (11-01-2021 09:47:32) Running from C:\Users\Hans\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2011-12-26 15:20:30) Boot Mode: Safe Mode (with Networking) ================================================== ======== ==================== Accounts: ============================= Administrator (S-1-5-21-4200521874-2590480824-2585516950-500 - Administrator - Disabled) Guest (S-1-5-21-4200521874-2590480824-2585516950-501 - Limited - Enabled) Hans (S-1-5-21-4200521874-2590480824-2585516950-1000 - Administrator - Enabled) => C:\Users\Hans HomeGroupUser$ (S-1-5-21-4200521874-2590480824-2585516950-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189} AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated) Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.465 - Adobe) Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe) Adobe Shockwave Player 12.0 (HKLM-x32\...\{0099B484-C24C-4D5F-8167-B0F6DF196E72}) (Version: 12.0.3.133 - Adobe Systems, Inc) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.) AnyTrans (HKLM-x32\...\AnyTrans) (Version: 5.4.0.0 - iMobie Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version: - ArcSoft) ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version: - ArcSoft) ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version: - ArcSoft) ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version: - ArcSoft) ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version: - ArcSoft) ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version: - ArcSoft) ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version: - ArcSoft) ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft) Awesomium.NET Redistribution Module (HKLM-x32\...\{C34CAF35-6198-4EEB-970F-C61FC51D23BD}) (Version: 1.7.4.2 - ©2014 Awesomium Technologies LLC) Hidden Bejeweled 2 Deluxe (HKLM-x32\...\WT089409) (Version: 2.2.0.95 - WildTangent) Hidden Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.) Bing Rewards Client Installer (HKLM-x32\...\{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}) (Version: 16.0.345.0 - Microsoft Corporation) Hidden Blackhawk Striker 2 (HKLM-x32\...\WT089410) (Version: 2.2.0.95 - WildTangent) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Bounce Symphony (HKLM-x32\...\WT089443) (Version: 2.2.0.95 - WildTangent) Hidden Build-a-lot 2 (HKLM-x32\...\WT089411) (Version: 2.2.0.95 - WildTangent) Hidden Cake Mania (HKLM-x32\...\WT089412) (Version: 2.2.0.95 - WildTangent) Hidden Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - ) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - ) Canon MP Navigator EX 4.1 (HKLM-x32\...\MP Navigator EX 4.1) (Version: - ) Canon MX880 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series) (Version: - ) Canon MX880 series User Registration (HKLM-x32\...\Canon MX880 series User Registration) (Version: - ) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - ) Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - ) Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform) CCScore (HKLM-x32\...\{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden Chuzzle Deluxe (HKLM-x32\...\WT089413) (Version: 2.2.0.95 - WildTangent) Hidden Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.4.0 - Conexant) Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.) Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.) Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.) Dell Marketplace Webslice IE8 (HKLM-x32\...\{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}) (Version: 8.0 - Nextjump Inc) Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps) Dell PhotoStage (HKLM-x32\...\{0D98F04D-11A1-4B64-A406-43292B9EEE90}) (Version: 1.5.0.130 - ArcSoft) Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft) Dell Stage (HKLM-x32\...\{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}) (Version: 1.5.201.0 - Fingertapps) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.52 - Dell) Dell System Detect (HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\58d94f3ce2c27db0) (Version: 6.12.0.1 - Dell) Dell VideoStage (HKLM-x32\...\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1719 - CyberLink Corp.) Hidden Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1719 - CyberLink Corp.) Diner Dash 2 Restaurant Rescue (HKLM-x32\...\WT089414) (Version: 2.2.0.95 - WildTangent) Hidden DirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) Hidden Dora's World Adventure (HKLM-x32\...\WT089415) (Version: 2.2.0.95 - WildTangent) Hidden Escape Whisper Valley (TM) (HKLM-x32\...\WT089434) (Version: 2.2.0.95 - WildTangent) Hidden ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) ESSBrwr (HKLM-x32\...\{643EAE81-920C-4931-9F0B-4B343B225CA6}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden ESSCDBK (HKLM-x32\...\{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}) (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden ESScore (HKLM-x32\...\{42938595-0D83-404D-9F73-F8177FDD531A}) (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden ESSgui (HKLM-x32\...\{91517631-A9F3-4B7C-B482-43E0068FD55A}) (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden ESSini (HKLM-x32\...\{8E92D746-CD9F-4B90-9668-42B74C14F765}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden ESSPCD (HKLM-x32\...\{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden ESSPDock (HKLM-x32\...\{FCDB1C92-03C6-4C76-8625-371224256091}) (Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden ESSTOOLS (HKLM-x32\...\{8A502E38-29C9-49FA-BCFA-D727CA062589}) (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden essvatgt (HKLM-x32\...\{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}) (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden Farm Frenzy (HKLM-x32\...\WT089450) (Version: 2.2.0.95 - WildTangent) Hidden FATE (HKLM-x32\...\WT089418) (Version: 2.2.0.95 - WildTangent) Hidden FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - ) Final Drive Fury (HKLM-x32\...\WT089499) (Version: 2.2.0.95 - WildTangent) Hidden Final Drive Nitro (HKLM-x32\...\WT089444) (Version: 2.2.0.95 - WildTangent) Hidden FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version: - Marek Jasinski) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - ) Hewlett-Packard ACLM.NET v1.1.0.0 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard) Hidden iCloud (HKLM\...\{4BB313CE-D3D1-424C-8823-15CF85B00B05}) (Version: 6.1.0.30 - Apple Inc.) iExplorer (HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\262f11f6ff148a12) (Version: 4.0.4.0 - Macroplant LLC) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation) Internet Explorer (HKLM-x32\...\{AA31EA7B-7917-4000-949B-38E91F848A25}) (Version: 8 - Microsoft Corporation) Hidden IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan) iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.) Jewel Quest (HKLM-x32\...\WT089420) (Version: 2.2.0.95 - WildTangent) Hidden Jewel Quest Solitaire 2 (HKLM-x32\...\WT089422) (Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (HKLM-x32\...\{400C31E4-796F-4E86-8FDC-C3C4FACC6847}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden K-Lite Codec Pack 9.6.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.6.0 - ) Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company) Luxor (HKLM-x32\...\WT089507) (Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation) Microsoft Baseline Security Analyzer 2.2 (HKLM\...\{08C3441C-4FAF-48D3-A551-70DD6031734F}) (Version: 2.2.2170 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation) Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla) Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MyHarmony (HKLM-x32\...\{2AD8F8A1-ECE5-4890-BCC2-B4396370A0D4}) (Version: 1.0.302 - Logitech) Namco All-Stars PAC-MAN (HKLM-x32\...\WT089440) (Version: 2.2.0.95 - WildTangent) Hidden netbrdg (HKLM-x32\...\{4537EA4B-F603-4181-89FB-2953FC695AB1}) (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden OfotoXMI (HKLM-x32\...\{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}) (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden Penguins! (HKLM-x32\...\WT089445) (Version: 2.2.0.95 - WildTangent) Hidden PhotoShowExpress (HKLM-x32\...\{3250260C-7A95-4632-893B-89657EB5545B}) (Version: 2.0.063 - Sonic Solutions) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Plants vs. Zombies - Game of the Year (HKLM-x32\...\WT089452) (Version: 2.2.0.95 - WildTangent) Hidden PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Plex Media Server (HKLM-x32\...\{13A1DA5E-AFBD-491D-95FD-70EFD98A5377}) (Version: 1.18.2309 - Plex, Inc.) Hidden Plex Media Server (HKLM-x32\...\{9b222a9c-d2a0-4c06-b687-014fb06a4313}) (Version: 1.18.5.2309 - Plex, Inc.) Poker Superstars III (HKLM-x32\...\WT089426) (Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (HKLM-x32\...\WT089508) (Version: 2.2.0.95 - WildTangent) Hidden Polar Golfer (HKLM-x32\...\WT089433) (Version: 2.2.0.95 - WildTangent) Hidden ProtonVPN (HKLM-x32\...\{074CACAD-CAB4-42A5-9C13-D1245FA9D6D6}) (Version: 1.17.4 - Proton Technologies AG) Hidden ProtonVPN (HKLM-x32\...\ProtonVPN 1.17.4) (Version: 1.17.4 - Proton Technologies AG) ProtonVPNTap (HKLM-x32\...\{BCB82CD9-F514-4F93-A6D9-F898494DC927}) (Version: 1.1.0 - Proton Technologies AG) Q-Dir (HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\Q-Dir) (Version: - ) QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden ReadySHARE Vault (HKLM-x32\...\ReadySHARE Vault) (Version: 7.0 - Genie9) Resilio Sync (HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\Resilio Sync) (Version: 2.6.3 - Resilio, Inc.) Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio) Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.2 - Roxio) Hidden Samantha Swift (HKLM-x32\...\WT089503) (Version: 2.2.0.95 - WildTangent) Hidden Secunia PSI (3.0.0.3001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.3001 - Secunia) SFR (HKLM-x32\...\{DB02F716-6275-42E9-B8D2-83BA2BF5100B}) (Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden SHASTA (HKLM-x32\...\{605A4E39-613C-4A12-B56F-DEFBE6757237}) (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden skin0001 (HKLM-x32\...\{5316DFC9-CE99-4458-9AB3-E8726EDE0210}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden SKINXSDK (HKLM-x32\...\{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Smart View (HKLM-x32\...\{1800D8A5-F7B2-4C20-868E-1CF55CBBDF21}) (Version: 1.0.0.0 - Samsung ) Sonic CinePlayer Decoder Pack (HKLM-x32\...\{9A00EC4E-27E1-42C4-98DD-662F32AC8870}) (Version: 4.3.0 - Sonic Solutions) Hidden Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform) SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC) staticcr (HKLM-x32\...\{8943CE61-53BD-475E-90E1-A580869E98A2}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden Stopping Plex (HKLM-x32\...\{72D77FDA-EFAC-4DA5-A67C-1A74319DCB6D}) (Version: 1.18.2309 - Plex, Inc.) Hidden swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 8.5.26.0 - 2BrightSparks) Synchredible (HKLM-x32\...\Synchredible_is1) (Version: 5.1.0.1 - ASCOMP Software GmbH) Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: 6.2-24922 - Synology) System Requirements Lab for Intel (HKLM-x32\...\{C71067FC-288F-4E0B-88C6-44DFDA8311E2}) (Version: 4.5.9.0 - Husdawg, LLC) TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.14484 - TeamViewer) Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WT089430) (Version: 2.2.0.95 - WildTangent) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN) VPRINTOL (HKLM-x32\...\{999D43F4-9709-4887-9B1A-83EBB15A8370}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden WatchSeries version 1.0 (HKLM-x32\...\{55F6C93F-F7A3-4B4F-898C-5D9DE013BA0E}_is1) (Version: 1.0 - WatchSeries) WebSlingPlayer ActiveX (HKLM-x32\...\{D91CBC0D-D45B-4FE7-AF44-E2BDD302CD9F}) (Version: 1.5.7158 - Sling Media) Wedding Dash - Ready, Aim, Love! (HKLM-x32\...\WT089446) (Version: 2.2.0.95 - WildTangent) Hidden WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.2.5 - WildTangent) WildTangent Games App (Dell Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell) (Version: 4.1.1.30 - WildTangent) Hidden WildTangent ShortcutProvider (HKLM-x32\...\{80831F60-19D7-43B3-A60C-5CAF8C478DF6}) (Version: 4.5.0.160 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) WIRELESS (HKLM-x32\...\{F9593CFB-D836-49BC-BFF1-0E669A411D9F}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden WOT for Internet Explorer (HKLM\...\{DCAEC601-735C-41AE-B84F-D792F09FB7D1}) (Version: 12.8.2.0 - WOT Services Oy) X-Mouse Button Control 2.16.1 (HKLM-x32\...\X-Mouse Button Control) (Version: 2.16.1 - Highresolution Enterprises) XYplorerFree 17.40 (HKLM-x32\...\XYplorerFree) (Version: 17.40 - Donald Lessau, Cologne Code Company) Zuma Deluxe (HKLM-x32\...\WT089448) (Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Hans\AppData\Local\Microsoft\SkyDrive\17. 0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Hans\AppData\Local\Microsoft\SkyDrive\17. 0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Hans\AppData\Local\Microsoft\SkyDrive\17. 0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Hans\AppData\Local\Microsoft\SkyDrive\17. 0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Hans\AppData\Local\Microsoft\SkyDrive\17. 0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation -> Microsoft Corporation) SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll (Microsoft Windows -> Microsoft Corporation) SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWow64\webcheck.dll (Microsoft Windows -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ !Resilio Sync 2.6.3Done] -> {581FFA04-FC33-0003-0602-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_53C.dll [2019-04-06] () [File not signed] ShellIconOverlayIdentifiers: [ !Resilio Sync 2.6.3RO] -> {581FFA03-FC33-0003-0602-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_53C.dll [2019-04-06] () [File not signed] ShellIconOverlayIdentifiers: [ !Resilio Sync 2.6.3RW] -> {581FFA02-FC33-0003-0602-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_53C.dll [2019-04-06] () [File not signed] ShellIconOverlayIdentifiers: [0GenieTimeLine-BackedUp] -> {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed] ShellIconOverlayIdentifiers: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed] ShellIconOverlayIdentifiers: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed] ShellIconOverlayIdentifiers: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed] ShellIconOverlayIdentifiers: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed] ShellIconOverlayIdentifiers-x32: [ !Resilio Sync 2.6.3Done] -> {581FFA04-FC33-0003-0602-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_53C.dll [2019-04-06] () [File not signed] ShellIconOverlayIdentifiers-x32: [ !Resilio Sync 2.6.3RO] -> {581FFA03-FC33-0003-0602-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_53C.dll [2019-04-06] () [File not signed] ShellIconOverlayIdentifiers-x32: [ !Resilio Sync 2.6.3RW] -> {581FFA02-FC33-0003-0602-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_53C.dll [2019-04-06] () [File not signed] ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-BackedUp] -> {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed] ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed] ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed] ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed] ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed] ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2016-11-17] (Apple Inc. -> Apple Inc.) ContextMenuHandlers1: [Roxio Burn] -> {E8CB9D53-A47A-42B5-9F5B-96B037C9DD4C} => C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll [2010-11-10] (Sonic Solutions -> TODO: <Company name>) ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers2: [Genie-Soft Timeline Backup Context Menu Extension] -> {D821600B-0B5D-4D7E-B1CC-034C652E8288} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineContextMenu.gtl [2016-12-18] (Genie9) [File not signed] ContextMenuHandlers3: [Genie-Soft Timeline Backup Context Menu Extension] -> {D821600B-0B5D-4D7E-B1CC-034C652E8288} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineContextMenu.gtl [2016-12-18] (Genie9) [File not signed] ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Fi lter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] ShortcutWithArgument: C:\Users\Hans\Desktop\Oriental Weather.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=mbkkhmpidoemedicppkhfklljppccaan ShortcutWithArgument: C:\Users\Hans\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Chrome Apps\Oriental, NC Interactive Weather Rada.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=mbkkhmpidoemedicppkhfklljppccaan ShortcutWithArgument: C:\Users\Hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Oriental Weather.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=mbkkhmpidoemedicppkhfklljppccaan ==================== Loaded Modules (Whitelisted) ============= 2020-03-05 17:07 - 2016-12-18 07:38 - 000741376 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSBackupManager.gtl 2020-03-05 17:07 - 2016-12-13 05:19 - 000089600 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSEncryption.gtl 2020-03-05 17:07 - 2016-12-18 07:38 - 000491520 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSIndexDB.gtl 2020-03-05 17:07 - 2016-12-13 05:19 - 000058368 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSLibrariesManager.gtl 2020-03-05 17:07 - 2016-12-13 05:18 - 000045568 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogging.gtl 2020-03-05 17:07 - 2016-12-18 07:38 - 000054784 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogManager.gtl 2020-03-05 17:07 - 2016-12-18 07:38 - 000163328 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl 2020-03-05 17:07 - 2016-12-18 07:38 - 000371200 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSWatcher4.gtl 2020-03-05 17:07 - 2016-12-18 07:38 - 000332800 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\OnlineHandler.gtl 2013-02-03 04:21 - 2013-02-03 04:21 - 000045056 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\pcre.dll 2013-02-03 04:21 - 2013-02-03 04:21 - 000097792 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\pcrebase.dll 2020-03-05 17:07 - 2016-12-18 07:38 - 000087552 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\QueueManager.gtl 2020-03-05 17:07 - 2013-02-03 06:40 - 000011264 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\RWLock.gtl 2020-03-05 17:07 - 2016-12-18 07:38 - 000211968 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\Settings.gtl 2020-03-05 17:07 - 2012-02-02 04:16 - 000740864 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\sqlite3.gtl 2020-03-05 17:07 - 2013-02-03 06:40 - 000010752 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\VSSEngine_Proxy.gtl 2019-04-06 21:33 - 2019-04-06 21:33 - 000542208 _____ () [File not signed] C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_53C.dll 2019-04-06 21:33 - 2019-04-06 21:33 - 000480768 _____ () [File not signed] C:\ProgramData\Resilio Sync\ShellExtensionOverlay86_53C.dll 2020-03-05 17:07 - 2015-05-26 04:42 - 000491520 _____ (Artpol Software) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSZipEng.gtl 2012-01-10 12:10 - 2010-09-10 14:57 - 000023040 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Solution Menu EX\LangInfo\EN\CNSELANG.dll 2020-03-05 17:07 - 2016-12-18 07:38 - 000094720 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSCopy.gtl 2020-03-05 17:07 - 2016-12-18 07:38 - 000098816 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineContextMenu.gtl 2020-03-05 17:07 - 2016-12-18 07:38 - 000637952 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineNSE.gtl 2020-03-05 17:07 - 2016-12-13 07:44 - 001504256 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineShellRes.gtl 2011-12-28 00:01 - 2011-12-28 00:01 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a 1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80 U.DLL 2011-12-28 00:01 - 2011-12-28 00:01 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3 b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MF C80ENU.DLL 2020-03-05 17:07 - 2012-02-02 04:16 - 001558016 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\libeay32.gtl ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\GoToAssist => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Opt ion => "OptionValue"="2" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Version 11) (Whitelisted) ========== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = SearchScopes: HKLM-x32 -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.) BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> ) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2011-10-15] (Canon Inc. -> CANON INC.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.) BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> ) Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> ) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2011-10-15] (Canon Inc. -> CANON INC.) Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> ) Toolbar: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> ) DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxps://support.dell.com/systemprofiler/SysProExe.CAB DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab DPF: HKLM-x32 {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc. -> Belarc, Inc.) Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> ) Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> ) (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7721 more sites. IE trusted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\dell.com -> dell.com IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\1-2005-search.com -> www.1-2005-search.com There are 12539 more sites. |
