Go Back   Cyber Tech Help Support Forums > Operating Systems > Windows 7

Notices

Windows 7 Problem solving for the Windows 7 Operating System. Please remember to state which edition of Windows 7 you are using - Starter, Home Basic, Home Premium, Professional, Enterprise or Ultimate.

Reply
 
Topic Tools
  #1  
Old January 6th, 2021, 11:37 PM
Han Solo Han Solo is offline
Senior Member
 
Join Date: Jun 2005
Posts: 134
Windows 7 BSOD

Hello,
I had come to this site years ago and got good help.. things were going ok til today. Computer was running fine, it was in sleep and hit space bar to wake it up as usual and it ran for a number a seconds then bsod. Rebooted it into safe mode and looked around.. said something about Explorer.. then tried to reboot again to full and it got past the manufacturer logo to the welcome screen then bsod. Now in safe mode again.. said something about Explorer not running again. The blue screen was only visible for like a second

Have Windows 7 Home Premium on a Dell Inspiron 620. I have saved the blue screen messages from safe mode dialog window as well as the dump files but don't see any way to attach them. I was not able to find the second file in the Temp folder


First blue screen:
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: f7
BCP1: 0000B880012991D5
BCP2: 0000F880012991D5
BCP3: FFFF077FFED66E2A
BCP4: 0000000000000000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\010621-24133-01.dmp
C:\Users\Hans\AppData\Local\Temp\WER-43009-0.sysdata.xml


Second:
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 50
BCP1: FFFFB8A0041941B0
BCP2: 0000000000000000
BCP3: FFFFF80001FDF120
BCP4: 0000000000000007
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\010621-23337-01.dmp
C:\Users\Hans\AppData\Local\Temp\WER-45302-0.sysdata.xml



Trying to figure out how to open the dump files.. seems complicated

Was looking at some previous related post and downloaded bluescreenview from Nirsoft and see 4 dump files from today..

Forth:
010621-23337-01.dmp 1/6/2021 3:19:38 PM PAGE_FAULT_IN_NONPAGED_AREA 0x00000050 ffffb8a0`041941b0 00000000`00000000 fffff800`01fdf120 00000000`00000007 ntoskrnl.exe ntoskrnl.exe+93ba0 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.24384 (win7sp1_ldr_escrow.190220-1800) x64 ntoskrnl.exe+93ba0 C:\Windows\Minidump\010621-23337-01.dmp 4 15 7601 278,504 1/6/2021 3:20:55 PM

Third:
010621-24133-01.dmp 1/6/2021 2:49:54 PM DRIVER_OVERRAN_STACK_BUFFER 0x000000f7 0000b880`012991d5 0000f880`012991d5 ffff077f`fed66e2a 00000000`00000000 Ntfs.sys Ntfs.sys+209da x64 ntoskrnl.exe+93ba0 C:\Windows\Minidump\010621-24133-01.dmp 4 15 7601 278,504 1/6/2021 2:50:57 PM

Second:
010621-19125-01.dmp 1/6/2021 2:48:15 PM MEMORY_MANAGEMENT 0x0000001a 00000000`00041790 fffffa80`05f02530 00000000`0000ffff 00000000`00000000 ntoskrnl.exe ntoskrnl.exe+93ba0 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.24384 (win7sp1_ldr_escrow.190220-1800) x64 ntoskrnl.exe+93ba0 C:\Windows\Minidump\010621-19125-01.dmp 4 15 7601 278,504 1/6/2021 2:49:29 PM

First:
010621-23306-01.dmp 1/6/2021 2:46:41 PM MEMORY_MANAGEMENT 0x0000001a 00000000`00041790 fffffa80`05f02530 00000000`0000ffff 00000000`00000000 ntoskrnl.exe ntoskrnl.exe+93ba0 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.24384 (win7sp1_ldr_escrow.190220-1800) x64 ntoskrnl.exe+93ba0 C:\Windows\Minidump\010621-23306-01.dmp 4 15 7601 278,560 1/6/2021 2:47:51 PM


each of the Dump files in the Nirsoft software has a preview pane of the files involved.. can try to provide that as well if needed.

I haven't installed any software lately.. not for several months that can recall.. maybe upgraded the Proton VPN software to latest. The only hardware upgrade done was upgrading from 4 to 8 gigs memory like 6 months ago.

I had bought an SSD a while back but never installed it because reluctant to to do the cloning and images because past bad experiences dealing with OS upgrades otherwise would have upgraded to Windows 10 long time ago. I found a guy locally who can do it and was planning on doing it like next month.. At a minimum would like to get computer to a state in which could do this upgrade.. From what i understand can't do it from Window 7 safe mode..

This looks serious. Please help
thank you, Hans
Reply With Quote
  #2  
Old January 9th, 2021, 05:02 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
Hello Han Solo,


This problem is probably related to your drivers or other hardware issues.


Let's take a look.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to the desktop.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to the desktop.

Please run it and click Scan, post back with the 2 logfiles.

Best regards.
Reply With Quote
  #3  
Old January 11th, 2021, 04:17 PM
Han Solo Han Solo is offline
Senior Member
 
Join Date: Jun 2005
Posts: 134
Hi olgun52, thank you for taking a look and helping me

here are the two files. I didn't click on any additional options


First:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-01-2021
Ran by Hans (administrator) on PC (Dell Inc. Inspiron 620) (11-01-2021 09:46:33)
Running from C:\Users\Hans\Desktop
Loaded Profiles: Hans
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <59>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Nir Sofer -> NirSoft) C:\Users\Hans\Downloads\New Downloads\Now\bluescreenview\BlueScreenView.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-29] (Unlimited Realities -> )
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-25] (Canon Inc. -> CANON INC.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc)
HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1519312 2017-06-25] (Open Source Developer, Phillip Gibbons -> Highresolution Enterprises)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions -> Sonic Solutions)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-04-29] () [File not signed]
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1213848 2010-09-14] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-11-17] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft, Inc. -> ArcSoft Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Symantec Corporation -> Dell, Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] (Sonic Solutions -> )
HKLM-x32\...\Run: [SilentCleanService] => C:\Program Files (x86)\iMobie\AnyTrans\${CHECK_RUNSERVICE_NAME}
HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-11-17] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [24283120 2020-01-23] (Plex, Inc. -> Plex, Inc.)
HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\Run: [ProtonVPN] => C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe [7452480 2020-10-06] (ProtonVPN AG -> )
HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_ 0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe)
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [24283120 2020-01-23] (Plex, Inc. -> Plex, Inc.)
HKLM\...\Windows x64\Print Processors\Canon MX880 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAN.DLL [30208 2012-03-14] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX880 series: C:\Windows\system32\CNCALAN.DLL [302080 2010-11-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX880 series: C:\Windows\system32\CNMLMAN.DLL [385024 2012-03-14] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\Canon BJNP Port: C:\Windows\system32\CNMN6PPM.DLL [328192 2010-09-08] (CANON INC.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\Insta ller\chrmstp.exe [2020-12-02] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Insta ller\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2020-05-03] (Adobe Inc. -> Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk [2012-04-01]
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2012-09-02]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia -> Secunia)
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0110782D-8874-4428-9253-0FC0001794D1} - System32\Tasks\NWC => C:\Program Files (x86)\ASCOMP Software\Synchredible\nwc.exe [332288 2014-09-30] () [File not signed]
Task: {0D0524A3-E68F-41E8-B8A2-324632A5A01A} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {49A214E5-828F-47E3-9685-505850C22A4B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [3545880 2013-04-23] (Piriform Ltd -> Piriform Ltd)
Task: {4F723766-9267-4A0F-9E80-D4E473128B8D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1491664 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {55C3090F-E86F-4E6C-A6B8-5D233BA03727} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {6E62607A-A35F-40C0-8F80-E2C36B212A02} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyb oardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2179792 2013-05-13] (Microsoft Corporation -> Microsoft)
Task: {6E8648CE-0E52-48D2-851F-17A79C334E78} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe
Task: {776D0E2E-4453-445C-9DAF-D36387F055DC} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe
Task: {77CCD346-000C-4879-AD86-4593016FA8D7} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2108624 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {7AC189AF-7198-46AE-AAC5-C9E80539CC24} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-12-19] (Google Inc -> Google Inc.)
Task: {8104CE8F-1675-47ED-85F8-1C7A7ABC903C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1491664 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {8331C3DD-5990-4F43-8B2C-2CB9B6765CA2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {A2080677-F342-4763-97C0-B18542DEE646} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_ 0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe)
Task: {B06D5F00-8C5D-4EF5-BD3B-97D1AF788933} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {B7B8E81D-307B-4C1F-9CF8-633D619CFA41} - System32\Tasks\{F4F46FA1-7FD6-4681-A330-8AD497C43C02} => C:\Windows\system32\pcalua.exe -a "C:\Users\Hans\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\5XOIFA2S\WBSP_IE_Setup.exe" -d C:\Users\Hans\Desktop
Task: {BEBA5329-B275-46AA-9B33-842800D3B30A} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_ exe => rundll32.exe url.dll,OpenURL http://go.microsoft.com/fwlink/?LinkID=230628
Task: {D788AB35-C928-481C-AE04-49F6A2E2CD42} - System32\Tasks\{FCEF3078-6348-4EF2-A133-EA5922813B83} => C:\Windows\system32\pcalua.exe -a C:\Users\Hans\Downloads\WBSP_IE_Setup.exe -d C:\Users\Hans\Desktop
Task: {DA526EE1-9119-49D3-A2EB-D46AC198046E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
Task: {DDD9C578-3B5F-4035-99FD-B3C48CC2126D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-12-19] (Google Inc -> Google Inc.)
Task: {E4F6B829-35D7-4354-9AA1-B10A7AC332F3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [569416 2016-02-23] (Apple Inc. -> Apple Inc.)
Task: {EC0AC83F-1CB1-4464-A104-888B1807169E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_ex e => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2108624 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {EEE16815-66A5-4908-BAEB-30D61334AE14} - System32\Tasks\{E22B9F1E-B872-4306-8F1C-2D709707F048} => C:\Windows\system32\pcalua.exe -a "C:\Users\Hans\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\MQ3KEK3B\PCHCInstallerPackage.ex e" -d C:\Users\Hans\Desktop
Task: {EEEAA326-2308-475C-99AF-BABE00811BD0} - System32\Tasks\{1D7851FC-923C-4BF0-9EF7-98C14DFD5E08} => C:\Windows\system32\pcalua.exe -a "C:\Users\Hans\Downloads\Shockwave_Installer_S lim 11.6.1.629.exe" -d C:\Users\Hans\Downloads
Task: {F15BA0EF-5B72-42B2-B343-928E8E85294F} - System32\Tasks\ProtonVPN Update => C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-10-06] (ProtonVPN AG -> )