Second part 2:
==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2012-08-19 20:29 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoo t%\system32\wbem;%SYSTEMROOT%\System32\WindowsPowe rShell\v1.0;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\DLLShared;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\DLLShared;C:\Program Files (x86)\Roxio\OEM\AudioCore;C:\Program Files (x86)\QuickTime\QTSystem;%systemroot%\System32\Win dowsPowerShell\v1.0\;%systemroot%\System32\Windows PowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\ HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Th emes\TranscodedWallpaper.jpg DNS Servers: 209.18.47.61 - 209.18.47.62 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{673BAE18-6223-454E-8C96-A404DC8391FF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{1C205064-3431-405D-A20E-976D1F578CF1}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe (CyberLink -> CyberLink Corp.) FirewallRules: [{0CB602E4-73BC-4E67-8793-99A5073FAD29}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer -> TeamViewer GmbH) FirewallRules: [{06CB4B9E-165D-4EA8-A94F-886C09AC01F5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer -> TeamViewer GmbH) FirewallRules: [{1ED14FE4-B8CF-4A9C-BDEF-2C477BE6B492}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH) FirewallRules: [{A6CEA8AA-5396-488D-B1AD-A2DBCE4130D8}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH) FirewallRules: [TCP Query User{80D10834-2555-4921-A011-9BD86B64361F}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{07E6E5AE-22BE-4DF1-A9F3-C8D24A76381B}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{559A8DCE-8B1D-4FA1-842E-4A6054CA33D5}] => (Allow) C:\Users\Hans\AppData\Local\Microsoft\SkyDrive\Sky Drive.exe => No File FirewallRules: [{56EA8C79-82B6-466B-84F9-58DC74CFBDEB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{784800E0-76E8-49F9-97EC-2A11D051857A}] => (Allow) LPort=2869 FirewallRules: [{BADCDFE7-9F62-44B2-A289-DD48C4575314}] => (Allow) LPort=1900 FirewallRules: [{21B926DC-87BC-43BB-8E63-B45D2E591000}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{5FEE0B98-2EEE-4164-B27E-5E8345712187}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [UDP Query User{F167EFD9-0D2B-423E-AF94-92F284AE0B9C}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [TCP Query User{684394E7-EA52-4B35-925A-8623013DC1E4}C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe => No File FirewallRules: [UDP Query User{41DA95D7-A999-4945-8E1C-72BF6A147B78}C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe => No File FirewallRules: [TCP Query User{DC70B0E8-B491-4E28-A717-821F5018286D}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [UDP Query User{0B4CF4E2-8E00-41C0-B754-8FC5D3AAC65D}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{573A03D1-54F0-4018-A65A-B725D9066CDD}] => (Allow) C:\Windows\explorer.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{82B9417A-EE6F-4DEB-A7F3-6D1976BCF2F5}] => (Allow) C:\Windows\explorer.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{78115ACF-B1B1-4568-9A6D-C6E92FF58F14}] => (Allow) C:\Windows\SysWOW64\explorer.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{FB66895A-C0D4-43C5-8876-827293C7AB6F}] => (Allow) C:\Windows\SysWOW64\explorer.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [TCP Query User{2A65CE14-3731-406C-8473-13AC8646D02C}C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe => No File FirewallRules: [UDP Query User{F338DE2E-04AD-4594-9CD1-123AED2AD808}C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe => No File FirewallRules: [TCP Query User{0E05BE06-51C6-43B3-B1F1-AFE4BF42BF19}C:\windows\syswow64\explorer.exe] => (Allow) C:\windows\syswow64\explorer.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [UDP Query User{119CF0E3-DE7C-4C94-AAA9-B056D38D4581}C:\windows\syswow64\explorer.exe] => (Allow) C:\windows\syswow64\explorer.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [TCP Query User{CE46814A-1516-4E06-B8C3-D663FEEBC10F}C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe => No File FirewallRules: [UDP Query User{641D4311-0D04-44DC-BE58-A5E229FF4075}C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe => No File FirewallRules: [{92C8FB58-CB64-4DFB-BD3F-96F1A08855C6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{DF33EF06-3E91-4442-82CA-45C02D012CCC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{D5DC4BE5-0698-469D-853A-E412000D9AEB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{E6B8C4CA-3985-492D-9129-AC326448373C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{2703FD34-D72D-4B4F-9DC9-CFCC5D36690B}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [TCP Query User{DE4BB905-1F70-4EBB-9F53-46CD1476D813}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe () [File not signed] FirewallRules: [UDP Query User{BFD561A2-BE79-4718-80AA-B8DFE0ADBD9F}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe () [File not signed] FirewallRules: [TCP Query User{0CDAD4C7-83B9-4124-958E-DA0A24199B10}C:\program files (x86)\smart view\smart view.exe] => (Block) C:\program files (x86)\smart view\smart view.exe () [File not signed] FirewallRules: [UDP Query User{4D3DB4CB-9C93-41F2-A5FD-3E776F60DE57}C:\program files (x86)\smart view\smart view.exe] => (Block) C:\program files (x86)\smart view\smart view.exe () [File not signed] FirewallRules: [TCP Query User{6D7930DA-F279-4584-8962-B479F7E86994}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [UDP Query User{EC43C18E-7120-43AD-BACE-FD874FB4C638}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [{57AAB2EB-82D0-4FC3-867A-5DAE6C9F82A3}] => (Allow) C:\Users\Hans\AppData\Roaming\Resilio Sync\Resilio Sync.exe (Resilio, Inc -> Resilio, Inc.) FirewallRules: [{865DCC19-005A-477F-85B7-DC884EC1A3E7}] => (Allow) C:\Users\Hans\AppData\Roaming\Resilio Sync\Resilio Sync.exe (Resilio, Inc -> Resilio, Inc.) FirewallRules: [{A31116D1-A8F6-46D2-8C06-A9E3FC458024}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc. -> Plex, Inc.) FirewallRules: [{8CD20C05-A030-4A57-8B0E-75FC3C274C7E}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Plex, Inc. -> Python Software Foundation) FirewallRules: [{5C907A8D-92B0-4A12-95FD-3A5EAEA93ED8}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe (Plex, Inc. -> Plex, Inc.) FirewallRules: [{4FFB93F8-98D6-45F1-A0A6-B722E625EEAA}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe (Plex, Inc. -> ) FirewallRules: [{28FA5DFA-202C-4B75-99B5-6C370DF1B9D1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [TCP Query User{5F4701F9-1D45-451F-9263-E5FBC59F92FC}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe (Synology Inc. -> ) FirewallRules: [UDP Query User{2C34CC31-EDF1-4EC8-BC81-C3BB19CF2917}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe (Synology Inc. -> ) FirewallRules: [{8374C504-754C-4211-9E9C-008F03A1757A}] => (Block) C:\program files (x86)\synology\assistant\dsassistant.exe (Synology Inc. -> ) FirewallRules: [{5F5D77F1-7A52-443A-AE3D-78ABE7822EDA}] => (Block) C:\program files (x86)\synology\assistant\dsassistant.exe (Synology Inc. -> ) ==================== Restore Points ========================= 26-12-2020 00:32:32 Windows Update 29-12-2020 12:47:18 Windows Update 31-12-2020 11:47:40 Device Driver Package Install: Synology Universal Serial Bus controllers 01-01-2021 18:32:54 Windows Update 05-01-2021 10:18:47 Windows Update ==================== Faulty Device Manager Devices ============ Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ======================== Application errors: ================== Error: (01/06/2021 03:22:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (01/06/2021 03:12:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.23537, time stamp: 0x57c44efe Faulting module name: ntshrui.dll, version: 6.1.7601.17755, time stamp: 0x4f042c6c Exception code: 0xc0000005 Fault offset: 0x00000000000266f0 Faulting process id: 0xc78 Faulting application start time: 0x01d6e466ce1faf90 Faulting application path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\ntshrui.dll Report Id: 730a727f-505b-11eb-abc8-f04da2fb7194 Error: (01/06/2021 03:01:58 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.23537, time stamp: 0x57c44efe Faulting module name: NetworkExplorer.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c89d Exception code: 0xc0000005 Fault offset: 0x00000000000766f0 Faulting process id: 0x780 Faulting application start time: 0x01d6e465816464a8 Faulting application path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\NetworkExplorer.dll Report Id: 080a8e82-505a-11eb-abc8-f04da2fb7194 Error: (01/06/2021 03:00:54 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: notepad.exe, version: 6.1.7601.18917, time stamp: 0x559ea8be Faulting module name: mssvp.dll_unloaded, version: 0.0.0.0, time stamp: 0x4dc0e0c9 Exception code: 0xc0000005 Fault offset: 0x000007fef1ae66f0 Faulting process id: 0xd70 Faulting application start time: 0x01d6e46653a09f37 Faulting application path: C:\Windows\system32\notepad.exe Faulting module path: mssvp.dll Report Id: e1f228bf-5059-11eb-abc8-f04da2fb7194 Error: (01/06/2021 02:52:31 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (01/06/2021 02:51:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.23537, time stamp: 0x57c44efe Faulting module name: mscoreei.dll, version: 4.8.4018.0, time stamp: 0x5d4a657e Exception code: 0xc0000005 Fault offset: 0x000000000000adc4 Faulting process id: 0x510 Faulting application start time: 0x01d6e46547cc5947 Faulting application path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ms coreei.dll Report Id: 96ef3c6a-5058-11eb-abc8-f04da2fb7194 Error: (01/06/2021 02:09:30 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 18189 Error: (01/06/2021 02:09:30 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 18189 System errors: ============= Error: (01/11/2021 09:45:36 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} Error: (01/11/2021 01:28:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (01/11/2021 01:28:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (01/11/2021 01:28:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (01/10/2021 07:34:30 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} Error: (01/10/2021 05:59:03 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} Error: (01/10/2021 05:57:17 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (01/10/2021 03:33:01 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.329.1933.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.17700.4 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode Windows Defender: =================================== Date: 2014-11-09 17:43:27.405 Description: Windows Defender scan has been stopped before completion. Scan ID:{400753C1-16D6-4256-804A-A82D48987A40} Scan Type:AntiSpyware Scan Parameters:Full Scan Date: 2014-11-09 10:08:00.033 Description: Windows Defender scan has been stopped before completion. Scan ID:{76775AE8-FD8D-4535-9B6C-C8BDF3A9EACF} Scan Type:AntiSpyware Scan Parameters:Quick Scan Date: 2012-08-11 21:41:01.835 Description: Windows Defender scan has been stopped before completion. Scan ID:{C0A97D8E-B54F-4615-AAC7-E7E2603BBE60} Scan Type:AntiSpyware Scan Parameters:Quick Scan Date: 2012-01-15 11:37:16.215 Description: Windows Defender has detected spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?link...threatid=13052 Name:RemoteAccess:Win32/TightVNC ID:13052 Severity:Medium Category:Remote Control Software Path Found:containerfile:C:\Users\Hans\Documents\Downlo ads\Uninstalled\crossloopsetup v2-20.exe;containerfile:C:\Users\Hans\Downloads\My Documents\Downloads\Uninstalled\crossloopsetup v2-20.exe;file:C:\Users\Hans\Documents\Downloads\Unin stalled\crossloopsetup v2-20.exe->(inno#000056);file:C:\Users\Hans\Documents\Downlo ads\Uninstalled\crossloopsetup v2-20.exe->(inno#000057);file:C:\Users\Hans\Downloads\My Documents\Downloads\Uninstalled\crossloopsetup v2-20.exe->(inno#000056);file:C:\Users\Hans\Downloads\My Documents\Downloads\Uninstalled\crossloopsetup v2-20.exe->(inno#000057) Detection Type:Concrete Detection Source:User Status:Unknown Process Name:C:\Program Files\Windows Defender\MSASCui.exe CodeIntegrity: =================================== Date: 2016-12-19 19:59:05.519 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-12-19 19:59:05.456 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-12-19 19:58:43.652 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-12-19 19:58:43.589 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-12-19 19:58:41.733 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-12-19 19:58:41.668 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-12-19 19:57:57.274 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-12-19 19:57:57.211 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== BIOS: Dell Inc. A00 04/12/2011 Motherboard: Dell Inc. 0GDG8Y Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz Percentage of memory in use: 78% Total physical RAM: 8104.63 MB Available physical RAM: 1733.03 MB Total Virtual: 16207.4 MB Available Virtual: 8764.78 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:450.91 GB) (Free:37.37 GB) NTFS Drive f: (USB20FD) (Removable) (Total:30.44 GB) (Free:15.4 GB) FAT32 Drive h: (Windows) (Network) (Total:222.33 GB) (Free:72.69 GB) NTFS \\?\Volume{b2abe718-c944-11e0-9762-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:14.81 GB) (Free:6.19 GB) NTFS ==================== MBR & Partition Table ==================== ================================================== ======== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 626C198E) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=14.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450.9 GB) - (Type=07 NTFS) ================================================== ======== Disk: 2 (MBR Code: Windows XP) (Size: 30.5 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=30.5 GB) - (Type=0C) ==================== End of Addition.txt ======================= |
Hi again Han Solo,
I see many errors in your logs. One of these errors may be the cause of your problem.Let's use windows repair software first and then look for solutions to these errors.Finally, we will do a small wipe clean.I hope everything will be fine. Follow the instructions below please. Repair these services. Please run on Safe Mode with Networking. Execute the following. Please Download Tweaking.com - Windows Repair from Here
=== Restart the computer normally. How is the computer running now? Regards |
Hello Olgun52,
I'm trying to do it now.. followed the instructions and closed all open files/programs down before installing the Windows Repair software in safe mode with networking.. but got an error splash screen when starting up the program.. The Startup Check says problems found with needed files in program folder.. It looks like 1 file is either not found or corrupted: MD4 Hash Doesn't Match: Files\regfiles\xp\WinSock2.reg (Expected MD4: 5567B7B15D4C88E5A58C01D2D7C4557F) (Returned MD4: 5CDD326B5F150FF3183E9605174708C5) It says to reinstall the program to make sure the files are correct and present.. So i reinstalled (without uninstalling the first attempted installation) and got the same result. I'm gonna uninstall the program and reboot the computer back into safe mode and try to install it again. Looked and found the file in question exists: Winsock2.reg Date Modified: 5/12/2015 2:44 AM Date Created: 5/19/2018 10:08 PM Size: 80.1KB Hans |
Hi Hans,
Let's try doing it like this. Start a type cmd. Open cmd as administrator. Copy and paste the following command (Ctrl + C and Ctrl + V) bitsadmin / reset / allusers Then copy and paste the following command. net user administrator / active: yes and Type exit and Enter. Now run windows repair software again please .. If it still fails, enter the Cmd prompt as administrator. And copy and paste the following command. sfc / scannow Enter Wait for the processes to finish. Is everything okay ? Check it out please. |
Hey
Got it to run by uninstalling the software and rebooting back to safe mode and reinstalling. Did a registry backup and see it in the drop down menu when in the restore registry part. Also created a restore point in the program but do not see it when open system restore (but do see a restore point from last week).. See message in backup section of not repairing without backup Computer is not properly backed up.. it was on my to do list.. about half is backed up to date while the other half is a mess.. thinking should work on that quick Hans |
Hi Han Solo
Step 1: Have you seen my message number 8 ?. Apply my number 8 message first. Then run step 2. Step 2: I see You have MBAM installed on the computer - that is great!! it is a very good program! However it is an old version..Uninstall that software and follow the instruction below. Please download Malwarebytes Anti-Malware from here
Have a nice day. |
Hi Olgun52
Just want to give you an update.. Ugh.. been a bad couple of days.. Needed to print a pdf file off the pc yesterday and couldnt get it to print from safe mode or the usb port on printer. Got another pc to hook up to printer and inadvertanty shut off the powerstrip. Restarted and f8 to get to safe mode and got distracted and missed to select option in time and pc ran checkdisk and booted to full windows.. which couldn't do before but.. Windows ran ok except windows explorer messages advising it stopped working and restart when changing programs in taskbar and sometimes randomly. Printed file and did some backup and today rebooted back to safe mode to finish back up and follow your instructions but windows explorer wouldnt start and got a blank screen with "safe mode" displayed in corners of screen and no taskbar but task manager would work. Rebooted again but pc got stuck booting into safe mode at screen where it shows files that its loading. Waited like half hr and did hard reset and f8 and let it run checkdisk again and booted it to safe mode but windows explorer was stopping and starting almost constantly making pc unusable. Couldnt shut down properly so had to do hard reset again and let it load to full windows and didnt get windows explorer messages anymore but programs didnt function properly.. they may open and load but become unresponsive if open at all. Windows itself looked normal but didnt respond when trying to do windows stuff.. basically it didn't work but was able to eventually shut it down properly. I'm sorry that I made things worse by trying to back stuff up before doing your steps.. thought it was prudent given the message to do so in tweaking windows repair.. half of the pc was backed up good, the other half was a mess.. should have just done the steps. On plus side have three dell windows 7 system recovery disks as well as a windows 7 repair disk that I made when got pc.. maybe those can help.. Hans PS Did the reboot thing to install tweaking windows repair without error before you posted message #8 |