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 09 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\..\Interfaces\{66647859-4A98-410D-A6EA-64B8B46ABB45}: [NameServer] 209.18.47.61,209.18.47.62
Tcpip\..\Interfaces\{7E5C2F57-B30D-4B48-80C9-D5628F55B906}: [DhcpNameServer] 10.80.0.1
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.0.1,-1]

FireFox:
========
FF ProfilePath: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Prof iles\mwg4kyqa.default [2020-04-12]
FF Extension: (HydraReader Class) - C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Prof iles\mwg4kyqa.default\Extensions\{37D4A353-C49B-8A56-4230-FE2A6C825946} [2014-11-06] [Legacy] [not signed]
FF Extension: (WOT) - C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Prof iles\mwg4kyqa.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-11-02] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_ 465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_ 465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2013-06-26] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.) [File not signed]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google Inc. -> Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN -> VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp .dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default [2021-01-11]
CHR DownloadDir: N:\
CHR StartupUrls: Default -> "hxxps://www.google.com/?gws_rd=ssl"
CHR DefaultSearchURL: Default -> hxxps://vortex.accuweather.com/adc2010/images/favicons/awx-2013-master.ico
CHR Extension: (Slides) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2017-10-17]
CHR Extension: (Sparta: War of Empires) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcokacflmihcgkgjofglkhobj kheeic [2016-01-16]
CHR Extension: (Docs) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2017-10-17]
CHR Extension: (Google Drive) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2020-10-30]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpb ikblnp [2021-01-10]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkop ceiche [2020-10-18]
CHR Extension: (YouTube) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2015-12-19]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddi lifddb [2020-12-24]
CHR Extension: (OneTab) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkd nihall [2020-09-21]
CHR Extension: (uBlock Origin) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjb keiagm [2021-01-11]
CHR Extension: (Google Search) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2015-12-19]
CHR Extension: (Tab Restore) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbndgjfafojhfndfgpcibceghe lbbnep [2018-02-04]
CHR Extension: (Session Buddy) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbc dcpbko [2020-05-13]
CHR Extension: (Recent History) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbmkfdfomhhlonpbnpiibloace mdhjjm [2019-12-23]
CHR Extension: (Sheets) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2017-10-17]
CHR Extension: (History Button) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofpnhmbgmmeaialapfddhbhfo ngoinh [2018-02-04]
CHR Extension: (2nd Toolbar Spacer) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplioachhfdbehddoehahffjbc feinid [2018-02-04]
CHR Extension: (Fair Ads) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagfkmknmijppikpcikmbbkdkh ggcmge [2017-05-29]
CHR Extension: (Google Docs Offline) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2020-11-27]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbi glidom [2020-12-25]
CHR Extension: (VPN Free - Betternet Unlimited VPN Proxy) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpo ekiipm [2020-10-18]
CHR Extension: (Hola Free VPN Proxy Unblocker - Best VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfb nlmeio [2021-01-06]
CHR Extension: (Toolbar Spacer) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\golladjmjodbefcoombodcdhim kmgemd [2018-02-04]
CHR Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcna nddlhb [2021-01-06]
CHR Extension: (Open in VLC™ media player) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihpiinojhnfhpdmmacgmpoonph himkaj [2021-01-01]
CHR Extension: (Recently Closed) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\khiocfdofmabcpofejbffpboco abcjib [2020-07-24]
CHR Extension: (Zoom for Google Chrome) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojik agldgd [2020-08-13]
CHR Extension: (Fair AdBlocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdh pknnjh [2020-10-18]
CHR Extension: (Extensions) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjcdccmhfohhffdhmleihkcge fgnghb [2020-05-13]
CHR Extension: (Oriental, NC Interactive Weather Rada...) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbkkhmpidoemedicppkhfklljp pccaan [2018-01-29]
CHR Extension: (Free VPN Proxy Unlimited VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mojliakllambnopeaalgddbiip ohdgol [2020-12-16]
CHR Extension: (Hotspot Shield Free VPN Proxy - Unlimited VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloa ajcffj [2020-10-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2019-10-14]
CHR Extension: (Weather Forecast) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofobaelkgcpicbdoabokjlnmdc bjellg [2020-06-13]
CHR Extension: (Bookmarks) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogpfecfneobbmjefimpeomoelo ahjmcm [2019-10-31]
CHR Extension: (AdBlocker Ultimate) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohahllgiabjaoigichmmfljhkc fikeof [2020-12-09]
CHR Extension: (TunnelBear VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookp fjihpa [2021-01-06]
CHR Extension: (Browsec VPN - Free VPN for Chrome) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdo dcjboh [2021-01-06]
CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofgbpoabipfcfjapgnbbjjaen ockbdp [2020-10-18]
CHR Extension: (uBlock Plus Adblocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofnbdifeelbaidfgpikinijek kjcicg [2018-02-06]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjp fogcam [2020-12-25]
CHR Extension: (VLC Video Downloader) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pggkpkppiimfmjhlnkdhaleiom ejgedd [2018-12-21]
CHR Extension: (Gmail) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2020-10-30]
CHR Extension: (Chrome Media Router) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2020-12-14]
CHR Profile: C:\Users\Hans\AppData\Local\Google\Chrome\User Data\System Profile [2019-05-24]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft, Inc. -> ArcSoft Inc.)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc. -> Apple Inc.)
S2 GenieTimelineService; C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimelineService.exe [671744 2016-12-18] (Genie9) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S2 NOBU; C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2823000 2010-08-25] (Symantec Corporation -> Dell, Inc.)
S2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [2136056 2020-01-23] (Plex, Inc. -> Plex, Inc.)
S3 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [99136 2020-10-06] (ProtonVPN AG -> )
S3 ProtonVPN Update Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-10-06] (ProtonVPN AG -> )
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1326176 2012-07-25] (Secunia -> Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [681056 2012-07-25] (Secunia -> Secunia)
S2 SftService; C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [1695040 2012-02-16] (Dell Inc -> SoftThinks SAS)
S2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [253912 2019-10-30] (Synology Inc. -> )
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292480 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
R3 busenum; C:\Windows\System32\DRIVERS\busenum.sys [55776 2012-08-03] (Synology Inc. -> Windows (R) Win 7 DDK provider)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 ProtonVPNSplitTunnel; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win7\ProtonVPN.SplitTun nelDriver.sys [22456 2020-08-19] (ProtonVPN AG -> Proton Technologies AG)
R3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [39864 2020-08-19] (ProtonVPN AG -> The OpenVPN Project)
R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2016-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [23200 2015-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
S3 MpKsl323b3910; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BFC668F6-368B-4AB5-8795-4CA4B6CACD86}\MpKslDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-11 09:46 - 2021-01-11 09:47 - 000028162 _____ C:\Users\Hans\Desktop\FRST.txt
2021-01-10 18:07 - 2021-01-10 18:07 - 002281472 _____ (Farbar) C:\Users\Hans\Desktop\FRST64.exe
2021-01-06 15:20 - 2021-01-06 15:20 - 000278504 _____ C:\Windows\Minidump\010621-23337-01.dmp
2021-01-06 14:50 - 2021-01-09 12:39 - 000097272 _____ C:\Windows\ntbtlog.txt
2021-01-06 14:50 - 2021-01-06 14:50 - 000278504 _____ C:\Windows\Minidump\010621-24133-01.dmp
2021-01-06 14:49 - 2021-01-06 14:49 - 000278504 _____ C:\Windows\Minidump\010621-19125-01.dmp
2021-01-06 14:47 - 2021-01-06 14:47 - 000278560 _____ C:\Windows\Minidump\010621-23306-01.dmp
2020-12-31 12:49 - 2020-12-31 12:49 - 000001194 _____ C:\Users\Public\Desktop\Synology Assistant.lnk
2020-12-31 12:49 - 2020-12-31 12:49 - 000001194 _____ C:\ProgramData\Desktop\Synology Assistant.lnk
2020-12-31 12:49 - 2020-12-31 12:49 - 000000000 ____D C:\ProgramData\Synology
2020-12-31 12:49 - 2020-12-31 12:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology
2020-12-31 11:46 - 2020-12-31 12:49 - 000000000 ____D C:\Program Files (x86)\Synology