spoke too soon.. been logging off for over an hr and a half
|
hey,
pc was still logging off a couple hrs later so did another hard reset and booted back into safe mode and it seems to be running ok now.. not doing the windows explorer stopping and starting thing anymore.. etc.. should i finish backing up first (may take a bit to sort through the remaining mess) or do you want me to skip that and do the steps outlined starting with first part of message #8 even though got the tweaking windows repair to startup properly? |
Hi Hans,
Quote:
After that, it would be more appropriate to do as follows. We can repair it with your dell windows 7 system recovery discs. Let's do it like this; Windows 7 System Repair Disc Run: You can now boot from this disc to access System Recovery Options, the set of system recovery tools available for the Windows 7 operating system. As with a Windows 7 installation disc, you'll need to watch for a for a Press any key to boot from CD or DVD message on screen, right after your computer turns on or restarts with the System Repair Disc inserted. --------------------- How to Boot From a CD, DVD 1- Change the boot order in BIOS so the CD, DVD, or BD drive is listed first. Some computers are already configured this way but many are not. If the optical drive is not first in the boot order, your PC will start "normally" (i.e., it'll boot from your hard drive) without even looking at what might be in your disc drive. Please set it to start from dell windows 7 system recovery disc. After setting your optical drive as the first boot device in BIOS, your computer will check that drive for a bootable disc each time your computer starts. Leaving your PC configured this way shouldn't cause problems unless you plan on leaving a disc in the drive all the time. 2-Have all your programs closed.Insert the CD, DVD, or BD into your disc drive. 3-Restart your computer—either properly from within Windows or via your reset or power button if you're still in the BIOS menu. 4-Watch for a Press any key to boot from CD or DVD... message. When booting from a Windows setup disc, and occasionally other bootable discs as well, you may be prompted with a message to press a key to boot from the disc. For the disc boot to be successful, you'll need to do this during the few seconds that the message is on the screen. If you do nothing, your computer will check for boot information on the next boot device in the list in BIOS , which will probably be your hard drive. Most bootable discs don't prompt for a keypress and will start immediately. 5-Your computer should now boot from the CD, DVD, or BD disc and the software stored on it will begin. 6-Now watch the process carefully. Make a repair. If everything goes well after restarting the system, send clear Farbar logs. Have a nice weekend. |
Good morning Olgun,
Ok, so booted to the single windows 7 repair disk and selected the "startup repair" option. It completed pretty fast.. and all of the tests were successful.. looked at the diagnosis and repair details and wrote some of it down: Number of root causes = 1 Root cause found = system volume on disk corrupt Repair action: file system repair - chkdsk Result: completed successfully clicked finished and system rebooted and it ran chkdsk.. it did a bunch more than when chkdsk ran yesterday like deleting a bunch of index entries and other stuff.. Here's the farbar logs: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-01-2021 Ran by Hans (administrator) on PC (Dell Inc. Inspiron 620) (16-01-2021 09:46:20) Running from C:\Users\Hans\Desktop Loaded Profiles: Hans Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (Dell Inc -> ) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe (Dell Inc -> SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (Dell Inc -> SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (Dell Inc -> SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimeLineAgent.exe (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimelineService.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <21> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.e xe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64 .exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe (Open Source Developer, Phillip Gibbons -> Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe (Plex, Inc. -> ) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe (Plex, Inc. -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc. -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe (Plex, Inc. -> Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe <3> (ProtonVPN AG -> ) C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe (ProtonVPN AG -> ) C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe (ProtonVPN AG -> ) C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe (ProtonVPN AG -> The OpenVPN Project) C:\Program Files (x86)\Proton Technologies\ProtonVPN\Resources\64-bit\openvpn.exe (Secunia -> Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia -> Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia -> Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Sonic Solutions -> ) C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe (Sonic Solutions -> ) C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe (Symantec Corporation -> Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Synology Inc. -> ) C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe (TeamViewer -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-29] (Unlimited Realities -> ) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-25] (Canon Inc. -> CANON INC.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc. -> Apple Inc.) HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc) HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1519312 2017-06-25] (Open Source Developer, Phillip Gibbons -> Highresolution Enterprises) HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions -> Sonic Solutions) HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-04-29] () [File not signed] HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1213848 2010-09-14] (Canon Inc. -> CANON INC.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-11-17] (Apple Inc. -> Apple Inc.) HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft, Inc. -> ArcSoft Inc.) HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Symantec Corporation -> Dell, Inc.) HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] (Sonic Solutions -> ) HKLM-x32\...\Run: [SilentCleanService] => C:\Program Files (x86)\iMobie\AnyTrans\${CHECK_RUNSERVICE_NAME} HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-11-17] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [24283120 2020-01-23] (Plex, Inc. -> Plex, Inc.) HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\Run: [ProtonVPN] => C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe [7452480 2020-10-06] (ProtonVPN AG -> ) HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_ 0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe) HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [24283120 2020-01-23] (Plex, Inc. -> Plex, Inc.) HKLM\...\Windows x64\Print Processors\Canon MX880 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAN.DLL [30208 2012-03-14] (CANON INC.) [File not signed] HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX880 series: C:\Windows\system32\CNCALAN.DLL [302080 2010-11-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJ Language Monitor MX880 series: C:\Windows\system32\CNMLMAN.DLL [385024 2012-03-14] (CANON INC.) [File not signed] HKLM\...\Print\Monitors\Canon BJNP Port: C:\Windows\system32\CNMN6PPM.DLL [328192 2010-09-08] (CANON INC.) [File not signed] HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Inst aller\chrmstp.exe [2021-01-14] (Google LLC -> Google LLC) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Insta ller\chrmstp.exe" --configure-user-settings --verbose-logging --system-level HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2020-05-03] (Adobe Inc. -> Adobe Systems, Inc.) HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk [2012-04-01] ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company) [File not signed] Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2012-09-02] ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia -> Secunia) GroupPolicy: Restriction - Chrome <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0110782D-8874-4428-9253-0FC0001794D1} - System32\Tasks\NWC => C:\Program Files (x86)\ASCOMP Software\Synchredible\nwc.exe [332288 2014-09-30] () [File not signed] Task: {0D0524A3-E68F-41E8-B8A2-324632A5A01A} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} Task: {49A214E5-828F-47E3-9685-505850C22A4B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [3545880 2013-04-23] (Piriform Ltd -> Piriform Ltd) Task: {4F723766-9267-4A0F-9E80-D4E473128B8D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1491664 2013-05-13] (Microsoft Corporation -> Microsoft Corporation) Task: {55C3090F-E86F-4E6C-A6B8-5D233BA03727} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {6E62607A-A35F-40C0-8F80-E2C36B212A02} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyb oardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2179792 2013-05-13] (Microsoft Corporation -> Microsoft) Task: {6E8648CE-0E52-48D2-851F-17A79C334E78} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe Task: {776D0E2E-4453-445C-9DAF-D36387F055DC} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe Task: {77CCD346-000C-4879-AD86-4593016FA8D7} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2108624 2013-05-13] (Microsoft Corporation -> Microsoft Corporation) Task: {7AC189AF-7198-46AE-AAC5-C9E80539CC24} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-12-19] (Google Inc -> Google Inc.) Task: {8104CE8F-1675-47ED-85F8-1C7A7ABC903C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1491664 2013-05-13] (Microsoft Corporation -> Microsoft Corporation) Task: {8331C3DD-5990-4F43-8B2C-2CB9B6765CA2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.) Task: {A1041D8C-12FA-417A-AAA6-6AC8DE9AEE4E} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) Task: {A2080677-F342-4763-97C0-B18542DEE646} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_ 0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe) Task: {B7B8E81D-307B-4C1F-9CF8-633D619CFA41} - System32\Tasks\{F4F46FA1-7FD6-4681-A330-8AD497C43C02} => C:\Windows\system32\pcalua.exe -a "C:\Users\Hans\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\5XOIFA2S\WBSP_IE_Setup.exe" -d C:\Users\Hans\Desktop Task: {BEBA5329-B275-46AA-9B33-842800D3B30A} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_ exe => rundll32.exe url.dll,OpenURL http://go.microsoft.com/fwlink/?LinkID=230628 Task: {D788AB35-C928-481C-AE04-49F6A2E2CD42} - System32\Tasks\{FCEF3078-6348-4EF2-A133-EA5922813B83} => C:\Windows\system32\pcalua.exe -a C:\Users\Hans\Downloads\WBSP_IE_Setup.exe -d C:\Users\Hans\Desktop Task: {DA526EE1-9119-49D3-A2EB-D46AC198046E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe) Task: {DDD9C578-3B5F-4035-99FD-B3C48CC2126D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-12-19] (Google Inc -> Google Inc.) Task: {E4F6B829-35D7-4354-9AA1-B10A7AC332F3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [569416 2016-02-23] (Apple Inc. -> Apple Inc.) Task: {EC0AC83F-1CB1-4464-A104-888B1807169E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_ex e => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2108624 2013-05-13] (Microsoft Corporation -> Microsoft Corporation) Task: {EEE16815-66A5-4908-BAEB-30D61334AE14} - System32\Tasks\{E22B9F1E-B872-4306-8F1C-2D709707F048} => C:\Windows\system32\pcalua.exe -a "C:\Users\Hans\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\MQ3KEK3B\PCHCInstallerPackage.ex e" -d C:\Users\Hans\Desktop Task: {EEEAA326-2308-475C-99AF-BABE00811BD0} - System32\Tasks\{1D7851FC-923C-4BF0-9EF7-98C14DFD5E08} => C:\Windows\system32\pcalua.exe -a "C:\Users\Hans\Downloads\Shockwave_Installer_S lim 11.6.1.629.exe" -d C:\Users\Hans\Downloads Task: {F15BA0EF-5B72-42B2-B343-928E8E85294F} - System32\Tasks\ProtonVPN Update => C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-10-06] (ProtonVPN AG -> ) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.) Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.) Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.) Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.) Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.) Winsock: Catalog5-x64 09 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 10.18.0.1 Tcpip\..\Interfaces\{66647859-4A98-410D-A6EA-64B8B46ABB45}: [NameServer] 209.18.47.61,209.18.47.62 Tcpip\..\Interfaces\{7E5C2F57-B30D-4B48-80C9-D5628F55B906}: [DhcpNameServer] 10.18.0.1 HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.0.1,-1] FireFox: ======== FF ProfilePath: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Prof iles\mwg4kyqa.default [2020-04-12] FF Extension: (HydraReader Class) - C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Prof iles\mwg4kyqa.default\Extensions\{37D4A353-C49B-8A56-4230-FE2A6C825946} [2014-11-06] [Legacy] [not signed] FF Extension: (WOT) - C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Prof iles\mwg4kyqa.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-11-02] [Legacy] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_ 465.dll [2020-12-08] (Adobe Inc. -> ) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_ 465.dll [2020-12-08] (Adobe Inc. -> ) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2013-06-26] (Adobe Systems, Inc.) [File not signed] FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.) [File not signed] FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google Inc. -> Google, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN -> VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp .dll [No File] FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default [2021-01-16] CHR DownloadDir: N:\ CHR StartupUrls: Default -> "hxxps://www.google.com/?gws_rd=ssl" CHR DefaultSearchURL: Default -> hxxps://vortex.accuweather.com/adc2010/images/favicons/awx-2013-master.ico CHR Extension: (Slides) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2017-10-17] CHR Extension: (Sparta: War of Empires) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcokacflmihcgkgjofglkhobj kheeic [2016-01-16] CHR Extension: (Docs) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2017-10-17] CHR Extension: (Google Drive) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2020-10-30] CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpb ikblnp [2021-01-12] CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkop ceiche [2021-01-12] CHR Extension: (YouTube) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2015-12-19] CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddi lifddb [2020-12-24] CHR Extension: (OneTab) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkd nihall [2020-09-21] CHR Extension: (uBlock Origin) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjb keiagm [2021-01-12] CHR Extension: (Google Search) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2015-12-19] CHR Extension: (Tab Restore) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbndgjfafojhfndfgpcibceghe lbbnep [2018-02-04] CHR Extension: (Session Buddy) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbc dcpbko [2020-05-13] CHR Extension: (Recent History) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbmkfdfomhhlonpbnpiibloace mdhjjm [2019-12-23] CHR Extension: (Sheets) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2017-10-17] CHR Extension: (History Button) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofpnhmbgmmeaialapfddhbhfo ngoinh [2018-02-04] CHR Extension: (2nd Toolbar Spacer) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplioachhfdbehddoehahffjbc feinid [2018-02-04] CHR Extension: (Fair Ads) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagfkmknmijppikpcikmbbkdkh ggcmge [2017-05-29] CHR Extension: (Google Docs Offline) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2020-11-27] CHR Extension: (AdBlock — best ad blocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbi glidom [2021-01-15] CHR Extension: (VPN Free - Betternet Unlimited VPN Proxy) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpo ekiipm [2020-10-18] CHR Extension: (Hola Free VPN Proxy Unblocker - Best VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfb nlmeio [2021-01-12] CHR Extension: (Toolbar Spacer) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\golladjmjodbefcoombodcdhim kmgemd [2018-02-04] CHR Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcna nddlhb [2021-01-06] CHR Extension: (Open in VLC™ media player) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihpiinojhnfhpdmmacgmpoonph himkaj [2021-01-01] CHR Extension: (Recently Closed) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\khiocfdofmabcpofejbffpboco abcjib [2020-07-24] CHR Extension: (Zoom for Google Chrome) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojik agldgd [2020-08-13] CHR Extension: (Fair AdBlocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdh pknnjh [2020-10-18] CHR Extension: (Extensions) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjcdccmhfohhffdhmleihkcge fgnghb [2020-05-13] CHR Extension: (Oriental, NC Interactive Weather Rada...) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbkkhmpidoemedicppkhfklljp pccaan [2018-01-29] CHR Extension: (Free VPN Proxy Unlimited VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mojliakllambnopeaalgddbiip ohdgol [2020-12-16] CHR Extension: (Hotspot Shield Free VPN Proxy - Unlimited VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloa ajcffj [2020-10-18] CHR Extension: (Chrome Web Store Payments) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2019-10-14] CHR Extension: (Weather Forecast) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofobaelkgcpicbdoabokjlnmdc bjellg [2020-06-13] CHR Extension: (Bookmarks) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogpfecfneobbmjefimpeomoelo ahjmcm [2019-10-31] CHR Extension: (AdBlocker Ultimate) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohahllgiabjaoigichmmfljhkc fikeof [2020-12-09] CHR Extension: (TunnelBear VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookp fjihpa [2021-01-06] CHR Extension: (Browsec VPN - Free VPN for Chrome) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdo dcjboh [2021-01-06] CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofgbpoabipfcfjapgnbbjjaen ockbdp [2020-10-18] CHR Extension: (uBlock Plus Adblocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofnbdifeelbaidfgpikinijek kjcicg [2018-02-06] CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjp fogcam [2020-12-25] CHR Extension: (VLC Video Downloader) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pggkpkppiimfmjhlnkdhaleiom ejgedd [2018-12-21] CHR Extension: (Gmail) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2020-10-30] CHR Extension: (Chrome Media Router) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2020-12-14] CHR Profile: C:\Users\Hans\AppData\Local\Google\Chrome\User Data\System Profile [2019-05-24] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft, Inc. -> ArcSoft Inc.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.) S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc. -> Apple Inc.) R2 GenieTimelineService; C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimelineService.exe [671744 2016-12-18] (Genie9) [File not signed] R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) R2 NOBU; C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2823000 2010-08-25] (Symantec Corporation -> Dell, Inc.) R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [2136056 2020-01-23] (Plex, Inc. -> Plex, Inc.) R3 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [99136 2020-10-06] (ProtonVPN AG -> ) R3 ProtonVPN Update Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-10-06] (ProtonVPN AG -> ) R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1326176 2012-07-25] (Secunia -> Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [681056 2012-07-25] (Secunia -> Secunia) R2 SftService; C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [1695040 2012-02-16] (Dell Inc -> SoftThinks SAS) R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [253912 2019-10-30] (Synology Inc. -> ) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation) R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292480 2012-07-17] (Microsoft Corporation -> Microsoft Corp.) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL) R3 busenum; C:\Windows\System32\DRIVERS\busenum.sys [55776 2012-08-03] (Synology Inc. -> Windows (R) Win 7 DDK provider) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation) R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation) S3 ProtonVPNSplitTunnel; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win7\ProtonVPN.SplitTun nelDriver.sys [22456 2020-08-19] (ProtonVPN AG -> Proton Technologies AG) R3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [39864 2020-08-19] (ProtonVPN AG -> The OpenVPN Project) R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> ) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2016-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [23200 2015-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies) S3 MpKsl323b3910; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BFC668F6-368B-4AB5-8795-4CA4B6CACD86}\MpKslDrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-01-16 09:46 - 2021-01-16 09:47 - 000033066 _____ C:\Users\Hans\Desktop\FRST.txt 2021-01-16 09:45 - 2021-01-16 09:45 - 000000000 ____D C:\Users\Hans\Desktop\FRST-OlderVersion 2021-01-15 16:15 - 2021-01-15 16:15 - 000006544 ____N C:\bootsqm.dat 2021-01-14 16:23 - 2021-01-14 16:23 - 000270880 _____ C:\Windows\Minidump\011421-28126-01.dmp 2021-01-13 10:15 - 2021-01-13 10:15 - 000269888 _____ C:\Windows\Minidump\011321-27846-01.dmp 2021-01-12 18:22 - 2021-01-16 09:45 - 000002836 _____ C:\Users\Hans\Desktop\BSOD post1.txt 2021-01-12 17:38 - 2021-01-12 17:38 - 000000207 _____ C:\Windows\tweaking.com-regbackup-PC-Windows-7-Home-Premium-(64-bit).dat 2021-01-12 17:38 - 2021-01-12 17:38 - 000000000 ____D C:\RegBackup 2021-01-12 17:31 - 2021-01-12 17:31 - 000002165 _____ C:\Users\Hans\Desktop\Tweaking.com - Windows Repair.lnk 2021-01-12 17:31 - 2021-01-12 17:31 - 000000574 _____ C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job 2021-01-12 17:31 - 2021-01-12 17:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com 2021-01-12 17:31 - 2021-01-12 17:31 - 000000000 ____D C:\Program Files (x86)\Tweaking.com 2021-01-12 17:10 - 2021-01-12 17:10 - 000278504 _____ C:\Windows\Minidump\011221-25646-01.dmp 2021-01-12 16:10 - 2021-01-12 16:10 - 000000266 _____ C:\Users\Hans\Downloads\BSOD post.txt 2021-01-12 15:51 - 2021-01-12 17:32 - 001070107 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt 2021-01-12 15:50 - 2021-01-12 15:50 - 040931680 _____ (Tweaking.com) C:\Users\Hans\Desktop\tweaking.com_windows_repair_ aio_setup.exe 2021-01-11 09:47 - 2021-01-11 09:51 - 000066931 _____ C:\Users\Hans\Desktop\Addition1.txt 2021-01-11 09:46 - 2021-01-11 09:51 - 000032519 _____ C:\Users\Hans\Desktop\FRST1.txt 2021-01-10 18:07 - 2021-01-16 09:45 - 002294784 _____ (Farbar) C:\Users\Hans\Desktop\FRST64.exe 2021-01-06 15:20 - 2021-01-06 15:20 - 000278504 _____ C:\Windows\Minidump\010621-23337-01.dmp 2021-01-06 14:50 - 2021-01-16 08:56 - 000457438 _____ C:\Windows\ntbtlog.txt 2021-01-06 14:50 - 2021-01-06 14:50 - 000278504 _____ C:\Windows\Minidump\010621-24133-01.dmp 2021-01-06 14:49 - 2021-01-06 14:49 - 000278504 _____ C:\Windows\Minidump\010621-19125-01.dmp 2021-01-06 14:47 - 2021-01-06 14:47 - 000278560 _____ C:\Windows\Minidump\010621-23306-01.dmp 2020-12-31 12:49 - 2020-12-31 12:49 - 000001194 _____ C:\Users\Public\Desktop\Synology Assistant.lnk 2020-12-31 12:49 - 2020-12-31 12:49 - 000001194 _____ C:\ProgramData\Desktop\Synology Assistant.lnk 2020-12-31 12:49 - 2020-12-31 12:49 - 000000000 ____D C:\ProgramData\Synology 2020-12-31 12:49 - 2020-12-31 12:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology 2020-12-31 11:46 - 2020-12-31 12:49 - 000000000 ____D C:\Program Files (x86)\Synology ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-01-16 09:47 - 2014-11-20 18:54 - 000000000 ____D C:\FRST 2021-01-16 08:54 - 2009-07-13 23:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2021-01-16 08:54 - 2009-07-13 23:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2021-01-16 08:48 - 2009-07-14 00:13 - 000783424 _____ C:\Windows\system32\PerfStringBackup.INI 2021-01-16 08:48 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf 2021-01-16 08:44 - 2019-08-17 18:01 - 000000000 ____D C:\Users\Hans\AppData\Local\Plex Media Server 2021-01-16 08:43 - 2012-09-12 15:47 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2021-01-16 08:43 - 2011-08-17 20:36 - 000000000 ____D C:\Users\Default\AppData\Local\SoftThinks 2021-01-16 08:43 - 2011-08-17 20:36 - 000000000 ____D C:\Users\Default User\AppData\Local\SoftThinks 2021-01-16 08:41 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2021-01-16 00:29 - 2020-10-25 13:15 - 000000000 ____D C:\Users\Hans\Desktop\stuff 2021-01-16 00:28 - 2015-01-07 18:26 - 000000000 ____D C:\Users\Hans\Documents\New Stuff 2021-01-14 16:35 - 2015-12-19 20:01 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-01-14 16:35 - 2015-12-19 20:01 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2021-01-14 16:35 - 2015-12-19 20:01 - 000002185 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2021-01-14 16:23 - 2020-09-21 19:04 - 204272159 _____ C:\Windows\MEMORY.DMP 2021-01-14 16:23 - 2015-11-05 09:22 - 000000000 ____D C:\Windows\Minidump 2021-01-12 22:35 - 2019-04-06 21:32 - 000000000 ____D C:\Users\Hans\AppData\Roaming\Resilio Sync 2021-01-11 11:01 - 2018-02-03 21:46 - 000000000 ____D C:\Users\Hans\AppData\Roaming\vlc 2021-01-06 15:05 - 2011-12-26 14:34 - 000000000 ____D C:\Users\Hans\AppData\Local\ElevatedDiagnostics 2021-01-02 18:58 - 2014-11-07 01:30 - 000000000 ____D C:\Users\Hans\Downloads\New Downloads 2020-12-24 17:44 - 2011-12-26 15:18 - 000000000 ____D C:\Users\Hans\AppData\Roaming\SoftGrid Client 2020-12-19 15:24 - 2011-12-26 10:20 - 000075248 _____ C:\Users\Hans\AppData\Local\GDIPFONTCACHEV1.DAT ==================== Files in the root of some directories ======== 2014-11-12 17:42 - 2014-11-12 17:42 - 000000272 _____ () C:\Users\Hans\AppData\Roaming\DECRYPT_INSTRUCTION. URL 2014-11-12 17:41 - 2014-11-12 17:41 - 000000272 _____ () C:\Users\Hans\AppData\Roaming\Microsoft\DECRYPT_IN STRUCTION.URL 2012-12-13 07:48 - 2019-12-15 17:14 - 000164864 _____ () C:\Users\Hans\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-11-12 17:39 - 2014-11-12 17:39 - 000000272 _____ () C:\Users\Hans\AppData\Local\DECRYPT_INSTRUCTION.UR L 2012-04-01 19:23 - 2012-04-01 19:23 - 000000022 _____ () C:\Users\Hans\AppData\Local\kodakpcd.ini 2012-01-09 11:17 - 2020-06-09 19:57 - 000007613 _____ () C:\Users\Hans\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) LastRegBack: 2021-01-14 19:05 ==================== End of FRST.txt ======================== |
second file part 1:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-01-2021 Ran by Hans (16-01-2021 09:49:22) Running from C:\Users\Hans\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2011-12-26 15:20:30) Boot Mode: Normal ================================================== ======== ==================== Accounts: ============================= Administrator (S-1-5-21-4200521874-2590480824-2585516950-500 - Administrator - Disabled) Guest (S-1-5-21-4200521874-2590480824-2585516950-501 - Limited - Enabled) Hans (S-1-5-21-4200521874-2590480824-2585516950-1000 - Administrator - Enabled) => C:\Users\Hans HomeGroupUser$ (S-1-5-21-4200521874-2590480824-2585516950-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189} AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated) Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.465 - Adobe) Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe) Adobe Shockwave Player 12.0 (HKLM-x32\...\{0099B484-C24C-4D5F-8167-B0F6DF196E72}) (Version: 12.0.3.133 - Adobe Systems, Inc) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.) AnyTrans (HKLM-x32\...\AnyTrans) (Version: 5.4.0.0 - iMobie Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version: - ArcSoft) ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version: - ArcSoft) ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version: - ArcSoft) ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version: - ArcSoft) ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version: - ArcSoft) ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version: - ArcSoft) ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version: - ArcSoft) ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft) Awesomium.NET Redistribution Module (HKLM-x32\...\{C34CAF35-6198-4EEB-970F-C61FC51D23BD}) (Version: 1.7.4.2 - ©2014 Awesomium Technologies LLC) Hidden Bejeweled 2 Deluxe (HKLM-x32\...\WT089409) (Version: 2.2.0.95 - WildTangent) Hidden Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.) Bing Rewards Client Installer (HKLM-x32\...\{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}) (Version: 16.0.345.0 - Microsoft Corporation) Hidden Blackhawk Striker 2 (HKLM-x32\...\WT089410) (Version: 2.2.0.95 - WildTangent) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Bounce Symphony (HKLM-x32\...\WT089443) (Version: 2.2.0.95 - WildTangent) Hidden Build-a-lot 2 (HKLM-x32\...\WT089411) (Version: 2.2.0.95 - WildTangent) Hidden Cake Mania (HKLM-x32\...\WT089412) (Version: 2.2.0.95 - WildTangent) Hidden Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - ) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - ) Canon MP Navigator EX 4.1 (HKLM-x32\...\MP Navigator EX 4.1) (Version: - ) Canon MX880 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series) (Version: - ) Canon MX880 series User Registration (HKLM-x32\...\Canon MX880 series User Registration) (Version: - ) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - ) Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - ) Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform) CCScore (HKLM-x32\...\{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden Chuzzle Deluxe (HKLM-x32\...\WT089413) (Version: 2.2.0.95 - WildTangent) Hidden Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.4.0 - Conexant) Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.) Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.) Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.) Dell Marketplace Webslice IE8 (HKLM-x32\...\{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}) (Version: 8.0 - Nextjump Inc) Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps) Dell PhotoStage (HKLM-x32\...\{0D98F04D-11A1-4B64-A406-43292B9EEE90}) (Version: 1.5.0.130 - ArcSoft) Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft) Dell Stage (HKLM-x32\...\{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}) (Version: 1.5.201.0 - Fingertapps) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.52 - Dell) Dell System Detect (HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\58d94f3ce2c27db0) (Version: 6.12.0.1 - Dell) Dell VideoStage (HKLM-x32\...\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1719 - CyberLink Corp.) Hidden Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1719 - CyberLink Corp.) Diner Dash 2 Restaurant Rescue (HKLM-x32\...\WT089414) (Version: 2.2.0.95 - WildTangent) Hidden DirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) Hidden Dora's World Adventure (HKLM-x32\...\WT089415) (Version: 2.2.0.95 - WildTangent) Hidden Escape Whisper Valley (TM) (HKLM-x32\...\WT089434) (Version: 2.2.0.95 - WildTangent) Hidden ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) ESSBrwr (HKLM-x32\...\{643EAE81-920C-4931-9F0B-4B343B225CA6}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden ESSCDBK (HKLM-x32\...\{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}) (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden ESScore (HKLM-x32\...\{42938595-0D83-404D-9F73-F8177FDD531A}) (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden ESSgui (HKLM-x32\...\{91517631-A9F3-4B7C-B482-43E0068FD55A}) (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden ESSini (HKLM-x32\...\{8E92D746-CD9F-4B90-9668-42B74C14F765}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden ESSPCD (HKLM-x32\...\{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden ESSPDock (HKLM-x32\...\{FCDB1C92-03C6-4C76-8625-371224256091}) (Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden ESSTOOLS (HKLM-x32\...\{8A502E38-29C9-49FA-BCFA-D727CA062589}) (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden essvatgt (HKLM-x32\...\{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}) (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden Farm Frenzy (HKLM-x32\...\WT089450) (Version: 2.2.0.95 - WildTangent) Hidden FATE (HKLM-x32\...\WT089418) (Version: 2.2.0.95 - WildTangent) Hidden FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - ) Final Drive Fury (HKLM-x32\...\WT089499) (Version: 2.2.0.95 - WildTangent) Hidden Final Drive Nitro (HKLM-x32\...\WT089444) (Version: 2.2.0.95 - WildTangent) Hidden FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version: - Marek Jasinski) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - ) Hewlett-Packard ACLM.NET v1.1.0.0 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard) Hidden iCloud (HKLM\...\{4BB313CE-D3D1-424C-8823-15CF85B00B05}) (Version: 6.1.0.30 - Apple Inc.) iExplorer (HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\262f11f6ff148a12) (Version: 4.0.4.0 - Macroplant LLC) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation) Internet Explorer (HKLM-x32\...\{AA31EA7B-7917-4000-949B-38E91F848A25}) (Version: 8 - Microsoft Corporation) Hidden IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan) iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.) Jewel Quest (HKLM-x32\...\WT089420) (Version: 2.2.0.95 - WildTangent) Hidden Jewel Quest Solitaire 2 (HKLM-x32\...\WT089422) (Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (HKLM-x32\...\{400C31E4-796F-4E86-8FDC-C3C4FACC6847}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden K-Lite Codec Pack 9.6.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.6.0 - ) Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company) Luxor (HKLM-x32\...\WT089507) (Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation) Microsoft Baseline Security Analyzer 2.2 (HKLM\...\{08C3441C-4FAF-48D3-A551-70DD6031734F}) (Version: 2.2.2170 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation) Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla) Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MyHarmony (HKLM-x32\...\{2AD8F8A1-ECE5-4890-BCC2-B4396370A0D4}) (Version: 1.0.302 - Logitech) Namco All-Stars PAC-MAN (HKLM-x32\...\WT089440) (Version: 2.2.0.95 - WildTangent) Hidden netbrdg (HKLM-x32\...\{4537EA4B-F603-4181-89FB-2953FC695AB1}) (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden OfotoXMI (HKLM-x32\...\{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}) (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden Penguins! (HKLM-x32\...\WT089445) (Version: 2.2.0.95 - WildTangent) Hidden PhotoShowExpress (HKLM-x32\...\{3250260C-7A95-4632-893B-89657EB5545B}) (Version: 2.0.063 - Sonic Solutions) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Plants vs. Zombies - Game of the Year (HKLM-x32\...\WT089452) (Version: 2.2.0.95 - WildTangent) Hidden PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Plex Media Server (HKLM-x32\...\{13A1DA5E-AFBD-491D-95FD-70EFD98A5377}) (Version: 1.18.2309 - Plex, Inc.) Hidden Plex Media Server (HKLM-x32\...\{9b222a9c-d2a0-4c06-b687-014fb06a4313}) (Version: 1.18.5.2309 - Plex, Inc.) Poker Superstars III (HKLM-x32\...\WT089426) (Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (HKLM-x32\...\WT089508) (Version: 2.2.0.95 - WildTangent) Hidden Polar Golfer (HKLM-x32\...\WT089433) (Version: 2.2.0.95 - WildTangent) Hidden ProtonVPN (HKLM-x32\...\{074CACAD-CAB4-42A5-9C13-D1245FA9D6D6}) (Version: 1.17.4 - Proton Technologies AG) Hidden ProtonVPN (HKLM-x32\...\ProtonVPN 1.17.4) (Version: 1.17.4 - Proton Technologies AG) ProtonVPNTap (HKLM-x32\...\{BCB82CD9-F514-4F93-A6D9-F898494DC927}) (Version: 1.1.0 - Proton Technologies AG) Q-Dir (HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\Q-Dir) (Version: - ) QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden ReadySHARE Vault (HKLM-x32\...\ReadySHARE Vault) (Version: 7.0 - Genie9) Resilio Sync (HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\Resilio Sync) (Version: 2.6.3 - Resilio, Inc.) Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio) Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.2 - Roxio) Hidden Samantha Swift (HKLM-x32\...\WT089503) (Version: 2.2.0.95 - WildTangent) Hidden Secunia PSI (3.0.0.3001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.3001 - Secunia) SFR (HKLM-x32\...\{DB02F716-6275-42E9-B8D2-83BA2BF5100B}) (Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden SHASTA (HKLM-x32\...\{605A4E39-613C-4A12-B56F-DEFBE6757237}) (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden skin0001 (HKLM-x32\...\{5316DFC9-CE99-4458-9AB3-E8726EDE0210}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden SKINXSDK (HKLM-x32\...\{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Smart View (HKLM-x32\...\{1800D8A5-F7B2-4C20-868E-1CF55CBBDF21}) (Version: 1.0.0.0 - Samsung ) Sonic CinePlayer Decoder Pack (HKLM-x32\...\{9A00EC4E-27E1-42C4-98DD-662F32AC8870}) (Version: 4.3.0 - Sonic Solutions) Hidden Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform) SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC) staticcr (HKLM-x32\...\{8943CE61-53BD-475E-90E1-A580869E98A2}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden Stopping Plex (HKLM-x32\...\{72D77FDA-EFAC-4DA5-A67C-1A74319DCB6D}) (Version: 1.18.2309 - Plex, Inc.) Hidden swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 8.5.26.0 - 2BrightSparks) Synchredible (HKLM-x32\...\Synchredible_is1) (Version: 5.1.0.1 - ASCOMP Software GmbH) Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: 6.2-24922 - Synology) System Requirements Lab for Intel (HKLM-x32\...\{C71067FC-288F-4E0B-88C6-44DFDA8311E2}) (Version: 4.5.9.0 - Husdawg, LLC) TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.14484 - TeamViewer) Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.10.3 - Tweaking.com) Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WT089430) (Version: 2.2.0.95 - WildTangent) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN) VPRINTOL (HKLM-x32\...\{999D43F4-9709-4887-9B1A-83EBB15A8370}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden WatchSeries version 1.0 (HKLM-x32\...\{55F6C93F-F7A3-4B4F-898C-5D9DE013BA0E}_is1) (Version: 1.0 - WatchSeries) WebSlingPlayer ActiveX (HKLM-x32\...\{D91CBC0D-D45B-4FE7-AF44-E2BDD302CD9F}) (Version: 1.5.7158 - Sling Media) Wedding Dash - Ready, Aim, Love! (HKLM-x32\...\WT089446) (Version: 2.2.0.95 - WildTangent) Hidden WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.2.5 - WildTangent) WildTangent Games App (Dell Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell) (Version: 4.1.1.30 - WildTangent) Hidden WildTangent ShortcutProvider (HKLM-x32\...\{80831F60-19D7-43B3-A60C-5CAF8C478DF6}) (Version: 4.5.0.160 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) WIRELESS (HKLM-x32\...\{F9593CFB-D836-49BC-BFF1-0E669A411D9F}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden WOT for Internet Explorer (HKLM\...\{DCAEC601-735C-41AE-B84F-D792F09FB7D1}) (Version: 12.8.2.0 - WOT Services Oy) X-Mouse Button Control 2.16.1 (HKLM-x32\...\X-Mouse Button Control) (Version: 2.16.1 - Highresolution Enterprises) XYplorerFree 17.40 (HKLM-x32\...