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-11 09:46 - 2014-11-20 18:54 - 000000000 ____D C:\FRST
2021-01-11 09:44 - 2015-01-07 18:26 - 000000000 ____D C:\Users\Hans\Documents\New Stuff
2021-01-09 12:40 - 2009-07-14 00:13 - 000783424 _____ C:\Windows\system32\PerfStringBackup.INI
2021-01-09 12:40 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2021-01-06 15:20 - 2020-09-21 19:04 - 444147567 _____ C:\Windows\MEMORY.DMP
2021-01-06 15:20 - 2015-11-05 09:22 - 000000000 ____D C:\Windows\Minidump
2021-01-06 15:19 - 2012-09-12 15:47 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2021-01-06 15:19 - 2011-08-17 20:36 - 000000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2021-01-06 15:19 - 2011-08-17 20:36 - 000000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2021-01-06 15:18 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-01-06 15:05 - 2011-12-26 14:34 - 000000000 ____D C:\Users\Hans\AppData\Local\ElevatedDiagnostics
2021-01-06 02:04 - 2018-02-03 21:46 - 000000000 ____D C:\Users\Hans\AppData\Roaming\vlc
2021-01-03 20:21 - 2009-07-13 23:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-01-03 20:21 - 2009-07-13 23:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-01-02 18:58 - 2014-11-07 01:30 - 000000000 ____D C:\Users\Hans\Downloads\New Downloads
2020-12-31 12:18 - 2019-08-17 18:01 - 000000000 ____D C:\Users\Hans\AppData\Local\Plex Media Server
2020-12-24 17:44 - 2011-12-26 15:18 - 000000000 ____D C:\Users\Hans\AppData\Roaming\SoftGrid Client
2020-12-19 15:24 - 2011-12-26 10:20 - 000075248 _____ C:\Users\Hans\AppData\Local\GDIPFONTCACHEV1.DAT
2020-12-16 22:31 - 2009-07-14 00:08 - 000032634 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2020-12-13 08:22 - 2016-06-08 17:50 - 000002089 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories ========

2014-11-12 17:42 - 2014-11-12 17:42 - 000000272 _____ () C:\Users\Hans\AppData\Roaming\DECRYPT_INSTRUCTION. URL
2014-11-12 17:41 - 2014-11-12 17:41 - 000000272 _____ () C:\Users\Hans\AppData\Roaming\Microsoft\DECRYPT_IN STRUCTION.URL
2012-12-13 07:48 - 2019-12-15 17:14 - 000164864 _____ () C:\Users\Hans\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-12 17:39 - 2014-11-12 17:39 - 000000272 _____ () C:\Users\Hans\AppData\Local\DECRYPT_INSTRUCTION.UR L
2012-04-01 19:23 - 2012-04-01 19:23 - 000000022 _____ () C:\Users\Hans\AppData\Local\kodakpcd.ini
2012-01-09 11:17 - 2020-06-09 19:57 - 000007613 _____ () C:\Users\Hans\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-12-23 00:39
==================== End of FRST.txt ========================
Reply With Quote
  #4  
Old January 11th, 2021, 04:21 PM
Han Solo Han Solo is offline
Senior Member
 
Join Date: Jun 2005
Posts: 134
Second part 1:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-01-2021
Ran by Hans (11-01-2021 09:47:32)
Running from C:\Users\Hans\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-12-26 15:20:30)
Boot Mode: Safe Mode (with Networking)
================================================== ========


==================== Accounts: =============================

Administrator (S-1-5-21-4200521874-2590480824-2585516950-500 - Administrator - Disabled)
Guest (S-1-5-21-4200521874-2590480824-2585516950-501 - Limited - Enabled)
Hans (S-1-5-21-4200521874-2590480824-2585516950-1000 - Administrator - Enabled) => C:\Users\Hans
HomeGroupUser$ (S-1-5-21-4200521874-2590480824-2585516950-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.465 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
Adobe Shockwave Player 12.0 (HKLM-x32\...\{0099B484-C24C-4D5F-8167-B0F6DF196E72}) (Version: 12.0.3.133 - Adobe Systems, Inc)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
AnyTrans (HKLM-x32\...\AnyTrans) (Version: 5.4.0.0 - iMobie Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version: - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version: - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version: - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version: - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version: - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version: - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version: - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft)
Awesomium.NET Redistribution Module (HKLM-x32\...\{C34CAF35-6198-4EEB-970F-C61FC51D23BD}) (Version: 1.7.4.2 - ©2014 Awesomium Technologies LLC) Hidden
Bejeweled 2 Deluxe (HKLM-x32\...\WT089409) (Version: 2.2.0.95 - WildTangent) Hidden
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
Bing Rewards Client Installer (HKLM-x32\...\{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}) (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (HKLM-x32\...\WT089410) (Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bounce Symphony (HKLM-x32\...\WT089443) (Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (HKLM-x32\...\WT089411) (Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (HKLM-x32\...\WT089412) (Version: 2.2.0.95 - WildTangent) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - )
Canon MP Navigator EX 4.1 (HKLM-x32\...\MP Navigator EX 4.1) (Version: - )
Canon MX880 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series) (Version: - )
Canon MX880 series User Registration (HKLM-x32\...\Canon MX880 series User Registration) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
CCScore (HKLM-x32\...\{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Chuzzle Deluxe (HKLM-x32\...\WT089413) (Version: 2.2.0.95 - WildTangent) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.4.0 - Conexant)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Marketplace Webslice IE8 (HKLM-x32\...\{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}) (Version: 8.0 - Nextjump Inc)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{0D98F04D-11A1-4B64-A406-43292B9EEE90}) (Version: 1.5.0.130 - ArcSoft)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
Dell Stage (HKLM-x32\...\{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}) (Version: 1.5.201.0 - Fingertapps)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.52 - Dell)
Dell System Detect (HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\58d94f3ce2c27db0) (Version: 6.12.0.1 - Dell)
Dell VideoStage (HKLM-x32\...\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1719 - CyberLink Corp.) Hidden
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1719 - CyberLink Corp.)
Diner Dash 2 Restaurant Rescue (HKLM-x32\...\WT089414) (Version: 2.2.0.95 - WildTangent) Hidden
DirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) Hidden
Dora's World Adventure (HKLM-x32\...\WT089415) (Version: 2.2.0.95 - WildTangent) Hidden
Escape Whisper Valley (TM) (HKLM-x32\...\WT089434) (Version: 2.2.0.95 - WildTangent) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ESSBrwr (HKLM-x32\...\{643EAE81-920C-4931-9F0B-4B343B225CA6}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (HKLM-x32\...\{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}) (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (HKLM-x32\...\{42938595-0D83-404D-9F73-F8177FDD531A}) (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSgui (HKLM-x32\...\{91517631-A9F3-4B7C-B482-43E0068FD55A}) (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (HKLM-x32\...\{8E92D746-CD9F-4B90-9668-42B74C14F765}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPCD (HKLM-x32\...\{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPDock (HKLM-x32\...\{FCDB1C92-03C6-4C76-8625-371224256091}) (Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
ESSTOOLS (HKLM-x32\...\{8A502E38-29C9-49FA-BCFA-D727CA062589}) (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (HKLM-x32\...\{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}) (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
Farm Frenzy (HKLM-x32\...\WT089450) (Version: 2.2.0.95 - WildTangent) Hidden
FATE (HKLM-x32\...\WT089418) (Version: 2.2.0.95 - WildTangent) Hidden
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )
Final Drive Fury (HKLM-x32\...\WT089499) (Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (HKLM-x32\...\WT089444) (Version: 2.2.0.95 - WildTangent) Hidden
FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version: - Marek Jasinski)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - )
Hewlett-Packard ACLM.NET v1.1.0.0 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{4BB313CE-D3D1-424C-8823-15CF85B00B05}) (Version: 6.1.0.30 - Apple Inc.)
iExplorer (HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\262f11f6ff148a12) (Version: 4.0.4.0 - Macroplant LLC)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Internet Explorer (HKLM-x32\...\{AA31EA7B-7917-4000-949B-38E91F848A25}) (Version: 8 - Microsoft Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
Jewel Quest (HKLM-x32\...\WT089420) (Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (HKLM-x32\...\WT089422) (Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (HKLM-x32\...\{400C31E4-796F-4E86-8FDC-C3C4FACC6847}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.6.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.6.0 - )
Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company)
Luxor (HKLM-x32\...\WT089507) (Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Baseline Security Analyzer 2.2 (HKLM\...\{08C3441C-4FAF-48D3-A551-70DD6031734F}) (Version: 2.2.2170 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyHarmony (HKLM-x32\...\{2AD8F8A1-ECE5-4890-BCC2-B4396370A0D4}) (Version: 1.0.302 - Logitech)
Namco All-Stars PAC-MAN (HKLM-x32\...\WT089440) (Version: 2.2.0.95 - WildTangent) Hidden
netbrdg (HKLM-x32\...\{4537EA4B-F603-4181-89FB-2953FC695AB1}) (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
OfotoXMI (HKLM-x32\...\{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}) (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
Penguins! (HKLM-x32\...\WT089445) (Version: 2.2.0.95 - WildTangent) Hidden
PhotoShowExpress (HKLM-x32\...\{3250260C-7A95-4632-893B-89657EB5545B}) (Version: 2.0.063 - Sonic Solutions) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WT089452) (Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Plex Media Server (HKLM-x32\...\{13A1DA5E-AFBD-491D-95FD-70EFD98A5377}) (Version: 1.18.2309 - Plex, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{9b222a9c-d2a0-4c06-b687-014fb06a4313}) (Version: 1.18.5.2309 - Plex, Inc.)
Poker Superstars III (HKLM-x32\...\WT089426) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WT089508) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WT089433) (Version: 2.2.0.95 - WildTangent) Hidden
ProtonVPN (HKLM-x32\...\{074CACAD-CAB4-42A5-9C13-D1245FA9D6D6}) (Version: 1.17.4 - Proton Technologies AG) Hidden
ProtonVPN (HKLM-x32\...\ProtonVPN 1.17.4) (Version: 1.17.4 - Proton Technologies AG)
ProtonVPNTap (HKLM-x32\...\{BCB82CD9-F514-4F93-A6D9-F898494DC927}) (Version: 1.1.0 - Proton Technologies AG)
Q-Dir (HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\Q-Dir) (Version: - )
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
ReadySHARE Vault (HKLM-x32\...\ReadySHARE Vault) (Version: 7.0 - Genie9)
Resilio Sync (HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\Resilio Sync) (Version: 2.6.3 - Resilio, Inc.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.2 - Roxio) Hidden
Samantha Swift (HKLM-x32\...\WT089503) (Version: 2.2.0.95 - WildTangent) Hidden
Secunia PSI (3.0.0.3001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.3001 - Secunia)
SFR (HKLM-x32\...\{DB02F716-6275-42E9-B8D2-83BA2BF5100B}) (Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden
SHASTA (HKLM-x32\...\{605A4E39-613C-4A12-B56F-DEFBE6757237}) (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
skin0001 (HKLM-x32\...\{5316DFC9-CE99-4458-9AB3-E8726EDE0210}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (HKLM-x32\...\{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart View (HKLM-x32\...\{1800D8A5-F7B2-4C20-868E-1CF55CBBDF21}) (Version: 1.0.0.0 - Samsung )
Sonic CinePlayer Decoder Pack (HKLM-x32\...\{9A00EC4E-27E1-42C4-98DD-662F32AC8870}) (Version: 4.3.0 - Sonic Solutions) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
staticcr (HKLM-x32\...\{8943CE61-53BD-475E-90E1-A580869E98A2}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Stopping Plex (HKLM-x32\...\{72D77FDA-EFAC-4DA5-A67C-1A74319DCB6D}) (Version: 1.18.2309 - Plex, Inc.) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 8.5.26.0 - 2BrightSparks)
Synchredible (HKLM-x32\...\Synchredible_is1) (Version: 5.1.0.1 - ASCOMP Software GmbH)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: 6.2-24922 - Synology)
System Requirements Lab for Intel (HKLM-x32\...\{C71067FC-288F-4E0B-88C6-44DFDA8311E2}) (Version: 4.5.9.0 - Husdawg, LLC)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.14484 - TeamViewer)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WT089430) (Version: 2.2.0.95 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
VPRINTOL (HKLM-x32\...\{999D43F4-9709-4887-9B1A-83EBB15A8370}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
WatchSeries version 1.0 (HKLM-x32\...\{55F6C93F-F7A3-4B4F-898C-5D9DE013BA0E}_is1) (Version: 1.0 - WatchSeries)
WebSlingPlayer ActiveX (HKLM-x32\...\{D91CBC0D-D45B-4FE7-AF44-E2BDD302CD9F}) (Version: 1.5.7158 - Sling Media)
Wedding Dash - Ready, Aim, Love! (HKLM-x32\...\WT089446) (Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Dell Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell) (Version: 4.1.1.30 - WildTangent) Hidden
WildTangent ShortcutProvider (HKLM-x32\...\{80831F60-19D7-43B3-A60C-5CAF8C478DF6}) (Version: 4.5.0.160 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WIRELESS (HKLM-x32\...\{F9593CFB-D836-49BC-BFF1-0E669A411D9F}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
WOT for Internet Explorer (HKLM\...\{DCAEC601-735C-41AE-B84F-D792F09FB7D1}) (Version: 12.8.2.0 - WOT Services Oy)
X-Mouse Button Control 2.16.1 (HKLM-x32\...\X-Mouse Button Control) (Version: 2.16.1 - Highresolution Enterprises)
XYplorerFree 17.40 (HKLM-x32\...\XYplorerFree) (Version: 17.40 - Donald Lessau, Cologne Code Company)
Zuma Deluxe (HKLM-x32\...\WT089448) (Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Hans\AppData\Local\Microsoft\SkyDrive\17. 0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Hans\AppData\Local\Microsoft\SkyDrive\17. 0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Hans\AppData\Local\Microsoft\SkyDrive\17. 0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Hans\AppData\Local\Microsoft\SkyDrive\17. 0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Hans\AppData\Local\Microsoft\SkyDrive\17. 0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation -> Microsoft Corporation)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll (Microsoft Windows -> Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWow64\webcheck.dll (Microsoft Windows -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ !Resilio Sync 2.6.3Done] -> {581FFA04-FC33-0003-0602-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_53C.dll [2019-04-06] () [File not signed]
ShellIconOverlayIdentifiers: [ !Resilio Sync 2.6.3RO] -> {581FFA03-FC33-0003-0602-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_53C.dll [2019-04-06] () [File not signed]
ShellIconOverlayIdentifiers: [ !Resilio Sync 2.6.3RW] -> {581FFA02-FC33-0003-0602-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_53C.dll [2019-04-06] () [File not signed]
ShellIconOverlayIdentifiers: [0GenieTimeLine-BackedUp] -> {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers-x32: [ !Resilio Sync 2.6.3Done] -> {581FFA04-FC33-0003-0602-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_53C.dll [2019-04-06] () [File not signed]
ShellIconOverlayIdentifiers-x32: [ !Resilio Sync 2.6.3RO] -> {581FFA03-FC33-0003-0602-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_53C.dll [2019-04-06] () [File not signed]
ShellIconOverlayIdentifiers-x32: [ !Resilio Sync 2.6.3RW] -> {581FFA02-FC33-0003-0602-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_53C.dll [2019-04-06] () [File not signed]
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-BackedUp] -> {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2016-11-17] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [Roxio Burn] -> {E8CB9D53-A47A-42B5-9F5B-96B037C9DD4C} => C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll [2010-11-10] (Sonic Solutions -> TODO: <Company name>)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers2: [Genie-Soft Timeline Backup Context Menu Extension] -> {D821600B-0B5D-4D7E-B1CC-034C652E8288} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineContextMenu.gtl [2016-12-18] (Genie9) [File not signed]
ContextMenuHandlers3: [Genie-Soft Timeline Backup Context Menu Extension] -> {D821600B-0B5D-4D7E-B1CC-034C652E8288} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineContextMenu.gtl [2016-12-18] (Genie9) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Fi lter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\Hans\Desktop\Oriental Weather.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=mbkkhmpidoemedicppkhfklljppccaan
ShortcutWithArgument: C:\Users\Hans\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Chrome Apps\Oriental, NC Interactive Weather Rada.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=mbkkhmpidoemedicppkhfklljppccaan
ShortcutWithArgument: C:\Users\Hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Oriental Weather.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=mbkkhmpidoemedicppkhfklljppccaan

==================== Loaded Modules (Whitelisted) =============

2020-03-05 17:07 - 2016-12-18 07:38 - 000741376 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSBackupManager.gtl
2020-03-05 17:07 - 2016-12-13 05:19 - 000089600 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSEncryption.gtl
2020-03-05 17:07 - 2016-12-18 07:38 - 000491520 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSIndexDB.gtl
2020-03-05 17:07 - 2016-12-13 05:19 - 000058368 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSLibrariesManager.gtl
2020-03-05 17:07 - 2016-12-13 05:18 - 000045568 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogging.gtl
2020-03-05 17:07 - 2016-12-18 07:38 - 000054784 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogManager.gtl
2020-03-05 17:07 - 2016-12-18 07:38 - 000163328 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl
2020-03-05 17:07 - 2016-12-18 07:38 - 000371200 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSWatcher4.gtl
2020-03-05 17:07 - 2016-12-18 07:38 - 000332800 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\OnlineHandler.gtl
2013-02-03 04:21 - 2013-02-03 04:21 - 000045056 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\pcre.dll
2013-02-03 04:21 - 2013-02-03 04:21 - 000097792 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\pcrebase.dll
2020-03-05 17:07 - 2016-12-18 07:38 - 000087552 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\QueueManager.gtl
2020-03-05 17:07 - 2013-02-03 06:40 - 000011264 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\RWLock.gtl
2020-03-05 17:07 - 2016-12-18 07:38 - 000211968 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\Settings.gtl
2020-03-05 17:07 - 2012-02-02 04:16 - 000740864 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\sqlite3.gtl
2020-03-05 17:07 - 2013-02-03 06:40 - 000010752 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\VSSEngine_Proxy.gtl
2019-04-06 21:33 - 2019-04-06 21:33 - 000542208 _____ () [File not signed] C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_53C.dll
2019-04-06 21:33 - 2019-04-06 21:33 - 000480768 _____ () [File not signed] C:\ProgramData\Resilio Sync\ShellExtensionOverlay86_53C.dll
2020-03-05 17:07 - 2015-05-26 04:42 - 000491520 _____ (Artpol Software) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSZipEng.gtl
2012-01-10 12:10 - 2010-09-10 14:57 - 000023040 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Solution Menu EX\LangInfo\EN\CNSELANG.dll
2020-03-05 17:07 - 2016-12-18 07:38 - 000094720 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSCopy.gtl
2020-03-05 17:07 - 2016-12-18 07:38 - 000098816 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineContextMenu.gtl
2020-03-05 17:07 - 2016-12-18 07:38 - 000637952 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineNSE.gtl
2020-03-05 17:07 - 2016-12-13 07:44 - 001504256 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineShellRes.gtl
2011-12-28 00:01 - 2011-12-28 00:01 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a 1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80 U.DLL
2011-12-28 00:01 - 2011-12-28 00:01 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3 b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MF C80ENU.DLL
2020-03-05 17:07 - 2012-02-02 04:16 - 001558016 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\libeay32.gtl

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Opt ion => "OptionValue"="2"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKLM-x32 -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> )
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2011-10-15] (Canon Inc. -> CANON INC.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> )
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> )
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2011-10-15] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> )
Toolbar: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> )
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: HKLM-x32 {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc. -> Belarc, Inc.)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> )
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> )

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7721 more sites.