\XYplorerFree) (Version: 17.40 - Donald Lessau, Cologne Code Company) Zuma Deluxe (HKLM-x32\...\WT089448) (Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Hans\AppData\Local\Microsoft\SkyDrive\17. 0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Hans\AppData\Local\Microsoft\SkyDrive\17. 0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Hans\AppData\Local\Microsoft\SkyDrive\17. 0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Hans\AppData\Local\Microsoft\SkyDrive\17. 0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Hans\AppData\Local\Microsoft\SkyDrive\17. 0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation -> Microsoft Corporation) SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll (Microsoft Windows -> Microsoft Corporation) SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWow64\webcheck.dll (Microsoft Windows -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ !Resilio Sync 2.6.3Done] -> {581FFA04-FC33-0003-0602-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_53C.dll [2019-04-06] () [File not signed] ShellIconOverlayIdentifiers: [ !Resilio Sync 2.6.3RO] -> {581FFA03-FC33-0003-0602-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_53C.dll [2019-04-06] () [File not signed] ShellIconOverlayIdentifiers: [ !Resilio Sync 2.6.3RW] -> {581FFA02-FC33-0003-0602-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_53C.dll [2019-04-06] () [File not signed] ShellIconOverlayIdentifiers: [0GenieTimeLine-BackedUp] -> {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed] ShellIconOverlayIdentifiers: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed] ShellIconOverlayIdentifiers: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed] ShellIconOverlayIdentifiers: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed] ShellIconOverlayIdentifiers: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed] ShellIconOverlayIdentifiers-x32: [ !Resilio Sync 2.6.3Done] -> {581FFA04-FC33-0003-0602-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_53C.dll [2019-04-06] () [File not signed] ShellIconOverlayIdentifiers-x32: [ !Resilio Sync 2.6.3RO] -> {581FFA03-FC33-0003-0602-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_53C.dll [2019-04-06] () [File not signed] ShellIconOverlayIdentifiers-x32: [ !Resilio Sync 2.6.3RW] -> {581FFA02-FC33-0003-0602-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_53C.dll [2019-04-06] () [File not signed] ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-BackedUp] -> {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed] ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed] ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed] ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed] ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed] ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2016-11-17] (Apple Inc. -> Apple Inc.) ContextMenuHandlers1: [Roxio Burn] -> {E8CB9D53-A47A-42B5-9F5B-96B037C9DD4C} => C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll [2010-11-10] (Sonic Solutions -> TODO: <Company name>) ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers2: [Genie-Soft Timeline Backup Context Menu Extension] -> {D821600B-0B5D-4D7E-B1CC-034C652E8288} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineContextMenu.gtl [2016-12-18] (Genie9) [File not signed] ContextMenuHandlers3: [Genie-Soft Timeline Backup Context Menu Extension] -> {D821600B-0B5D-4D7E-B1CC-034C652E8288} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineContextMenu.gtl [2016-12-18] (Genie9) [File not signed] ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Fi lter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] ShortcutWithArgument: C:\Users\Hans\Desktop\Oriental Weather.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=mbkkhmpidoemedicppkhfklljppccaan ShortcutWithArgument: C:\Users\Hans\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Chrome Apps\Oriental, NC Interactive Weather Rada.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=mbkkhmpidoemedicppkhfklljppccaan ShortcutWithArgument: C:\Users\Hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Oriental Weather.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=mbkkhmpidoemedicppkhfklljppccaan ==================== Loaded Modules (Whitelisted) ============= 2011-02-23 16:37 - 2012-04-01 09:02 - 000761856 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx 2020-02-06 17:23 - 2020-02-06 17:23 - 000629760 _____ () [File not signed] \\?\C:\Users\Hans\AppData\Local\Plex Media Server\Codecs\8bf330d-2818-windows-x86\aac_decoder.dll 2020-02-06 17:23 - 2020-02-06 17:23 - 000393728 _____ () [File not signed] \\?\C:\Users\Hans\AppData\Local\Plex Media Server\Codecs\8bf330d-2818-windows-x86\ac3_encoder.dll 2020-02-01 11:57 - 2020-02-01 11:57 - 001558016 _____ () [File not signed] \\?\C:\Users\Hans\AppData\Local\Plex Media Server\Codecs\8bf330d-2818-windows-x86\h264_decoder.dll 2020-06-27 19:56 - 2020-06-27 19:56 - 000817152 _____ () [File not signed] \\?\C:\Users\Hans\AppData\Local\Plex Media Server\Codecs\8bf330d-2818-windows-x86\hevc_decoder.dll 2020-02-07 23:50 - 2020-02-07 23:50 - 001799680 _____ () [File not signed] \\?\C:\Users\Hans\AppData\Local\Plex Media Server\Codecs\8bf330d-2818-windows-x86\libx264_encoder.dll 2011-04-29 18:13 - 2011-04-29 18:13 - 002225664 _____ () [File not signed] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll 2011-04-29 18:13 - 2011-04-29 18:13 - 007938048 _____ () [File not signed] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll 2011-02-23 16:23 - 2012-04-01 09:02 - 000264192 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AppCore.dll 2006-03-07 09:05 - 2012-04-01 09:02 - 001564672 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AreaIFDLL.dll 2011-02-23 16:21 - 2012-04-01 09:02 - 000356352 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Atlas.dll 2011-02-23 16:11 - 2012-04-01 09:02 - 000062464 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DibLibIP.dll 2011-02-23 16:39 - 2012-04-01 09:02 - 000078848 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx 2011-02-23 18:00 - 2012-04-01 09:02 - 000471040 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll 2011-02-23 17:00 - 2012-04-01 09:02 - 000684032 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESEmail.esx 2011-02-23 17:55 - 2012-04-01 09:02 - 011503616 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESSkin.esx 2011-02-23 16:17 - 2012-04-01 09:02 - 000152576 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx 2011-02-23 16:24 - 2012-04-01 09:02 - 000084480 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\keml40.dll 2011-02-23 16:24 - 2012-04-01 09:02 - 000406016 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Kfx.dll 2011-02-23 16:38 - 2012-04-01 09:02 - 000052224 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll 2011-02-23 16:15 - 2012-04-01 09:02 - 000129536 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\kpries40.dll 2011-02-23 16:15 - 2012-04-01 09:02 - 000090112 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll 2011-02-23 16:16 - 2012-04-01 09:02 - 000044544 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocCamBack.dll 2011-02-23 14:25 - 2012-04-01 09:02 - 000010240 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll 2011-02-23 17:04 - 2012-04-01 09:02 - 000171520 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Pcd.esx 2009-09-28 20:19 - 2012-04-01 09:02 - 000868352 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll 2009-09-28 20:20 - 2012-04-01 09:02 - 002236416 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll 2009-09-28 20:21 - 2012-04-01 09:02 - 001396736 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll 2009-09-28 20:20 - 2012-04-01 09:02 - 000462848 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll 2009-09-28 20:19 - 2012-04-01 09:02 - 000782336 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll 2009-09-28 20:21 - 2012-04-01 09:02 - 000528384 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll 2009-09-28 20:21 - 2012-04-01 09:02 - 000847872 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll 2009-09-28 20:19 - 2012-04-01 09:02 - 000155648 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll 2011-02-23 16:19 - 2012-04-01 09:02 - 000237568 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll 2011-02-23 16:15 - 2012-04-01 09:02 - 000084480 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx 2011-02-23 18:02 - 2012-04-01 09:02 - 000339968 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx 2011-02-23 17:01 - 2012-04-01 09:02 - 000098304 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx 2011-02-23 16:38 - 2012-04-01 09:02 - 000234496 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaControls.esx 2011-02-23 17:05 - 2012-04-01 09:02 - 000315392 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx 2011-02-23 16:55 - 2012-04-01 09:02 - 000688128 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll 2011-02-23 16:36 - 2012-04-01 09:02 - 000143360 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll 2020-09-21 03:15 - 2020-09-21 03:15 - 000219935 _____ () [File not signed] C:\Program Files (x86)\Proton Technologies\ProtonVPN\Resources\64-bit\liblzo2-2.dll 2020-09-21 03:15 - 2020-09-21 03:15 - 000119167 _____ () [File not signed] C:\Program Files (x86)\Proton Technologies\ProtonVPN\Resources\64-bit\libpkcs11-helper-1.dll 2016-12-18 07:38 - 2016-12-18 07:38 - 000741376 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSBackupManager.dll 2020-03-05 17:07 - 2016-12-18 07:38 - 000741376 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSBackupManager.gtl 2016-12-13 05:19 - 2016-12-13 05:19 - 000093696 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSCurl.dll 2016-12-13 05:19 - 2016-12-13 05:19 - 000089600 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSEncryption.dll 2020-03-05 17:07 - 2016-12-13 05:19 - 000089600 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSEncryption.gtl 2016-12-18 07:38 - 2016-12-18 07:38 - 000491520 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSIndexDB.dll 2020-03-05 17:07 - 2016-12-18 07:38 - 000491520 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSIndexDB.gtl 2016-12-13 05:19 - 2016-12-13 05:19 - 000058368 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSLibrariesManager.dll 2020-03-05 17:07 - 2016-12-13 05:19 - 000058368 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSLibrariesManager.gtl 2016-12-13 05:18 - 2016-12-13 05:18 - 000045568 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogging.dll 2020-03-05 17:07 - 2016-12-13 05:18 - 000045568 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogging.gtl 2016-12-18 07:38 - 2016-12-18 07:38 - 000054784 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogManager.dll 2020-03-05 17:07 - 2016-12-18 07:38 - 000054784 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogManager.gtl 2020-03-05 17:07 - 2016-12-18 07:38 - 000163328 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl 2016-12-18 07:38 - 2016-12-18 07:38 - 000371200 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSWatcher4.dll 2020-03-05 17:07 - 2016-12-18 07:38 - 000371200 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSWatcher4.gtl 2016-12-18 07:38 - 2016-12-18 07:38 - 000332800 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\OnlineHandler.dll 2020-03-05 17:07 - 2016-12-18 07:38 - 000332800 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\OnlineHandler.gtl 2013-02-03 04:21 - 2013-02-03 04:21 - 000045056 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\pcre.dll 2013-02-03 04:21 - 2013-02-03 04:21 - 000097792 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\pcrebase.dll 2016-12-18 07:38 - 2016-12-18 07:38 - 000087552 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\QueueManager.dll 2020-03-05 17:07 - 2016-12-18 07:38 - 000087552 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\QueueManager.gtl 2013-02-03 06:40 - 2013-02-03 06:40 - 000011264 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\RWLock.dll 2020-03-05 17:07 - 2013-02-03 06:40 - 000011264 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\RWLock.gtl 2016-12-18 07:38 - 2016-12-18 07:38 - 000211968 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\Settings.dll 2020-03-05 17:07 - 2016-12-18 07:38 - 000211968 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\Settings.gtl 2012-02-02 04:16 - 2012-02-02 04:16 - 000740864 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\sqlite3.dll 2020-03-05 17:07 - 2012-02-02 04:16 - 000740864 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\sqlite3.gtl 2013-02-03 06:40 - 2013-02-03 06:40 - 000010752 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\VSSEngine_Proxy.dll 2020-03-05 17:07 - 2013-02-03 06:40 - 000010752 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\VSSEngine_Proxy.gtl 2013-02-03 06:40 - 2013-02-03 06:40 - 000031232 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\VSSEngine_W2K3.dll 2016-12-18 07:38 - 2016-12-18 07:38 - 000063488 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\XBalloonMsgDll.dll 2019-04-06 21:33 - 2019-04-06 21:33 - 000542208 _____ () [File not signed] C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_53C.dll 2019-04-06 21:33 - 2019-04-06 21:33 - 000480768 _____ () [File not signed] C:\ProgramData\Resilio Sync\ShellExtensionOverlay86_53C.dll 2015-05-26 04:42 - 2015-05-26 04:42 - 000491520 _____ (Artpol Software) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSZipEng.dll 2020-03-05 17:07 - 2015-05-26 04:42 - 000491520 _____ (Artpol Software) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSZipEng.gtl 2012-01-10 12:10 - 2010-09-10 14:57 - 000023040 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Solution Menu EX\LangInfo\EN\CNSELANG.dll 2012-12-09 19:07 - 2012-03-14 05:00 - 000385024 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMLMAN.DLL 2012-01-10 12:07 - 2010-09-08 11:27 - 000328192 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMN6PPM.DLL 2012-01-09 22:13 - 2012-03-14 05:00 - 000780288 _____ (CANON INC.) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\CNMDRAN.DL L 2012-01-09 22:13 - 2012-03-14 05:00 - 003769344 _____ (CANON INC.) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\CNMUIAN.DL L 2012-01-09 22:14 - 2012-03-14 05:00 - 000030208 _____ (CANON INC.) [File not signed] C:\Windows\system32\spool\PRTPROCS\x64\CNMPDAN.DLL |
second file part 2
2011-02-23 14:28 - 2012-04-01 09:02 - 000028160 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocEGCreatives.dll 2011-02-23 14:30 - 2012-04-01 09:02 - 003727360 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESApp.dll 2011-02-23 14:29 - 2012-04-01 09:02 - 000172032 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESColl.dll 2011-02-23 14:29 - 2012-04-01 09:02 - 000626688 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESDeviceSetup.dll 2011-02-23 14:27 - 2012-04-01 09:02 - 000159744 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESEmail.dll 2011-02-23 14:27 - 2012-04-01 09:02 - 000167936 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESPrint.dll 2011-02-23 14:31 - 2012-04-01 09:02 - 000018944 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESUIWireless.dll 2011-02-23 14:31 - 2012-04-01 09:02 - 000212992 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESUpload.dll 2011-02-23 14:29 - 2012-04-01 09:02 - 000009728 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocPCD.dll 2011-02-23 14:25 - 2012-04-01 09:02 - 000010752 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaAdapter.dll 2011-02-23 14:30 - 2012-04-01 09:02 - 000073728 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaBBook.dll 2011-02-23 14:31 - 2012-04-01 09:02 - 000073728 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaBrowser.dll 2011-02-23 14:26 - 2012-04-01 09:02 - 000151552 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaCDBackup.dll 2011-02-23 14:26 - 2012-04-01 09:02 - 000688128 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaControls.dll 2011-02-23 14:31 - 2012-04-01 09:02 - 000552960 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaEdit.dll 2011-02-23 14:27 - 2012-04-01 09:02 - 000090112 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaPrintOnLine.dll 2011-02-23 16:54 - 2012-04-01 09:02 - 000794624 _____ (Eastman Kodak Company) [File not signed] [File is in use] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCliFacebookAPI.esx 2011-02-23 16:40 - 2012-04-01 09:02 - 000517120 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Acqmod.esx 2011-02-23 16:34 - 2012-04-01 09:02 - 000192512 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\CreativeProjects.esx 2011-02-23 16:50 - 2012-04-01 09:02 - 000374784 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EGCreatives.esx 2011-02-23 17:01 - 2012-04-01 09:02 - 001509376 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESApp.dll 2011-02-23 16:52 - 2012-04-01 09:02 - 001686528 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESColl.esx 2011-02-23 17:03 - 2012-04-01 09:02 - 000122880 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESEverestEditPipe.esx 2011-02-23 16:20 - 2012-04-01 09:02 - 000544768 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESFacialRetouch.dll 2011-02-23 16:44 - 2012-04-01 09:02 - 000602112 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESPrint.esx 2011-02-23 16:14 - 2012-04-01 09:02 - 000025600 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESRendezvousInfc.DLL 2011-02-23 16:53 - 2012-04-01 09:02 - 000098816 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESShastaEditPipe.esx 2011-02-23 16:51 - 2012-04-01 09:02 - 000118784 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESSlideShow.esx 2011-02-23 16:47 - 2012-04-01 09:02 - 000230400 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESUIWireless.esx 2011-02-23 16:45 - 2012-04-01 09:02 - 000790528 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESUpload.esx 2011-02-23 16:35 - 2012-04-01 09:02 - 000141312 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESWireless.esx 2011-02-23 16:29 - 2012-04-01 09:02 - 000710144 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KCat40.dll 2011-02-23 16:22 - 2012-04-01 09:02 - 000078336 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\kcor40.dll 2011-02-23 16:18 - 2012-04-01 09:02 - 003293184 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KDCImagePath.esx 2011-02-23 16:32 - 2012-04-01 09:02 - 000959488 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\PTP.esx 2006-03-01 14:34 - 2012-04-01 09:02 - 000208896 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ShastaPath.dll 2011-02-23 16:15 - 2012-04-01 09:02 - 000108544 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\UIFx.dll 2011-02-23 16:40 - 2012-04-01 09:02 - 000164864 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaBBook.esx 2011-02-23 16:31 - 2012-04-01 09:02 - 000102400 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaBrowser.esx 2011-02-23 16:24 - 2012-04-01 09:02 - 000614400 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaDB.esx 2011-02-23 17:07 - 2012-04-01 09:02 - 000512000 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaEdit.esx 2011-02-23 16:36 - 2012-04-01 09:02 - 000698368 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaImage.dll 2011-02-23 16:33 - 2012-04-01 09:02 - 000847872 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\XMIApi.esx 2011-02-23 16:26 - 2012-04-01 09:02 - 000139776 _____ (Eastman Kodak) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AddressBook.esx 2016-12-18 07:38 - 2016-12-18 07:38 - 000094720 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSCopy.dll 2020-03-05 17:07 - 2016-12-18 07:38 - 000094720 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSCopy.gtl 2016-12-18 07:38 - 2016-12-18 07:38 - 000174592 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSOnlineProtocol.dll 2020-03-05 17:07 - 2016-12-18 07:38 - 000098816 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineContextMenu.gtl 2020-03-05 17:07 - 2016-12-18 07:38 - 000637952 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineNSE.gtl 2020-03-05 17:07 - 2016-12-13 07:44 - 001504256 