IE trusted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\1-2005-search.com -> www.1-2005-search.com

There are 12539 more sites.
Reply With Quote
  #5  
Old January 11th, 2021, 04:22 PM
Han Solo Han Solo is offline
Senior Member
 
Join Date: Jun 2005
Posts: 134
Second part 2:

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2012-08-19 20:29 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoo t%\system32\wbem;%SYSTEMROOT%\System32\WindowsPowe rShell\v1.0;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\DLLShared;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\DLLShared;C:\Program Files (x86)\Roxio\OEM\AudioCore;C:\Program Files (x86)\QuickTime\QTSystem;%systemroot%\System32\Win dowsPowerShell\v1.0\;%systemroot%\System32\Windows PowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\
HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Th emes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{673BAE18-6223-454E-8C96-A404DC8391FF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1C205064-3431-405D-A20E-976D1F578CF1}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{0CB602E4-73BC-4E67-8793-99A5073FAD29}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{06CB4B9E-165D-4EA8-A94F-886C09AC01F5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{1ED14FE4-B8CF-4A9C-BDEF-2C477BE6B492}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{A6CEA8AA-5396-488D-B1AD-A2DBCE4130D8}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [TCP Query User{80D10834-2555-4921-A011-9BD86B64361F}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{07E6E5AE-22BE-4DF1-A9F3-C8D24A76381B}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{559A8DCE-8B1D-4FA1-842E-4A6054CA33D5}] => (Allow) C:\Users\Hans\AppData\Local\Microsoft\SkyDrive\Sky Drive.exe => No File
FirewallRules: [{56EA8C79-82B6-466B-84F9-58DC74CFBDEB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{784800E0-76E8-49F9-97EC-2A11D051857A}] => (Allow) LPort=2869
FirewallRules: [{BADCDFE7-9F62-44B2-A289-DD48C4575314}] => (Allow) LPort=1900
FirewallRules: [{21B926DC-87BC-43BB-8E63-B45D2E591000}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{5FEE0B98-2EEE-4164-B27E-5E8345712187}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{F167EFD9-0D2B-423E-AF94-92F284AE0B9C}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{684394E7-EA52-4B35-925A-8623013DC1E4}C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe => No File
FirewallRules: [UDP Query User{41DA95D7-A999-4945-8E1C-72BF6A147B78}C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe => No File
FirewallRules: [TCP Query User{DC70B0E8-B491-4E28-A717-821F5018286D}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{0B4CF4E2-8E00-41C0-B754-8FC5D3AAC65D}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{573A03D1-54F0-4018-A65A-B725D9066CDD}] => (Allow) C:\Windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{82B9417A-EE6F-4DEB-A7F3-6D1976BCF2F5}] => (Allow) C:\Windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{78115ACF-B1B1-4568-9A6D-C6E92FF58F14}] => (Allow) C:\Windows\SysWOW64\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{FB66895A-C0D4-43C5-8876-827293C7AB6F}] => (Allow) C:\Windows\SysWOW64\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{2A65CE14-3731-406C-8473-13AC8646D02C}C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe => No File
FirewallRules: [UDP Query User{F338DE2E-04AD-4594-9CD1-123AED2AD808}C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe => No File
FirewallRules: [TCP Query User{0E05BE06-51C6-43B3-B1F1-AFE4BF42BF19}C:\windows\syswow64\explorer.exe] => (Allow) C:\windows\syswow64\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{119CF0E3-DE7C-4C94-AAA9-B056D38D4581}C:\windows\syswow64\explorer.exe] => (Allow) C:\windows\syswow64\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{CE46814A-1516-4E06-B8C3-D663FEEBC10F}C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe => No File
FirewallRules: [UDP Query User{641D4311-0D04-44DC-BE58-A5E229FF4075}C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe => No File
FirewallRules: [{92C8FB58-CB64-4DFB-BD3F-96F1A08855C6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DF33EF06-3E91-4442-82CA-45C02D012CCC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D5DC4BE5-0698-469D-853A-E412000D9AEB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E6B8C4CA-3985-492D-9129-AC326448373C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2703FD34-D72D-4B4F-9DC9-CFCC5D36690B}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{DE4BB905-1F70-4EBB-9F53-46CD1476D813}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe () [File not signed]
FirewallRules: [UDP Query User{BFD561A2-BE79-4718-80AA-B8DFE0ADBD9F}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe () [File not signed]
FirewallRules: [TCP Query User{0CDAD4C7-83B9-4124-958E-DA0A24199B10}C:\program files (x86)\smart view\smart view.exe] => (Block) C:\program files (x86)\smart view\smart view.exe () [File not signed]
FirewallRules: [UDP Query User{4D3DB4CB-9C93-41F2-A5FD-3E776F60DE57}C:\program files (x86)\smart view\smart view.exe] => (Block) C:\program files (x86)\smart view\smart view.exe () [File not signed]
FirewallRules: [TCP Query User{6D7930DA-F279-4584-8962-B479F7E86994}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{EC43C18E-7120-43AD-BACE-FD874FB4C638}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{57AAB2EB-82D0-4FC3-867A-5DAE6C9F82A3}] => (Allow) C:\Users\Hans\AppData\Roaming\Resilio Sync\Resilio Sync.exe (Resilio, Inc -> Resilio, Inc.)
FirewallRules: [{865DCC19-005A-477F-85B7-DC884EC1A3E7}] => (Allow) C:\Users\Hans\AppData\Roaming\Resilio Sync\Resilio Sync.exe (Resilio, Inc -> Resilio, Inc.)
FirewallRules: [{A31116D1-A8F6-46D2-8C06-A9E3FC458024}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{8CD20C05-A030-4A57-8B0E-75FC3C274C7E}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Plex, Inc. -> Python Software Foundation)
FirewallRules: [{5C907A8D-92B0-4A12-95FD-3A5EAEA93ED8}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{4FFB93F8-98D6-45F1-A0A6-B722E625EEAA}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe (Plex, Inc. -> )
FirewallRules: [{28FA5DFA-202C-4B75-99B5-6C370DF1B9D1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{5F4701F9-1D45-451F-9263-E5FBC59F92FC}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe (Synology Inc. -> )
FirewallRules: [UDP Query User{2C34CC31-EDF1-4EC8-BC81-C3BB19CF2917}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe (Synology Inc. -> )
FirewallRules: [{8374C504-754C-4211-9E9C-008F03A1757A}] => (Block) C:\program files (x86)\synology\assistant\dsassistant.exe (Synology Inc. -> )
FirewallRules: [{5F5D77F1-7A52-443A-AE3D-78ABE7822EDA}] => (Block) C:\program files (x86)\synology\assistant\dsassistant.exe (Synology Inc. -> )

==================== Restore Points =========================

26-12-2020 00:32:32 Windows Update
29-12-2020 12:47:18 Windows Update
31-12-2020 11:47:40 Device Driver Package Install: Synology Universal Serial Bus controllers
01-01-2021 18:32:54 Windows Update
05-01-2021 10:18:47 Windows Update

==================== Faulty Device Manager Devices ============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (01/06/2021 03:22:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/06/2021 03:12:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.23537, time stamp: 0x57c44efe
Faulting module name: ntshrui.dll, version: 6.1.7601.17755, time stamp: 0x4f042c6c
Exception code: 0xc0000005
Fault offset: 0x00000000000266f0
Faulting process id: 0xc78
Faulting application start time: 0x01d6e466ce1faf90
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\system32\ntshrui.dll
Report Id: 730a727f-505b-11eb-abc8-f04da2fb7194

Error: (01/06/2021 03:01:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.23537, time stamp: 0x57c44efe
Faulting module name: NetworkExplorer.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c89d
Exception code: 0xc0000005
Fault offset: 0x00000000000766f0
Faulting process id: 0x780
Faulting application start time: 0x01d6e465816464a8
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\system32\NetworkExplorer.dll
Report Id: 080a8e82-505a-11eb-abc8-f04da2fb7194

Error: (01/06/2021 03:00:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: notepad.exe, version: 6.1.7601.18917, time stamp: 0x559ea8be
Faulting module name: mssvp.dll_unloaded, version: 0.0.0.0, time stamp: 0x4dc0e0c9
Exception code: 0xc0000005
Fault offset: 0x000007fef1ae66f0
Faulting process id: 0xd70
Faulting application start time: 0x01d6e46653a09f37
Faulting application path: C:\Windows\system32\notepad.exe
Faulting module path: mssvp.dll
Report Id: e1f228bf-5059-11eb-abc8-f04da2fb7194

Error: (01/06/2021 02:52:31 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/06/2021 02:51:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.23537, time stamp: 0x57c44efe
Faulting module name: mscoreei.dll, version: 4.8.4018.0, time stamp: 0x5d4a657e
Exception code: 0xc0000005
Fault offset: 0x000000000000adc4
Faulting process id: 0x510
Faulting application start time: 0x01d6e46547cc5947
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ms coreei.dll
Report Id: 96ef3c6a-5058-11eb-abc8-f04da2fb7194

Error: (01/06/2021 02:09:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18189

Error: (01/06/2021 02:09:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18189


System errors:
=============
Error: (01/11/2021 09:45:36 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server:
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (01/11/2021 01:28:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/11/2021 01:28:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/11/2021 01:28:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/10/2021 07:34:30 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (01/10/2021 05:59:03 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/10/2021 05:57:17 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/10/2021 03:33:01 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.329.1933.0

Update Source: Microsoft Update Server

Update Stage: Search

Source Path: Default URL

Signature Type: AntiVirus

Update Type: Full

User: NT AUTHORITY\SYSTEM

Current Engine Version:

Previous Engine Version: 1.1.17700.4

Error code: 0x8007043c

Error description: This service cannot be started in Safe Mode


Windows Defender:
===================================
Date: 2014-11-09 17:43:27.405
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{400753C1-16D6-4256-804A-A82D48987A40}
Scan Type:AntiSpyware
Scan Parameters:Full Scan

Date: 2014-11-09 10:08:00.033
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{76775AE8-FD8D-4535-9B6C-C8BDF3A9EACF}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2012-08-11 21:41:01.835
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{C0A97D8E-B54F-4615-AAC7-E7E2603BBE60}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2012-01-15 11:37:16.215
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?link...threatid=13052
Name:RemoteAccess:Win32/TightVNC
ID:13052
Severity:Medium
Category:Remote Control Software
Path Found:containerfile:C:\Users\Hans\Documents\Downlo ads\Uninstalled\crossloopsetup v2-20.exe;containerfile:C:\Users\Hans\Downloads\My Documents\Downloads\Uninstalled\crossloopsetup v2-20.exe;file:C:\Users\Hans\Documents\Downloads\Unin stalled\crossloopsetup v2-20.exe->(inno#000056);file:C:\Users\Hans\Documents\Downlo ads\Uninstalled\crossloopsetup v2-20.exe->(inno#000057);file:C:\Users\Hans\Downloads\My Documents\Downloads\Uninstalled\crossloopsetup v2-20.exe->(inno#000056);file:C:\Users\Hans\Downloads\My Documents\Downloads\Uninstalled\crossloopsetup v2-20.exe->(inno#000057)
Detection Type:Concrete
Detection Source:User
Status:Unknown
Process Name:C:\Program Files\Windows Defender\MSASCui.exe

CodeIntegrity:
===================================

Date: 2016-12-19 19:59:05.519
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-19 19:59:05.456
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-19 19:58:43.652
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-19 19:58:43.589
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-19 19:58:41.733
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-19 19:58:41.668
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-19 19:57:57.274
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-19 19:57:57.211
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: Dell Inc. A00 04/12/2011
Motherboard: Dell Inc. 0GDG8Y
Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 78%
Total physical RAM: 8104.63 MB
Available physical RAM: 1733.03 MB
Total Virtual: 16207.4 MB
Available Virtual: 8764.78 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:450.91 GB) (Free:37.37 GB) NTFS
Drive f: (USB20FD) (Removable) (Total:30.44 GB) (Free:15.4 GB) FAT32
Drive h: (Windows) (Network) (Total:222.33 GB) (Free:72.69 GB) NTFS

\\?\Volume{b2abe718-c944-11e0-9762-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:14.81 GB) (Free:6.19 GB) NTFS

==================== MBR & Partition Table ====================

================================================== ========
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 626C198E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450.9 GB) - (Type=07 NTFS)

================================================== ========
Disk: 2 (MBR Code: Windows XP) (Size: 30.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=30.5 GB) - (Type=0C)

==================== End of Addition.txt =======================
Reply With Quote
  #6  
Old January 11th, 2021, 07:36 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
Hi again Han Solo,


I see many errors in your logs. One of these errors may be the cause of your problem.Let's use windows repair software first and then look for solutions to these errors.Finally, we will do a small wipe clean.I hope everything will be fine.


Follow the instructions below please.


Repair these services.

Please run on Safe Mode with Networking. Execute the following.

Please Download Tweaking.com - Windows Repair from Here
  • Install and then run the program
  • Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click Repairs - Open Repairs in the bottom right corner
  • Uncheck the All repair button then select just the item(s) listed below
    Quote:
  • 01 - Repair Registry Permissions
  • 03 - Reset Service permissions
  • 04 - Register System Files
  • 05 - Repair WMI
  • 10 - Remove Policies Set By Infections
  • 20 - Repair MSI (Windows Installer)
  • 25 - Restore Important Windows Services
  • 26 - Set Windows Service to Default Startup
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply. Or you can find the repair report at the address below.
C:\Program Files (x86)\Tweaking.com\Windows Repair \Logs
  • Copy and paste (or attach if necessary) the contents of the log in your reply



===

Restart the computer normally. How is the computer running now?


Regards

Last edited by olgun52; January 11th, 2021 at 08:36 PM.
Reply With Quote
  #7  
Old January 12th, 2021, 11:03 PM
Han Solo Han Solo is offline
Senior Member
 
Join Date: Jun 2005
Posts: 134
Hello Olgun52,

I'm trying to do it now.. followed the instructions and closed all open files/programs down before installing the Windows Repair software in safe mode with networking.. but got an error splash screen when starting up the program.. The Startup Check says problems found with needed files in program folder.. It looks like 1 file is either not found or corrupted:

MD4 Hash Doesn't Match: Files\regfiles\xp\WinSock2.reg
(Expected MD4: 5567B7B15D4C88E5A58C01D2D7C4557F)
(Returned MD4: 5CDD326B5F150FF3183E9605174708C5)

It says to reinstall the program to make sure the files are correct and present..

So i reinstalled (without uninstalling the first attempted installation) and got the same result. I'm gonna uninstall the program and reboot the computer back into safe mode and try to install it again.

Looked and found the file in question exists: Winsock2.reg
Date Modified: 5/12/2015 2:44 AM
Date Created: 5/19/2018 10:08 PM
Size: 80.1KB

Hans
Reply With Quote
  #8  
Old January 13th, 2021, 01:03 AM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
Hi Hans,


Let's try doing it like this.

Start a type cmd.
Open cmd as administrator. Copy and paste the following command (Ctrl + C and Ctrl + V)


bitsadmin / reset / allusers

Then copy and paste the following command.


net user administrator / active: yes

and


Type exit and Enter.
Now run windows repair software again please ..

If it still fails, enter the Cmd prompt as administrator. And copy and paste the following command.


sfc / scannow

Enter

Wait for the processes to finish.

Is everything okay ? Check it out please.
Reply With Quote
  #9  
Old January 14th, 2021, 04:26 AM
Han Solo Han Solo is offline
Senior Member
 
Join Date: Jun 2005
Posts: 134
Hey

Got it to run by uninstalling the software and rebooting back to safe mode and reinstalling.

Did a registry backup and see it in the drop down menu when in the restore registry part. Also created a restore point in the program but do not see it when open system restore (but do see a restore point from last week)..

See message in backup section of not repairing without backup

Computer is not properly backed up.. it was on my to do list.. about half is backed up to date while the other half is a mess.. thinking should work on that quick

Hans
Reply With Quote
  #10  
Old January 14th, 2021, 03:18 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
Hi Han Solo

Step 1:

Have you seen my message number 8 ?. Apply my number 8 message first. Then run step 2.

Step 2:


I see You have MBAM installed on the computer - that is great!! it is a very good program! However it is an old version..Uninstall that software and follow the instruction below.

Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Have a nice day.
Reply With Quote
  #11  
Old January 16th, 2021, 02:20 AM
Han Solo Han Solo is offline
Senior Member
 
Join Date: Jun 2005
Posts: 134
Hi Olgun52

Just want to give you an update.. Ugh.. been a bad couple of days.. Needed to print a pdf file off the pc yesterday and couldnt get it to print from safe mode or the usb port on printer. Got another pc to hook up to printer and inadvertanty shut off the powerstrip. Restarted and f8 to get to safe mode and got distracted and missed to select option in time and pc ran checkdisk and booted to full windows.. which couldn't do before but..

Windows ran ok except windows explorer messages advising it stopped working and restart when changing programs in taskbar and sometimes randomly. Printed file and did some backup and today rebooted back to safe mode to finish back up and follow your instructions but windows explorer wouldnt start and got a blank screen with "safe mode" displayed in corners of screen and no taskbar but task manager would work.

Rebooted again but pc got stuck booting into safe mode at screen where it shows files that its loading. Waited like half hr and did hard reset and f8 and let it run checkdisk again and booted it to safe mode but windows explorer was stopping and starting almost constantly making pc unusable.

Couldnt shut down properly so had to do hard reset again and let it load to full windows and didnt get windows explorer messages anymore but programs didnt function properly.. they may open and load but become unresponsive if open at all. Windows itself looked normal but didnt respond when trying to do windows stuff.. basically it didn't work but was able to eventually shut it down properly.

I'm sorry that I made things worse by trying to back stuff up before doing your steps.. thought it was prudent given the message to do so in tweaking windows repair.. half of the pc was backed up good, the other half was a mess.. should have just done the steps.

On plus side have three dell windows 7 system recovery disks as well as a windows 7 repair disk that I made when got pc.. maybe those can help..