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineShellRes.gtl 2016-12-18 07:38 - 2016-12-18 07:38 - 000090624 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSUpdater.dll 2016-12-13 05:19 - 2016-12-13 05:19 - 000648704 _____ (Genie-Soft) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GenieAFX.dll 2016-12-13 05:18 - 2016-12-13 05:18 - 000029184 _____ (Genie-soft) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSEnManager.dll 2016-12-13 05:18 - 2016-12-13 05:18 - 000113152 _____ (Genie-soft) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSGlobalMFC.dll 2016-12-13 05:19 - 2016-12-13 05:19 - 000036352 _____ (Genie-soft) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSSEMGR.dll 2016-12-13 05:19 - 2016-12-13 05:19 - 000152064 _____ (Genie-Soft) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSSMTP.dll 2016-12-07 13:44 - 2016-12-07 13:44 - 000373248 _____ (IntelleSoft) [File not signed] C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll 1999-07-19 14:47 - 2012-04-01 09:02 - 000229888 _____ (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LTDIS10N.dll 1999-03-28 21:42 - 2012-04-01 09:02 - 000221184 _____ (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LTEFX10N.dll 1999-07-19 14:48 - 2012-04-01 09:02 - 000108032 _____ (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LTFIL10N.DLL 1999-07-19 14:49 - 2012-04-01 09:02 - 000114176 _____ (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LTIMG10N.dll 1999-07-19 14:46 - 2012-04-01 09:02 - 000297984 _____ (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LTKRN10N.dll 2019-03-27 23:34 - 2019-03-27 23:34 - 000130560 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\Microsoft.Net\assembly\GAC_64\System.En terpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\Sy stem.EnterpriseServices.Wrapper.dll 2011-12-28 00:01 - 2011-12-28 00:01 - 000479232 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a 1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcm 80.dll 2003-01-29 14:10 - 2003-01-29 14:10 - 000764928 ____R (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DbgHelp.dll 2003-03-18 20:14 - 2012-04-01 09:02 - 000499712 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\MSVCP71.dll 2003-02-21 03:42 - 2012-04-01 09:02 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\MSVCR71.dll 2003-03-18 20:14 - 2003-03-18 20:14 - 000499712 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\MSVCP71.dll 2003-02-21 04:42 - 2003-02-21 04:42 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\MSVCR71.dll 2011-12-28 00:01 - 2011-12-28 00:01 - 001101824 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a 1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80 .DLL 2011-12-28 00:01 - 2011-12-28 00:01 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a 1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80 U.DLL 2011-12-28 00:01 - 2011-12-28 00:01 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3 b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MF C80ENU.DLL 2008-06-12 13:36 - 2012-04-01 09:02 - 004055040 _____ (SOLIDFX, LLC) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\MediaEngine.dll 2012-02-02 04:16 - 2012-02-02 04:16 - 003501056 _____ (Terra Informatica Software, Inc., British Columbia, Canada.) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\htmlayout.dll 2012-02-02 04:16 - 2012-02-02 04:16 - 000222720 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\libcurl.dll 2012-02-02 04:16 - 2012-02-02 04:16 - 001558016 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\LIBEAY32.dll 2020-03-05 17:07 - 2012-02-02 04:16 - 001558016 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\libeay32.gtl 2012-02-02 04:16 - 2012-02-02 04:16 - 000301568 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\SSLEAY32.dll 2020-09-21 03:15 - 2020-09-21 03:15 - 003849101 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Proton Technologies\ProtonVPN\Resources\64-bit\libcrypto-1_1-x64.dll 2020-09-21 03:15 - 2020-09-21 03:15 - 001096971 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Proton Technologies\ProtonVPN\Resources\64-bit\libssl-1_1-x64.dll 2011-02-23 16:26 - 2012-04-01 09:02 - 000222208 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\CameraCollection.esx 2011-02-23 16:44 - 2012-04-01 09:02 - 000291840 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESDeviceSetup.esx 2011-02-23 16:38 - 2012-04-01 09:02 - 000077824 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESFlickrAPI.esx 2011-02-23 16:11 - 2012-04-01 09:02 - 000241664 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\FlickrAPI.dll 2010-11-17 10:28 - 2010-11-17 10:28 - 000111616 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\DiscMgrAPI.DLL 2011-04-29 18:13 - 2011-04-29 18:13 - 018908672 _____ (Unlimited Realities) [File not signed] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\libumajin.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\BFE => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\camsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\dps => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\lfsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MpsSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\semgrsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\SharedAccess => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\shellhwdetection => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TokenBroker => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WSService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\camsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\dps => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\GoToAssist => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\lfsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SamSs => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\semgrsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\shellhwdetection => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\srv => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\srv2 => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\srvnet => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TokenBroker => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WSService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Version 11) (Whitelisted) ========== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = SearchScopes: HKLM-x32 -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.) BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> ) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2011-10-15] (Canon Inc. -> CANON INC.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.) BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> ) Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> ) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2011-10-15] (Canon Inc. -> CANON INC.) Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> ) Toolbar: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> ) DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxps://support.dell.com/systemprofiler/SysProExe.CAB DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab DPF: HKLM-x32 {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc. -> Belarc, Inc.) Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> ) Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> ) (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7721 more sites. IE trusted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\dell.com -> dell.com IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\1-2005-search.com -> www.1-2005-search.com There are 12539 more sites. ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2012-08-19 20:29 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoo t%\system32\wbem;%SYSTEMROOT%\System32\WindowsPowe rShell\v1.0;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\DLLShared;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\DLLShared;C:\Program Files (x86)\Roxio\OEM\AudioCore;C:\Program Files (x86)\QuickTime\QTSystem;%systemroot%\System32\Win dowsPowerShell\v1.0\;%systemroot%\System32\Windows PowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\ HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Th emes\TranscodedWallpaper.jpg DNS Servers: 10.18.0.1 - 209.18.47.61 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{673BAE18-6223-454E-8C96-A404DC8391FF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{1C205064-3431-405D-A20E-976D1F578CF1}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe (CyberLink -> CyberLink Corp.) FirewallRules: [{0CB602E4-73BC-4E67-8793-99A5073FAD29}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer -> TeamViewer GmbH) FirewallRules: [{06CB4B9E-165D-4EA8-A94F-886C09AC01F5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer -> TeamViewer GmbH) FirewallRules: [{1ED14FE4-B8CF-4A9C-BDEF-2C477BE6B492}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH) FirewallRules: [{A6CEA8AA-5396-488D-B1AD-A2DBCE4130D8}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH) FirewallRules: [TCP Query User{80D10834-2555-4921-A011-9BD86B64361F}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{07E6E5AE-22BE-4DF1-A9F3-C8D24A76381B}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{559A8DCE-8B1D-4FA1-842E-4A6054CA33D5}] => (Allow) C:\Users\Hans\AppData\Local\Microsoft\SkyDrive\Sky Drive.exe => No File FirewallRules: [{56EA8C79-82B6-466B-84F9-58DC74CFBDEB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{784800E0-76E8-49F9-97EC-2A11D051857A}] => (Allow) LPort=2869 FirewallRules: [{BADCDFE7-9F62-44B2-A289-DD48C4575314}] => (Allow) LPort=1900 FirewallRules: [{21B926DC-87BC-43BB-8E63-B45D2E591000}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{5FEE0B98-2EEE-4164-B27E-5E8345712187}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [UDP Query User{F167EFD9-0D2B-423E-AF94-92F284AE0B9C}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [TCP Query User{684394E7-EA52-4B35-925A-8623013DC1E4}C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe => No File FirewallRules: [UDP Query User{41DA95D7-A999-4945-8E1C-72BF6A147B78}C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe => No File FirewallRules: [TCP Query User{DC70B0E8-B491-4E28-A717-821F5018286D}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [UDP Query User{0B4CF4E2-8E00-41C0-B754-8FC5D3AAC65D}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{573A03D1-54F0-4018-A65A-B725D9066CDD}] => (Allow) C:\Windows\explorer.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{82B9417A-EE6F-4DEB-A7F3-6D1976BCF2F5}] => (Allow) C:\Windows\explorer.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{78115ACF-B1B1-4568-9A6D-C6E92FF58F14}] => (Allow) C:\Windows\SysWOW64\explorer.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{FB66895A-C0D4-43C5-8876-827293C7AB6F}] => (Allow) C:\Windows\SysWOW64\explorer.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [TCP Query User{2A65CE14-3731-406C-8473-13AC8646D02C}C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe => No File FirewallRules: [UDP Query User{F338DE2E-04AD-4594-9CD1-123AED2AD808}C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe => No File FirewallRules: [TCP Query User{0E05BE06-51C6-43B3-B1F1-AFE4BF42BF19}C:\windows\syswow64\explorer.exe] => (Allow) C:\windows\syswow64\explorer.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [UDP Query User{119CF0E3-DE7C-4C94-AAA9-B056D38D4581}C:\windows\syswow64\explorer.exe] => (Allow) C:\windows\syswow64\explorer.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [TCP Query User{CE46814A-1516-4E06-B8C3-D663FEEBC10F}C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe => No File FirewallRules: [UDP Query User{641D4311-0D04-44DC-BE58-A5E229FF4075}C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe => No File FirewallRules: [{92C8FB58-CB64-4DFB-BD3F-96F1A08855C6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{DF33EF06-3E91-4442-82CA-45C02D012CCC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{D5DC4BE5-0698-469D-853A-E412000D9AEB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{E6B8C4CA-3985-492D-9129-AC326448373C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{2703FD34-D72D-4B4F-9DC9-CFCC5D36690B}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [TCP Query User{DE4BB905-1F70-4EBB-9F53-46CD1476D813}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe () [File not signed] FirewallRules: [UDP Query User{BFD561A2-BE79-4718-80AA-B8DFE0ADBD9F}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe () [File not signed] FirewallRules: [TCP Query User{0CDAD4C7-83B9-4124-958E-DA0A24199B10}C:\program files (x86)\smart view\smart view.exe] => (Block) C:\program files (x86)\smart view\smart view.exe () [File not signed] FirewallRules: [UDP Query User{4D3DB4CB-9C93-41F2-A5FD-3E776F60DE57}C:\program files (x86)\smart view\smart view.exe] => (Block) C:\program files (x86)\smart view\smart view.exe () [File not signed] FirewallRules: [TCP Query User{6D7930DA-F279-4584-8962-B479F7E86994}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [UDP Query User{EC43C18E-7120-43AD-BACE-FD874FB4C638}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [{57AAB2EB-82D0-4FC3-867A-5DAE6C9F82A3}] => (Allow) C:\Users\Hans\AppData\Roaming\Resilio Sync\Resilio Sync.exe (Resilio, Inc -> Resilio, Inc.) FirewallRules: [{865DCC19-005A-477F-85B7-DC884EC1A3E7}] => (Allow) C:\Users\Hans\AppData\Roaming\Resilio Sync\Resilio Sync.exe (Resilio, Inc -> Resilio, Inc.) FirewallRules: [{A31116D1-A8F6-46D2-8C06-A9E3FC458024}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc. -> Plex, Inc.) FirewallRules: [{8CD20C05-A030-4A57-8B0E-75FC3C274C7E}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Plex, Inc. -> Python Software Foundation) FirewallRules: [{5C907A8D-92B0-4A12-95FD-3A5EAEA93ED8}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe (Plex, Inc. -> Plex, Inc.) FirewallRules: [{4FFB93F8-98D6-45F1-A0A6-B722E625EEAA}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe (Plex, Inc. -> ) FirewallRules: [TCP Query User{5F4701F9-1D45-451F-9263-E5FBC59F92FC}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe (Synology Inc. -> ) FirewallRules: [UDP Query User{2C34CC31-EDF1-4EC8-BC81-C3BB19CF2917}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe (Synology Inc. -> ) FirewallRules: [{8374C504-754C-4211-9E9C-008F03A1757A}] => (Block) C:\program files (x86)\synology\assistant\dsassistant.exe (Synology Inc. -> ) FirewallRules: [{5F5D77F1-7A52-443A-AE3D-78ABE7822EDA}] => (Block) C:\program files (x86)\synology\assistant\dsassistant.exe (Synology Inc. -> ) FirewallRules: [{3DBFD78A-48ED-44F9-9AFF-574D28E2B741}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= 14-01-2021 17:01:55 Windows Update ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (01/16/2021 08:44:18 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec Faulting module name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec Exception code: 0xc0000005 Fault offset: 0x0001af76 Faulting process id: 0x132c Faulting application start time: 0x01d6ec0da809400b Faulting application path: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe Faulting module path: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe Report Id: eddb005b-5800-11eb-928d-f04da2fb7194 Error: (01/16/2021 08:43:38 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (01/16/2021 08:42:09 AM) (Source: ESENT) (EventID: 474) (User: ) Description: Catalog Database (1008) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 5861376 (0x0000000000597000) (database page 1430 (0x596)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The expected checksum was [5d0a22f5cb849261] and the actual checksum was [100f6ff0cb84da61]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (01/16/2021 09:10:12 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (01/16/2021 09:10:08 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec Faulting module name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec Exception code: 0xc0000005 Fault offset: 0x0001af76 Faulting process id: 0x12b4 Faulting application start time: 0x01d6ec1148a82307 Faulting application path: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe Faulting module path: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe Report Id: 89a8da89-5804-11eb-8b21-f04da2fb7194 Error: (01/16/2021 09:08:38 AM) (Source: ESENT) (EventID: 474) (User: ) Description: Catalog Database (1060) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 5861376 (0x0000000000597000) (database page 1430 (0x596)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The expected checksum was [5d0a22f5cb849261] and the actual checksum was [100f6ff0cb84da61]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (01/16/2021 09:08:38 AM) (Source: ESENT) (EventID: 474) (User: ) Description: Catalog Database (1060) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 5861376 (0x0000000000597000) (database page 1430 (0x596)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The expected checksum was [5d0a22f5cb849261] and the actual checksum was [100f6ff0cb84da61]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (01/16/2021 09:04:10 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec Faulting module name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec Exception code: 0xc0000005 Fault offset: 0x0001af76 Faulting process id: 0x1278 Faulting application start time: 0x01d6ec1072d35d9f Faulting application path: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe Faulting module path: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe Report Id: b3eda802-5803-11eb-9376-f04da2fb7194 System errors: ============= Error: (01/16/2021 09:45:12 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (01/16/2021 09:45:11 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (01/16/2021 08:47:11 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error: (01/16/2021 08:46:36 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (01/16/2021 09:12:50 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (01/16/2021 09:06:14 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (01/16/2021 09:03:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Run the configured recovery program. Error: (01/16/2021 09:02:46 AM) (Source: Microsoft Antimalware) (EventID: 5008) (User: ) Description: Microsoft Antimalware engine has been terminated due to an unexpected error. Failure Type: Crash Exception code: 0xc0000005 Resource: Windows Defender: =================================== Date: 2014-11-09 17:43:27.405 Description: Windows Defender scan has been stopped before completion. Scan ID:{400753C1-16D6-4256-804A-A82D48987A40} Scan Type:AntiSpyware Scan Parameters:Full Scan Date: 2014-11-09 10:08:00.033 Description: Windows Defender scan has been stopped before completion. Scan ID:{76775AE8-FD8D-4535-9B6C-C8BDF3A9EACF} Scan Type:AntiSpyware Scan Parameters:Quick Scan Date: 2012-08-11 21:41:01.835 Description: Windows Defender scan has been stopped before completion. Scan ID:{C0A97D8E-B54F-4615-AAC7-E7E2603BBE60} Scan Type:AntiSpyware Scan Parameters:Quick Scan Date: 2012-01-15 11:37:16.215 Description: Windows Defender has detected spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?link...threatid=13052 Name:RemoteAccess:Win32/TightVNC ID:13052 Severity:Medium Category:Remote Control Software Path Found:containerfile:C:\Users\Hans\Documents\Downlo ads\Uninstalled\crossloopsetup v2-20.exe;containerfile:C:\Users\Hans\Downloads\My Documents\Downloads\Uninstalled\crossloopsetup v2-20.exe;file:C:\Users\Hans\Documents\Downloads\Unin stalled\crossloopsetup v2-20.exe->(inno#000056);file:C:\Users\Hans\Documents\Downlo ads\Uninstalled\crossloopsetup v2-20.exe->(inno#000057);file:C:\Users\Hans\Downloads\My Documents\Downloads\Uninstalled\crossloopsetup v2-20.exe->(inno#000056);file:C:\Users\Hans\Downloads\My Documents\Downloads\Uninstalled\crossloopsetup v2-20.exe->(inno#000057) Detection Type:Concrete Detection Source:User Status:Unknown Process Name:C:\Program Files\Windows Defender\MSASCui.exe CodeIntegrity: =================================== Date: 2016-12-19 19:59:05.519 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-12-19 19:59:05.456 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-12-19 19:58:43.652 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-12-19 19:58:43.589 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-12-19 19:58:41.733 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-12-19 19:58:41.668 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-12-19 19:57:57.274 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-12-19 19:57:57.211 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== BIOS: Dell Inc. A00 04/12/2011 Motherboard: Dell Inc. 0GDG8Y Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz Percentage of memory in use: 56% Total physical RAM: 8104.63 MB Available physical RAM: 3510.39 MB Total Virtual: 16207.4 MB Available Virtual: 11129.15 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:450.91 GB) (Free:40.61 GB) NTFS Drive d: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.17 GB) (Free:0 GB) UDF Drive h: (Windows) (Network) (Total:222.33 GB) (Free:67.1 GB) NTFS \\?\Volume{b2abe718-c944-11e0-9762-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:14.81 GB) (Free:6.19 GB) NTFS ==================== MBR & Partition Table ==================== ================================================== ======== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 626C198E) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=14.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450.9 GB) - (Type=07 NTFS) ==================== End of Addition.txt ======================= Hans |