Hans

PS Did the reboot thing to install tweaking windows repair without error before you posted message #8
Reply With Quote
  #12  
Old January 16th, 2021, 04:05 AM
Han Solo Han Solo is offline
Senior Member
 
Join Date: Jun 2005
Posts: 134
spoke too soon.. been logging off for over an hr and a half
Reply With Quote
  #13  
Old January 16th, 2021, 06:40 AM
Han Solo Han Solo is offline
Senior Member
 
Join Date: Jun 2005
Posts: 134
hey,

pc was still logging off a couple hrs later so did another hard reset and booted back into safe mode and it seems to be running ok now.. not doing the windows explorer stopping and starting thing anymore.. etc..

should i finish backing up first (may take a bit to sort through the remaining mess) or do you want me to skip that and do the steps outlined starting with first part of message #8 even though got the tweaking windows repair to startup properly?
Reply With Quote
  #14  
Old January 16th, 2021, 12:55 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
Hi Hans,

Quote:
On plus side have three dell windows 7 system recovery disks as well as a windows 7 repair disk that I made when got pc.. maybe those can help.

should i finish backing up first (may take a bit to sort through the remaining mess) or do you want me to skip that and do the steps outlined starting with first part of message #8 even though got the tweaking windows repair to startup properly?

After that, it would be more appropriate to do as follows.
We can repair it with your dell windows 7 system recovery discs.

Let's do it like this;

Windows 7 System Repair Disc Run:

You can now boot from this disc to access System Recovery Options, the set of system recovery tools available for the Windows 7 operating system.

As with a Windows 7 installation disc, you'll need to watch for a for a Press any key to boot from CD or DVD message on screen, right after your computer turns on or restarts with the System Repair Disc inserted.
---------------------
How to Boot From a CD, DVD

1- Change the boot order in BIOS so the CD, DVD, or BD drive is listed first. Some computers are already configured this way but many are not.

If the optical drive is not first in the boot order, your PC will start "normally" (i.e., it'll boot from your hard drive) without even looking at what might be in your disc drive.
Please set it to start from dell windows 7 system recovery disc.

After setting your optical drive as the first boot device in BIOS, your computer will check that drive for a bootable disc each time your computer starts. Leaving your PC configured this way shouldn't cause problems unless you plan on leaving a disc in the drive all the time.
2-Have all your programs closed.Insert the CD, DVD, or BD into your disc drive.
3-Restart your computer—either properly from within Windows or via your reset or power button if you're still in the BIOS menu.
4-Watch for a Press any key to boot from CD or DVD... message.

When booting from a Windows setup disc, and occasionally other bootable discs as well, you may be prompted with a message to press a key to boot from the disc. For the disc boot to be successful, you'll need to do this during the few seconds that the message is on the screen.

If you do nothing, your computer will check for boot information on the next boot device in the list in BIOS , which will probably be your hard drive.

Most bootable discs don't prompt for a keypress and will start immediately.
5-Your computer should now boot from the CD, DVD, or BD disc and the software stored on it will begin.

6-Now watch the process carefully. Make a repair. If everything goes well after restarting the system, send clear Farbar logs.


Have a nice weekend.
Reply With Quote
  #15  
Old January 16th, 2021, 05:02 PM
Han Solo Han Solo is offline
Senior Member
 
Join Date: Jun 2005
Posts: 134
Good morning Olgun,

Ok, so booted to the single windows 7 repair disk and selected the "startup repair" option. It completed pretty fast.. and all of the tests were successful.. looked at the diagnosis and repair details and wrote some of it down:

Number of root causes = 1
Root cause found = system volume on disk corrupt
Repair action: file system repair - chkdsk
Result: completed successfully

clicked finished and system rebooted and it ran chkdsk.. it did a bunch more than when chkdsk ran yesterday like deleting a bunch of index entries and other stuff..

Here's the farbar logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-01-2021
Ran by Hans (administrator) on PC (Dell Inc. Inspiron 620) (16-01-2021 09:46:20)
Running from C:\Users\Hans\Desktop
Loaded Profiles: Hans
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Dell Inc -> ) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Dell Inc -> SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Dell Inc -> SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Dell Inc -> SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
(Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimeLineAgent.exe
(Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimelineService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <21>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.e xe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64 .exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Open Source Developer, Phillip Gibbons -> Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
(Plex, Inc. -> ) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
(Plex, Inc. -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Plex, Inc. -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(Plex, Inc. -> Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe <3>
(ProtonVPN AG -> ) C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe
(ProtonVPN AG -> ) C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe
(ProtonVPN AG -> ) C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe
(ProtonVPN AG -> The OpenVPN Project) C:\Program Files (x86)\Proton Technologies\ProtonVPN\Resources\64-bit\openvpn.exe
(Secunia -> Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Secunia -> Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia -> Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Sonic Solutions -> ) C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
(Sonic Solutions -> ) C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Symantec Corporation -> Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Synology Inc. -> ) C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(TeamViewer -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-29] (Unlimited Realities -> )
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-25] (Canon Inc. -> CANON INC.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc)
HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1519312 2017-06-25] (Open Source Developer, Phillip Gibbons -> Highresolution Enterprises)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions -> Sonic Solutions)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-04-29] () [File not signed]
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1213848 2010-09-14] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-11-17] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft, Inc. -> ArcSoft Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Symantec Corporation -> Dell, Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] (Sonic Solutions -> )
HKLM-x32\...\Run: [SilentCleanService] => C:\Program Files (x86)\iMobie\AnyTrans\${CHECK_RUNSERVICE_NAME}
HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-11-17] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [24283120 2020-01-23] (Plex, Inc. -> Plex, Inc.)
HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\Run: [ProtonVPN] => C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe [7452480 2020-10-06] (ProtonVPN AG -> )
HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_ 0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe)
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [24283120 2020-01-23] (Plex, Inc. -> Plex, Inc.)
HKLM\...\Windows x64\Print Processors\Canon MX880 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAN.DLL [30208 2012-03-14] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX880 series: C:\Windows\system32\CNCALAN.DLL [302080 2010-11-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX880 series: C:\Windows\system32\CNMLMAN.DLL [385024 2012-03-14] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\Canon BJNP Port: C:\Windows\system32\CNMN6PPM.DLL [328192 2010-09-08] (CANON INC.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Inst aller\chrmstp.exe [2021-01-14] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Insta ller\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2020-05-03] (Adobe Inc. -> Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk [2012-04-01]
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2012-09-02]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia -> Secunia)
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0110782D-8874-4428-9253-0FC0001794D1} - System32\Tasks\NWC => C:\Program Files (x86)\ASCOMP Software\Synchredible\nwc.exe [332288 2014-09-30] () [File not signed]
Task: {0D0524A3-E68F-41E8-B8A2-324632A5A01A} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {49A214E5-828F-47E3-9685-505850C22A4B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [3545880 2013-04-23] (Piriform Ltd -> Piriform Ltd)
Task: {4F723766-9267-4A0F-9E80-D4E473128B8D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1491664 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {55C3090F-E86F-4E6C-A6B8-5D233BA03727} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {6E62607A-A35F-40C0-8F80-E2C36B212A02} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyb oardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2179792 2013-05-13] (Microsoft Corporation -> Microsoft)
Task: {6E8648CE-0E52-48D2-851F-17A79C334E78} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe
Task: {776D0E2E-4453-445C-9DAF-D36387F055DC} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe
Task: {77CCD346-000C-4879-AD86-4593016FA8D7} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2108624 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {7AC189AF-7198-46AE-AAC5-C9E80539CC24} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-12-19] (Google Inc -> Google Inc.)
Task: {8104CE8F-1675-47ED-85F8-1C7A7ABC903C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1491664 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {8331C3DD-5990-4F43-8B2C-2CB9B6765CA2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {A1041D8C-12FA-417A-AAA6-6AC8DE9AEE4E} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {A2080677-F342-4763-97C0-B18542DEE646} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_ 0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe)
Task: {B7B8E81D-307B-4C1F-9CF8-633D619CFA41} - System32\Tasks\{F4F46FA1-7FD6-4681-A330-8AD497C43C02} => C:\Windows\system32\pcalua.exe -a "C:\Users\Hans\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\5XOIFA2S\WBSP_IE_Setup.exe" -d C:\Users\Hans\Desktop
Task: {BEBA5329-B275-46AA-9B33-842800D3B30A} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_ exe => rundll32.exe url.dll,OpenURL http://go.microsoft.com/fwlink/?LinkID=230628
Task: {D788AB35-C928-481C-AE04-49F6A2E2CD42} - System32\Tasks\{FCEF3078-6348-4EF2-A133-EA5922813B83} => C:\Windows\system32\pcalua.exe -a C:\Users\Hans\Downloads\WBSP_IE_Setup.exe -d C:\Users\Hans\Desktop
Task: {DA526EE1-9119-49D3-A2EB-D46AC198046E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
Task: {DDD9C578-3B5F-4035-99FD-B3C48CC2126D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-12-19] (Google Inc -> Google Inc.)
Task: {E4F6B829-35D7-4354-9AA1-B10A7AC332F3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [569416 2016-02-23] (Apple Inc. -> Apple Inc.)
Task: {EC0AC83F-1CB1-4464-A104-888B1807169E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_ex e => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2108624 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {EEE16815-66A5-4908-BAEB-30D61334AE14} - System32\Tasks\{E22B9F1E-B872-4306-8F1C-2D709707F048} => C:\Windows\system32\pcalua.exe -a "C:\Users\Hans\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\MQ3KEK3B\PCHCInstallerPackage.ex e" -d C:\Users\Hans\Desktop
Task: {EEEAA326-2308-475C-99AF-BABE00811BD0} - System32\Tasks\{1D7851FC-923C-4BF0-9EF7-98C14DFD5E08} => C:\Windows\system32\pcalua.exe -a "C:\Users\Hans\Downloads\Shockwave_Installer_S lim 11.6.1.629.exe" -d C:\Users\Hans\Downloads
Task: {F15BA0EF-5B72-42B2-B343-928E8E85294F} - System32\Tasks\ProtonVPN Update => C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-10-06] (ProtonVPN AG -> )