from BlueScreenVeiw
011621-23244-01.dmp 1/16/2021 3:06:11 PM MEMORY_MANAGEMENT 0x0000001a 00000000`00041790 fffffa80`05f02560 00000000`0000ffff 00000000`00000000 ntoskrnl.exe ntoskrnl.exe+93ba0 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.24384 (win7sp1_ldr_escrow.190220-1800) x64 ntoskrnl.exe+93ba0 C:\Windows\Minidump\011621-23244-01.dmp 4 15 7601 278,560 1/16/2021 3:07:15 PM edited to add booted back into safe mode |
Hi Hans;
Very Good Job. I haven't investigated the blue screen problem yet. We'll see later. -------------------- I see a lot of VPN software in your logs.Are you using all of these? Remove what you don't want to use. If you tell me, add them to the Farbar delete list. ProtonVPN SetupVPN - Lifetime Free VPN Browsec VPN - Free VPN for Chrome TunnelBear VPN Hotspot Shield Free VPN Proxy - Unlimited VPN Windscribe - Free Proxy and Ad Blocker Hola Free VPN Proxy Unblocker - Best VPN --------------------------------------------------------------- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe I am seeing multiple bugs of ArcSoft software. Can you tell us about this software. You could do a repair on this software. --------------------------------------------------------------- Programs uninstall:
FileHippo.com Update Checker Google Update Helper Malwarebytes Anti-Malware version 2.2.1 Mozilla Maintenance Service ----------------------------------------------------------------- Let me know when you get these things done. Have a nice weekend. |
Hi
This latest blue screen occurred after did the repair disk and farbar logs.. was just browsing minimally.. a couple of chrome tabs went oh snap and then bsod. Thought it might be helpful info so included what i could from the viewer.. ---- Tried alot of vpn software to find something that was fast, free and unlimited.. only using the ProtonVPN.. uninstalled all of the ones on your list as well as: VPN Free- Betternet FreeVPN Proxy Unlimited All of the uninstalled VPN software were chrome extensions.. there are a bunch of other unused extensions that can also be deleted. ---- Matter of fact there is bunch of software on this pc that I don't use.. the plan was to uninstall everything unnecessary in preparation for SSD upgrade to windows 10 ---- Arcsoft is a photo/card printing software that i think came preinstalled from Dell... or might have been part of the Canon printer software bundle.. uninstalled it.. gave a message saying that arcsnap.ax may no longer be needed but may prevent other applications from running correctly - uninstalled it too. ---- As for other programs to uninstall: Uninstalled all of those on your list except for Google update helper.. couldn't find it. For Adobe flash player: uninstalled: Adobe Flash Player 32ActiveX and Adobe Flash Player 32NPAPI Hans |
Hi Hans
Step 1: Run FRST fixlist
Start CreateRestorePoint: CloseProcesses: GroupPolicy: Restriction - Chrome <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION SearchScopes: HKLM -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = SearchScopes: HKLM-x32 -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125] ShortcutWithArgument: C:\Users\Hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Oriental Weather.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=mbkkhmpidoemedicppkhfklljppccaan FirewallRules: [{559A8DCE-8B1D-4FA1-842E-4A6054CA33D5}] => (Allow) C:\Users\Hans\AppData\Local\Microsoft\SkyDrive\Sky Drive.exe => No File FirewallRules: [TCP Query User{684394E7-EA52-4B35-925A-8623013DC1E4}C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe => No File FirewallRules: [UDP Query User{41DA95D7-A999-4945-8E1C-72BF6A147B78}C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe => No File FirewallRules: [TCP Query User{2A65CE14-3731-406C-8473-13AC8646D02C}C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe => No File FirewallRules: [UDP Query User{F338DE2E-04AD-4594-9CD1-123AED2AD808}C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe => No File FirewallRules: [TCP Query User{CE46814A-1516-4E06-B8C3-D663FEEBC10F}C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe => No File FirewallRules: [UDP Query User{641D4311-0D04-44DC-BE58-A5E229FF4075}C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe => No File Task: {F15BA0EF-5B72-42B2-B343-928E8E85294F} - System32\Tasks\ProtonVPN Update => C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-10-06] (ProtonVPN AG -> ) CHR DefaultSearchURL: Default -> hxxps://vortex.accuweather.com/adc2010/images/favicons/awx-2013-master.ico CHR DownloadDir: N:\ CHR Extension: (VPN Free - Betternet Unlimited VPN Proxy) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpo ekiipm [2020-10-18] CHR Extension: (Hola Free VPN Proxy Unblocker - Best VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfb nlmeio [2021-01-12] CHR Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcna nddlhb [2021-01-06] CHR Extension: (Free VPN Proxy Unlimited VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mojliakllambnopeaalgddbiip ohdgol [2020-12-16] CHR Extension: (Hotspot Shield Free VPN Proxy - Unlimited VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloa ajcffj [2020-10-18] CHR Extension: (TunnelBear VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookp fjihpa [2021-01-06] CHR Extension: (Browsec VPN - Free VPN for Chrome) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdo dcjboh [2021-01-06] CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofgbpoabipfcfjapgnbbjjaen ockbdp [2020-10-18] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] R2 NOBU; C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2823000 2010-08-25] (Symantec Corporation -> Dell, Inc.) R3 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [99136 2020-10-06] (ProtonVPN AG -> ) R3 ProtonVPN Update Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-10-06] (ProtonVPN AG -> ) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL) S3 ProtonVPNSplitTunnel; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win7\ProtonVPN.SplitTun nelDriver.sys [22456 2020-08-19] (ProtonVPN AG -> Proton Technologies AG) R3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [39864 2020-08-19] (ProtonVPN AG -> The OpenVPN Project) C:\Users\Hans\AppData\Roaming\DECRYPT_INSTRUCTION. URL C:\Users\Hans\AppData\Roaming\Microsoft\DECRYPT_IN STRUCTION.URL C:\Users\Hans\AppData\Local\DECRYPT_INSTRUCTION.UR L WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"", Fi lter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] cmd: net stop cryptSvc cmd: ren C:\Windows\System32\catroot2 Catroot2.old cmd: net start cryptSvc CMD: bitsadmin /reset /allusers CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: Removeproxy EmptyTemp: Hosts: Reboot: End --------------------------------- NOTICE: This script is written specifically for this computer!!!
================================================== ==== Any issue ? Step 2: AdwCleaner - Clean Please download AdwCleaner by Xplode onto your desktop.
In your next reply, please include:
Run Malwarebytes Anti-Malware Download Malwarebytes Anti-Malware from here:
Have a nice day. |
question: should I be running these three steps in safe mode or full windows?
had booted back into safe mode after last blue screen and didn't think of it but last 2 times ran FRST was in full windows.. so had ran step 1 in safe mode please advise if should continue with steps 2 &3 in full windows and repeat step 1 in full windows or reboot into safe mode and continue with steps 2 &3.. after FRST ran got a message that a file in chrome, I think, was corrupted and that it would run chkdsk after reboot.. rebooted fine but got 2 dialog box messages from ProtonVPN. the first message advised that the application is missing a required file and to repair the installation by hitting the "repair" button. the second message advised that service required for the VPN connection seems disabled and to enable it by hitting the "enable" button. should I do these two things for ProtonVPN then continue in full windows and redo step one in full windows or goto safe mode and continue or skip both ProtonVPN messages and continue in full windows and redo step 1 in full windows or goto safe mode and continue? only poked around a little.. windows full seems ok but have kept activity to minimum to avoid another blue screen.. Thank you, Hans here is what I have so far: Fix result of Farbar Recovery Scan Tool (x64) Version: 17-01-2021 Ran by Hans (17-01-2021 09:57:23) Run:1 Running from C:\Users\Hans\Desktop Loaded Profiles: Hans Boot Mode: Safe Mode (with Networking) ============================================== fixlist content: ***************** Start CreateRestorePoint: CloseProcesses: GroupPolicy: Restriction - Chrome <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION SearchScopes: HKLM -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = SearchScopes: HKLM-x32 -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125] ShortcutWithArgument: C:\Users\Hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Oriental Weather.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=mbkkhmpidoemedicppkhfklljppccaan FirewallRules: [{559A8DCE-8B1D-4FA1-842E-4A6054CA33D5}] => (Allow) C:\Users\Hans\AppData\Local\Microsoft\SkyDrive\Sky Drive.exe => No File FirewallRules: [TCP Query User{684394E7-EA52-4B35-925A-8623013DC1E4}C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe => No File FirewallRules: [UDP Query User{41DA95D7-A999-4945-8E1C-72BF6A147B78}C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe => No File FirewallRules: [TCP Query User{2A65CE14-3731-406C-8473-13AC8646D02C}C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe => No File FirewallRules: [UDP Query User{F338DE2E-04AD-4594-9CD1-123AED2AD808}C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe => No File FirewallRules: [TCP Query User{CE46814A-1516-4E06-B8C3-D663FEEBC10F}C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe => No File FirewallRules: [UDP Query User{641D4311-0D04-44DC-BE58-A5E229FF4075}C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe => No File Task: {F15BA0EF-5B72-42B2-B343-928E8E85294F} - System32\Tasks\ProtonVPN Update => C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-10-06] (ProtonVPN AG -> ) CHR DefaultSearchURL: Default -> hxxps://vortex.accuweather.com/adc2010/images/favicons/awx-2013-master.ico CHR DownloadDir: N:\ CHR Extension: (VPN Free - Betternet Unlimited VPN Proxy) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpo ekiipm [2020-10-18] CHR Extension: (Hola Free VPN Proxy Unblocker - Best VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfb nlmeio [2021-01-12] CHR Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcna nddlhb [2021-01-06] CHR Extension: (Free VPN Proxy Unlimited VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mojliakllambnopeaalgddbiip ohdgol [2020-12-16] CHR Extension: (Hotspot Shield Free VPN Proxy - Unlimited VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloa ajcffj [2020-10-18] CHR Extension: (TunnelBear VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookp fjihpa [2021-01-06] CHR Extension: (Browsec VPN - Free VPN for Chrome) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdo dcjboh [2021-01-06] CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofgbpoabipfcfjapgnbbjjaen ockbdp [2020-10-18] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] R2 NOBU; C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2823000 2010-08-25] (Symantec Corporation -> Dell, Inc.) R3 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [99136 2020-10-06] (ProtonVPN AG -> ) R3 ProtonVPN Update Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-10-06] (ProtonVPN AG -> ) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL) S3 ProtonVPNSplitTunnel; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win7\ProtonVPN.SplitTun nelDriver.sys [22456 2020-08-19] (ProtonVPN AG -> Proton Technologies AG) R3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [39864 2020-08-19] (ProtonVPN AG -> The OpenVPN Project) C:\Users\Hans\AppData\Roaming\DECRYPT_INSTRUCTION. URL C:\Users\Hans\AppData\Roaming\Microsoft\DECRYPT_IN STRUCTION.URL C:\Users\Hans\AppData\Local\DECRYPT_INSTRUCTION.UR L WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"", Fi lter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] cmd: net stop cryptSvc cmd: ren C:\Windows\System32\catroot2 Catroot2.old cmd: net start cryptSvc CMD: bitsadmin /reset /allusers CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: Removeproxy EmptyTemp: Hosts: Reboot: End ***************** Error: Restore point can only be created in normal mode. Processes closed successfully. C:\Windows\system32\GroupPolicy\Machine => moved successfully C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully C:\ProgramData\NTUSER.pol => moved successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68} => removed successfully C:\ProgramData\Temp => ":5C321E34" ADS removed successfully C:\Users\Hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Oriental Weather.lnk => Shortcut argument removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\{559A8 DCE-8B1D-4FA1-842E-4A6054CA33D5}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{684394E7-EA52-4B35-925A-8623013DC1E4}C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{41DA95D7-A999-4945-8E1C-72BF6A147B78}C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2A65CE14-3731-406C-8473-13AC8646D02C}C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F338DE2E-04AD-4594-9CD1-123AED2AD808}C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CE46814A-1516-4E06-B8C3-D663FEEBC10F}C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{641D4311-0D04-44DC-BE58-A5E229FF4075}C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F15BA0 EF-5B72-42B2-B343-928E8E85294F}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F15BA0 EF-5B72-42B2-B343-928E8E85294F}" => removed successfully C:\Windows\System32\Tasks\ProtonVPN Update => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProtonVP N Update" => removed successfully "Chrome DefaultSearchURL" => removed successfully CHR DownloadDir: N:\ => Error: No automatic fix found for this entry. CHR Extension: (VPN Free - Betternet Unlimited VPN Proxy) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpo ekiipm [2020-10-18] => Error: No automatic fix found for this entry. CHR Extension: (Hola Free VPN Proxy Unblocker - Best VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfb nlmeio [2021-01-12] => Error: No automatic fix found for this entry. CHR Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcna nddlhb [2021-01-06] => Error: No automatic fix found for this entry. CHR Extension: (Free VPN Proxy Unlimited VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mojliakllambnopeaalgddbiip ohdgol [2020-12-16] => Error: No automatic fix found for this entry. CHR Extension: (Hotspot Shield Free VPN Proxy - Unlimited VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloa ajcffj [2020-10-18] => Error: No automatic fix found for this entry. CHR Extension: (TunnelBear VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookp fjihpa [2021-01-06] => Error: No automatic fix found for this entry. CHR Extension: (Browsec VPN - Free VPN for Chrome) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdo dcjboh [2021-01-06] => Error: No automatic fix found for this entry. CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofgbpoabipfcfjapgnbbjjaen ockbdp [2020-10-18] => Error: No automatic fix found for this entry. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \efaidnbmnnnibpcajpcglclefindmkaj => removed successfully HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \lifbcibllhkdhoafpjfnlhfpfgnpldfl => removed successfully HKLM\System\CurrentControlSet\Services\NOBU => removed successfully NOBU => service removed successfully HKLM\System\CurrentControlSet\Services\ProtonVPN Service => removed successfully ProtonVPN Service => service removed successfully HKLM\System\CurrentControlSet\Services\ProtonVPN Update Service => removed successfully ProtonVPN Update Service => service removed successfully HKLM\System\CurrentControlSet\Services\AppMgmt => removed successfully AppMgmt => service removed successfully HKLM\System\CurrentControlSet\Services\ProtonVPNSp litTunnel => removed successfully ProtonVPNSplitTunnel => service removed successfully tapprotonvpn => Unable to stop service. HKLM\System\CurrentControlSet\Services\tapprotonvp n => removed successfully tapprotonvpn => service removed successfully "C:\Users\Hans\AppData\Roaming\DECRYPT_INSTRUCTION . URL" => not found "C:\Users\Hans\AppData\Roaming\Microsoft\DECRYPT_I N STRUCTION.URL" => not found "C:\Users\Hans\AppData\Local\DECRYPT_INSTRUCTION.U R L" => not found "CommandLineEventConsumer.Name=\"BVTConsumer\" ", Fi lter="__EventFilter.Name=\"BVTFilter\"" => not found "BVTFilter" => removed successfully "BVTConsumer" => removed successfully ========= net stop cryptSvc ========= The Cryptographic Services service is stopping.. The Cryptographic Services service was stopped successfully. ========= End of CMD: ========= ========= ren C:\Windows\System32\catroot2 Catroot2.old ========= ========= End of CMD: ========= ========= net start cryptSvc ========= The Cryptographic Services service is starting. The Cryptographic Services service was started successfully. ========= End of CMD: ========= ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.5.7601 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. Unable to connect to BITS - 0x8007042c The dependency service or group failed to start. ========= End of CMD: ========= ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= ========= netsh advfirewall set allprofiles state ON ========= Ok. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= Removeproxy ========= 'Removeproxy' is not recognized as an internal or external command, operable program or batch file. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 88930983 B Java, Flash, Steam htmlcache => 612 B Windows/system/drivers => 51327725 B Edge => 0 B Chrome => 615553943 B Brave => 0 B Firefox => 112710451 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 66228 B Public => 66228 B ProgramData => 66228 B systemprofile => 166968 B systemprofile32 => 287959 B LocalService => 287959 B NetworkService => 55828657 B Hans => 561982860 B RecycleBin => 26277204042 B EmptyTemp: => 25.9 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 10:00:15 ==== |
Quote:
Quote:
Quote:
|
should i redo step one in normal mode?
|
Quote:
|
ok,
if do the 2 things for ProtonVPN would redoing step one undo them again? |
I think it will work.
|
will run steps now and post all results in a little while.. thanks hans
|
Hey there,
After ran FRST and it rebooted (didnt run chkdsk this time) back to full windows, got the 2 ProtonVPN messages again.. so hit the repair button from the first message and ProtonVPN updated and installed and was fine.. Also got 2 windows firewall messages that advised it blocked some features of Plex media server and Python (which is part of Plex) but canceled out of those as will be moving Plex server to Nas.. --- Downloaded Adwcleaner and it advised update was available so updated and Ran the scan and think might have messed up the steps a little as it looked options in software didn't quite line up to directions after the scan for a few steps (maybe because updated) as thought the pre-installed programs, (which really wanted to delete but left alone following recommendation), would have been quarantined but weren't. Also didn't get prompt to reboot pc so rebooted it manually and when started up again the aero theme and transparency was gone and task bar went from black to blue but seemed pretty snappy.. At first thought that maybe preinstalled programs were quarantined changing the theme.. --- Did Malwarebytes fine.. think it prompted me to reboot, don't remember exactly but after reboot aero theme and transparency was back as well as the black taskbar.. Was using the computer lightly browsing here and there and seemed good.. occasionally a tab in chrome would go oh snap after loading.. sometimes more than one tab at a time and then blue screen.. managed to get the message after pc rebooted but it was slow going.. after reboot pc was slow for a while and most programs were unresponsive or pretty slow until message that Windows has recovered from an unexpected shutdown appeared.. after that pc seemed to get better. Here is the message: Problem signature: Problem Event Name: BlueScreen OS Version: 6.1.7601.2.1.0.768.3 Locale ID: 1033 Additional information about the problem: BCCode: 50 BCP1: FFFFBA800A284D08 BCP2: 0000000000000000 BCP3: FFFFF800022B3143 BCP4: 0000000000000007 OS Version: 6_1_7601 Service Pack: 1_0 Product: 768_1 Files that help describe the problem: C:\Windows\Minidump\011721-23665-01.dmp C:\Users\Hans\AppData\Local\Temp\WER-99981-0.sysdata.xml Here is also bluescreen veiw: 011721-23665-01.dmp 1/17/2021 8:57:09 PM PAGE_FAULT_IN_NONPAGED_AREA 0x00000050 ffffba80`0a284d08 00000000`00000000 fffff800`022b3143 00000000`00000007 ntoskrnl.exe ntoskrnl.exe+93ba0 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.24384 (win7sp1_ldr_escrow.190220-1800) x64 ntoskrnl.exe+93ba0 C:\Windows\Minidump\011721-23665-01.dmp 4 15 7601 278,560 1/17/2021 8:58:33 PM I think Malwarebytes was still open when bluescreen occured as program won't start now.. pc is in safe mode now.. Hans first log: Fix result of Farbar Recovery Scan Tool (x64) Version: 17-01-2021 Ran by Hans (17-01-2021 15:15:03) Run:2 Running from C:\Users\Hans\Desktop Loaded Profiles: Hans Boot Mode: Normal ============================================== fixlist content: ***************** Start CreateRestorePoint: CloseProcesses: GroupPolicy: Restriction - Chrome <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION SearchScopes: HKLM -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = SearchScopes: HKLM-x32 -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125] ShortcutWithArgument: C:\Users\Hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Oriental Weather.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=mbkkhmpidoemedicppkhfklljppccaan FirewallRules: [{559A8DCE-8B1D-4FA1-842E-4A6054CA33D5}] => (Allow) C:\Users\Hans\AppData\Local\Microsoft\SkyDrive\Sky Drive.exe => No File FirewallRules: [TCP Query User{684394E7-EA52-4B35-925A-8623013DC1E4}C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe => No File FirewallRules: [UDP Query User{41DA95D7-A999-4945-8E1C-72BF6A147B78}C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe => No File FirewallRules: [TCP Query User{2A65CE14-3731-406C-8473-13AC8646D02C}C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe => No File FirewallRules: [UDP Query User{F338DE2E-04AD-4594-9CD1-123AED2AD808}C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe => No File FirewallRules: [TCP Query User{CE46814A-1516-4E06-B8C3-D663FEEBC10F}C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe => No File FirewallRules: [UDP Query User{641D4311-0D04-44DC-BE58-A5E229FF4075}C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe => No File Task: {F15BA0EF-5B72-42B2-B343-928E8E85294F} - System32\Tasks\ProtonVPN Update => C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-10-06] (ProtonVPN AG -> ) CHR DefaultSearchURL: Default -> hxxps://vortex.accuweather.com/adc2010/images/favicons/awx-2013-master.ico CHR DownloadDir: N:\ CHR Extension: (VPN Free - Betternet Unlimited VPN Proxy) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpo ekiipm [2020-10-18] CHR Extension: (Hola Free VPN Proxy Unblocker - Best VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfb nlmeio [2021-01-12] CHR Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcna nddlhb [2021-01-06] CHR Extension: (Free VPN Proxy Unlimited VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mojliakllambnopeaalgddbiip ohdgol [2020-12-16] CHR Extension: (Hotspot Shield Free VPN Proxy - Unlimited VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloa ajcffj [2020-10-18] CHR Extension: (TunnelBear VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookp fjihpa [2021-01-06] CHR Extension: (Browsec VPN - Free VPN for Chrome) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdo dcjboh [2021-01-06] CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofgbpoabipfcfjapgnbbjjaen ockbdp [2020-10-18] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] R2 NOBU; C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2823000 2010-08-25] (Symantec Corporation -> Dell, Inc.) R3 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [99136 2020-10-06] (ProtonVPN AG -> ) R3 ProtonVPN Update Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-10-06] (ProtonVPN AG -> ) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL) S3 ProtonVPNSplitTunnel; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win7\ProtonVPN.SplitTun nelDriver.sys [22456 2020-08-19] (ProtonVPN AG -> Proton Technologies AG) R3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [39864 2020-08-19] (ProtonVPN AG -> The OpenVPN Project) C:\Users\Hans\AppData\Roaming\DECRYPT_INSTRUCTION. URL C:\Users\Hans\AppData\Roaming\Microsoft\DECRYPT_IN STRUCTION.URL C:\Users\Hans\AppData\Local\DECRYPT_INSTRUCTION.UR L WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"", Fi lter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] cmd: net stop cryptSvc cmd: ren C:\Windows\System32\catroot2 Catroot2.old cmd: net start cryptSvc CMD: bitsadmin /reset /allusers CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: Removeproxy EmptyTemp: Hosts: Reboot: End ***************** Restore point was successfully created. Processes closed successfully. "C:\Windows\system32\GroupPolicy\Machine" => not found C:\ProgramData\NTUSER.pol => moved successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68} => not found "C:\ProgramData\Temp" => ":5C321E34" ADS not found. C:\Users\Hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Oriental Weather.lnk => Shortcut argument removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\{559A8 DCE-8B1D-4FA1-842E-4A6054CA33D5}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{684394E7-EA52-4B35-925A-8623013DC1E4}C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{41DA95D7-A999-4945-8E1C-72BF6A147B78}C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2A65CE14-3731-406C-8473-13AC8646D02C}C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F338DE2E-04AD-4594-9CD1-123AED2AD808}C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CE46814A-1516-4E06-B8C3-D663FEEBC10F}C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{641D4311-0D04-44DC-BE58-A5E229FF4075}C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F15BA0 EF-5B72-42B2-B343-928E8E85294F}" => not found C:\Windows\System32\Tasks\ProtonVPN Update => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProtonVP N Update" => removed successfully "Chrome DefaultSearchURL" => not found CHR DownloadDir: N:\ => Error: No automatic fix found for this entry. CHR Extension: (VPN Free - Betternet Unlimited VPN Proxy) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpo ekiipm [2020-10-18] => Error: No automatic fix found for this entry. CHR Extension: (Hola Free VPN Proxy Unblocker - Best VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfb nlmeio [2021-01-12] => Error: No automatic fix found for this entry. CHR Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcna nddlhb [2021-01-06] => Error: No automatic fix found for this entry. CHR Extension: (Free VPN Proxy Unlimited VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mojliakllambnopeaalgddbiip ohdgol [2020-12-16] => Error: No automatic fix found for this entry. CHR Extension: (Hotspot Shield Free VPN Proxy - Unlimited VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloa ajcffj [2020-10-18] => Error: No automatic fix found for this entry. CHR Extension: (TunnelBear VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookp fjihpa [2021-01-06] => Error: No automatic fix found for this entry. CHR Extension: (Browsec VPN - Free VPN for Chrome) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdo dcjboh [2021-01-06] => Error: No automatic fix found for this entry. CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofgbpoabipfcfjapgnbbjjaen ockbdp [2020-10-18] => Error: No automatic fix found for this entry. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \efaidnbmnnnibpcajpcglclefindmkaj => not found HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \lifbcibllhkdhoafpjfnlhfpfgnpldfl => not found NOBU => service not found. HKLM\System\CurrentControlSet\Services\ProtonVPN Service => removed successfully ProtonVPN Service => service removed successfully HKLM\System\CurrentControlSet\Services\ProtonVPN Update Service => removed successfully ProtonVPN Update Service => service removed successfully AppMgmt => service not found. HKLM\System\CurrentControlSet\Services\ProtonVPNSp litTunnel => removed successfully ProtonVPNSplitTunnel => service removed successfully tapprotonvpn => Unable to stop service. HKLM\System\CurrentControlSet\Services\tapprotonvp n => removed successfully tapprotonvpn => service removed successfully "C:\Users\Hans\AppData\Roaming\DECRYPT_INSTRUCTION . URL" => not found "C:\Users\Hans\AppData\Roaming\Microsoft\DECRYPT_I N STRUCTION.URL" => not found "C:\Users\Hans\AppData\Local\DECRYPT_INSTRUCTION.U R L" => not found "CommandLineEventConsumer.Name=\"BVTConsumer\" ", Fi lter="__EventFilter.Name=\"BVTFilter\"" => not found "BVTFilter" => not found "BVTConsumer" => not found ========= net stop cryptSvc ========= The Cryptographic Services service is stopping.. The Cryptographic Services service was stopped successfully. ========= End of CMD: ========= ========= ren C:\Windows\System32\catroot2 Catroot2.old ========= A duplicate file name exists, or the file cannot be found. ========= End of CMD: ========= ========= net start cryptSvc ========= The Cryptographic Services service is starting. The Cryptographic Services service was started successfully. ========= End of CMD: ========= ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.5.7601 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. 0 out of 0 jobs canceled. ========= End of CMD: ========= ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= ========= netsh advfirewall set allprofiles state ON ========= Ok. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= Removeproxy ========= 'Removeproxy' is not recognized as an internal or external command, operable program or batch file. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3152264 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 13358 B Edge => 0 B Chrome => 206826775 B Brave => 0 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 0 B systemprofile32 => 128 B LocalService => 128 B NetworkService => 3518 B Hans => 589585 B RecycleBin => 0 B EmptyTemp: => 208.8 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 15:16:10 ==== second log: # ------------------------------- # Malwarebytes AdwCleaner 8.0.9.0 # ------------------------------- # Build: 01-11-2021 # Database: 2021-01-11.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 01-17-2021 # Duration: 00:00:01 # OS: Windows 7 Home Premium # Cleaned: 1 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** No malicious registry entries cleaned. ***** [ Chromium (and derivatives) ] ***** Deleted Amazon Assistant for Chrome - pbjikboenpfhbbejgkoklgkhjpfogcam ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [9330 octets] - [17/01/2021 15:39:02] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## third log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 1/17/21 Scan Time: 4:59 PM Log File: 3dc1aff6-590f-11eb-8273-f04da2fb7194.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1146 Update Package Version: 1.0.35899 License: Trial -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: PC\Hans -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 271422 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 8 min, 2 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) |
Hi Hans,
For MalwareBytes, do this; Settings > Security > Windows startup --> OFF After that, it will not open with windows. ================================================== So we're back to the beginning again. win7sp1_ldr_escrow.190220-1800) x64 ntoskrnl.exe + 93ba0 and bluescreen I think the above problem is at the root of the problem. Experience has shown me these issues can become quite complex and deeply rooted into a system, so much so that I am careful to not get myself in the position of possibly doing more harm than good. Whereas I have received training in malware issues, my training in Windows Update issues is slight at best. If I come to the conclusion you would be far better served by referring you to experts in the field I will quickly do so. OK, let's start with this. Step:1 - Run SFC Scan
For Windows 7 Type Command Prompt in the Search box, right-select Command Prompt, and then select Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or select Allow. Type the following command, and then press Enter. It may take several minutes for the command operation to be completed. PLease do; DISM.exe /Online /Cleanup-image /Restorehealth DISM.exe /Online /Cleanup-Image /RestoreHealth /Source:C:\RepairSource\Windows /LimitAccess sfc /scannow DISM creates a log file (%windir%/Logs/CBS/CBS.log) that captures any issues that the tool found or fixed. %windir% is the folder in which Windows is installed. For example, the %windir% folder is C:\Windows. To resolve this problem, install service pack again. Download the package now for x64-based (64-bit) version of Windows 7 SP1 Click Yes to allow it to install. This process could take several hours so allow it to run to completion https://www.microsoft.com/en-us/down....aspx?id=20858 Step:3 - Run SFCFix by Niemiro
Regards. |
Hello olgun52,
I understand your concerns.. your help is much appreciated.. should i be doing these steps from normal or safe mode? --- For the Malwarebytes, couldn't find where to do: Settings > Security > Windows startup --> OFF Did control panel -> System and Security -> no startup stuff Launched msconfig and looked under startup tab but didn't see an entry for Malwarebytes.. Remember now when last booted into safe mode malwarebytes prompted if wanted to turn on the realtime monitoring and I clicked yes.. maybe thats the problem.. Thank you Hans |
also, from step 2:
these are 2 command line entries? first entry DISM.exe /Online /Cleanup-image /Restorehealth second entry DISM.exe /Online /Cleanup-Image /RestoreHealth /Source:C:\RepairSource\Windows /LimitAccess sfc /scannow |
Completely disable the real-time protection of Malwarebytes and opening it with windows. Use for on-demand scans only.
Quote:
EDİT: Please follow steps in the correct order.Enter after each step. Wait for the process to finish after each command. DISM.exe /Online /Cleanup-image /Restorehealth ---> Enter DISM.exe /Online /Cleanup-Image /RestoreHealth/Source:C:\RepairSource\Windows /LimitAccess ---> Enter sfc /scannow ---> Enter Thanks. |
ah ok, see now.. supposed to have done:
Settings > Security > Windows startup --> OFF from inside Malwarebytes which wouldn't open in safe mode.. So I booted up normal to full windows and did that in malwarebytes and started step 1 SFC scan.. unfortunately got a blue screen in the middle of the SFC scan Problem signature: Problem Event Name: BlueScreen OS Version: 6.1.7601.2.1.0.768.3 Locale ID: 1033 Additional information about the problem: BCCode: 1a BCP1: 0000000000041790 BCP2: FFFFFA8005F02560 BCP3: 000000000000FFFF BCP4: 0000000000000000 OS Version: 6_1_7601 Service Pack: 1_0 Product: 768_1 Files that help describe the problem: C:\Windows\Minidump\011821-28875-01.dmp C:\Users\Hans\AppData\Local\Temp\WER-56565-0.sysdata.xml bluescreenview: 011821-28875-01.dmp 1/18/2021 4:47:33 PM MEMORY_MANAGEMENT 0x0000001a 00000000`00041790 fffffa80`05f02560 00000000`0000ffff 00000000`00000000 ntoskrnl.exe ntoskrnl.exe+93ba0 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.24384 (win7sp1_ldr_escrow.190220-1800) x64 ntoskrnl.exe+93ba0 C:\Windows\Minidump\011821-28875-01.dmp 4 15 7601 278,560 1/18/2021 4:48:36 PM so booted back into safe mode.. and got one set of windows explorer has stopped working and restarted messages but pc appears stable now. although stopped windows startup of malwarebytes it still popped up a dialog box after a few minutes after windows safe mode started advising that real time protection is turned off.. cancelled out of that.. second ah ha.. see now that malwarebytesis in the system tray.. quit it so gonna run the SFC scan from safe mode.. hope thats ok |
Hey
ran step 1 from safe mode: C:\Windows>sfc /scannow Beginning system scan. This process will take some time. Beginning verification phase of system scan. Verification 100% complete. Windows Resource Protection found corrupt files but was unable to fix some of them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log C:\Windows> https://filebin.net/ayxbgeuhaeuq7snv stopping here.. did not start step 2 Hans |
x64-based (64-bit) version of Windows 7 SP1
Did you uploaded this file? How is your PC behaving now? ------------------------------ Sorry,İ am going to bed now , good night |
Good evening,
didn't re-install the SP1 as thought was supposed to stop and not goto step 2 if SFC/windows resource protection scan found errors.. it already created a CBS folder should i go ahead with step 2 and do the dism commands and stuff and SP1? pc appears stable in safe mode.. no blue screens for a couple hrs now good night, hans |
Quote:
Have a nice day. |
hey olgun,
In post#30 the download in step 2 is referred to as: "x64-based (64-bit) version of Windows 7 SP1" but the link goes to a download for: System Update Readiness Tool for Windows 7 for x64-based Systems (KB947821) [October 2014] please advise thanks, Hans |
Hi Hans,
Thank you very much for the warning. Try this KB976932 download link for the 64-bit version of Service Pack 1. It is 903 MB in size. http://download.windowsupdate.com/ms...5b7a749dab.exe Not: Learn more; https://support.microsoft.com/en-us/...6-bab972897f61 Best regards. |
| All times are GMT +1. The time now is 04:37 AM. |
Copyright © Cyber Tech Help. All rights reserved. All other trademarks are the property of their respective owners.