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 09 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.18.0.1
Tcpip\..\Interfaces\{66647859-4A98-410D-A6EA-64B8B46ABB45}: [NameServer] 209.18.47.61,209.18.47.62
Tcpip\..\Interfaces\{7E5C2F57-B30D-4B48-80C9-D5628F55B906}: [DhcpNameServer] 10.18.0.1
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.0.1,-1]

FireFox:
========
FF ProfilePath: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Prof iles\mwg4kyqa.default [2020-04-12]
FF Extension: (HydraReader Class) - C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Prof iles\mwg4kyqa.default\Extensions\{37D4A353-C49B-8A56-4230-FE2A6C825946} [2014-11-06] [Legacy] [not signed]
FF Extension: (WOT) - C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Prof iles\mwg4kyqa.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-11-02] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_ 465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_ 465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2013-06-26] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.) [File not signed]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google Inc. -> Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN -> VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp .dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default [2021-01-16]
CHR DownloadDir: N:\
CHR StartupUrls: Default -> "hxxps://www.google.com/?gws_rd=ssl"
CHR DefaultSearchURL: Default -> hxxps://vortex.accuweather.com/adc2010/images/favicons/awx-2013-master.ico
CHR Extension: (Slides) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2017-10-17]
CHR Extension: (Sparta: War of Empires) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcokacflmihcgkgjofglkhobj kheeic [2016-01-16]
CHR Extension: (Docs) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2017-10-17]
CHR Extension: (Google Drive) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2020-10-30]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpb ikblnp [2021-01-12]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkop ceiche [2021-01-12]
CHR Extension: (YouTube) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2015-12-19]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddi lifddb [2020-12-24]
CHR Extension: (OneTab) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkd nihall [2020-09-21]
CHR Extension: (uBlock Origin) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjb keiagm [2021-01-12]
CHR Extension: (Google Search) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2015-12-19]
CHR Extension: (Tab Restore) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbndgjfafojhfndfgpcibceghe lbbnep [2018-02-04]
CHR Extension: (Session Buddy) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbc dcpbko [2020-05-13]
CHR Extension: (Recent History) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbmkfdfomhhlonpbnpiibloace mdhjjm [2019-12-23]
CHR Extension: (Sheets) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2017-10-17]
CHR Extension: (History Button) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofpnhmbgmmeaialapfddhbhfo ngoinh [2018-02-04]
CHR Extension: (2nd Toolbar Spacer) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplioachhfdbehddoehahffjbc feinid [2018-02-04]
CHR Extension: (Fair Ads) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagfkmknmijppikpcikmbbkdkh ggcmge [2017-05-29]
CHR Extension: (Google Docs Offline) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2020-11-27]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbi glidom [2021-01-15]
CHR Extension: (VPN Free - Betternet Unlimited VPN Proxy) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpo ekiipm [2020-10-18]
CHR Extension: (Hola Free VPN Proxy Unblocker - Best VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfb nlmeio [2021-01-12]
CHR Extension: (Toolbar Spacer) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\golladjmjodbefcoombodcdhim kmgemd [2018-02-04]
CHR Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcna nddlhb [2021-01-06]
CHR Extension: (Open in VLC™ media player) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihpiinojhnfhpdmmacgmpoonph himkaj [2021-01-01]
CHR Extension: (Recently Closed) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\khiocfdofmabcpofejbffpboco abcjib [2020-07-24]
CHR Extension: (Zoom for Google Chrome) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojik agldgd [2020-08-13]
CHR Extension: (Fair AdBlocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdh pknnjh [2020-10-18]
CHR Extension: (Extensions) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjcdccmhfohhffdhmleihkcge fgnghb [2020-05-13]
CHR Extension: (Oriental, NC Interactive Weather Rada...) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbkkhmpidoemedicppkhfklljp pccaan [2018-01-29]
CHR Extension: (Free VPN Proxy Unlimited VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mojliakllambnopeaalgddbiip ohdgol [2020-12-16]
CHR Extension: (Hotspot Shield Free VPN Proxy - Unlimited VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloa ajcffj [2020-10-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2019-10-14]
CHR Extension: (Weather Forecast) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofobaelkgcpicbdoabokjlnmdc bjellg [2020-06-13]
CHR Extension: (Bookmarks) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogpfecfneobbmjefimpeomoelo ahjmcm [2019-10-31]
CHR Extension: (AdBlocker Ultimate) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohahllgiabjaoigichmmfljhkc fikeof [2020-12-09]
CHR Extension: (TunnelBear VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookp fjihpa [2021-01-06]
CHR Extension: (Browsec VPN - Free VPN for Chrome) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdo dcjboh [2021-01-06]
CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofgbpoabipfcfjapgnbbjjaen ockbdp [2020-10-18]
CHR Extension: (uBlock Plus Adblocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofnbdifeelbaidfgpikinijek kjcicg [2018-02-06]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjp fogcam [2020-12-25]
CHR Extension: (VLC Video Downloader) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pggkpkppiimfmjhlnkdhaleiom ejgedd [2018-12-21]
CHR Extension: (Gmail) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2020-10-30]
CHR Extension: (Chrome Media Router) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2020-12-14]
CHR Profile: C:\Users\Hans\AppData\Local\Google\Chrome\User Data\System Profile [2019-05-24]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft, Inc. -> ArcSoft Inc.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc. -> Apple Inc.)
R2 GenieTimelineService; C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimelineService.exe [671744 2016-12-18] (Genie9) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2823000 2010-08-25] (Symantec Corporation -> Dell, Inc.)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [2136056 2020-01-23] (Plex, Inc. -> Plex, Inc.)
R3 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [99136 2020-10-06] (ProtonVPN AG -> )
R3 ProtonVPN Update Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-10-06] (ProtonVPN AG -> )
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1326176 2012-07-25] (Secunia -> Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [681056 2012-07-25] (Secunia -> Secunia)
R2 SftService; C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [1695040 2012-02-16] (Dell Inc -> SoftThinks SAS)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [253912 2019-10-30] (Synology Inc. -> )
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292480 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R3 busenum; C:\Windows\System32\DRIVERS\busenum.sys [55776 2012-08-03] (Synology Inc. -> Windows (R) Win 7 DDK provider)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 ProtonVPNSplitTunnel; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win7\ProtonVPN.SplitTun nelDriver.sys [22456 2020-08-19] (ProtonVPN AG -> Proton Technologies AG)
R3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [39864 2020-08-19] (ProtonVPN AG -> The OpenVPN Project)
R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2016-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [23200 2015-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
S3 MpKsl323b3910; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BFC668F6-368B-4AB5-8795-4CA4B6CACD86}\MpKslDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-16 09:46 - 2021-01-16 09:47 - 000033066 _____ C:\Users\Hans\Desktop\FRST.txt
2021-01-16 09:45 - 2021-01-16 09:45 - 000000000 ____D C:\Users\Hans\Desktop\FRST-OlderVersion
2021-01-15 16:15 - 2021-01-15 16:15 - 000006544 ____N C:\bootsqm.dat
2021-01-14 16:23 - 2021-01-14 16:23 - 000270880 _____ C:\Windows\Minidump\011421-28126-01.dmp
2021-01-13 10:15 - 2021-01-13 10:15 - 000269888 _____ C:\Windows\Minidump\011321-27846-01.dmp
2021-01-12 18:22 - 2021-01-16 09:45 - 000002836 _____ C:\Users\Hans\Desktop\BSOD post1.txt
2021-01-12 17:38 - 2021-01-12 17:38 - 000000207 _____ C:\Windows\tweaking.com-regbackup-PC-Windows-7-Home-Premium-(64-bit).dat
2021-01-12 17:38 - 2021-01-12 17:38 - 000000000 ____D C:\RegBackup
2021-01-12 17:31 - 2021-01-12 17:31 - 000002165 _____ C:\Users\Hans\Desktop\Tweaking.com - Windows Repair.lnk
2021-01-12 17:31 - 2021-01-12 17:31 - 000000574 _____ C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2021-01-12 17:31 - 2021-01-12 17:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2021-01-12 17:31 - 2021-01-12 17:31 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2021-01-12 17:10 - 2021-01-12 17:10 - 000278504 _____ C:\Windows\Minidump\011221-25646-01.dmp
2021-01-12 16:10 - 2021-01-12 16:10 - 000000266 _____ C:\Users\Hans\Downloads\BSOD post.txt
2021-01-12 15:51 - 2021-01-12 17:32 - 001070107 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2021-01-12 15:50 - 2021-01-12 15:50 - 040931680 _____ (Tweaking.com) C:\Users\Hans\Desktop\tweaking.com_windows_repair_ aio_setup.exe
2021-01-11 09:47 - 2021-01-11 09:51 - 000066931 _____ C:\Users\Hans\Desktop\Addition1.txt
2021-01-11 09:46 - 2021-01-11 09:51 - 000032519 _____ C:\Users\Hans\Desktop\FRST1.txt
2021-01-10 18:07 - 2021-01-16 09:45 - 002294784 _____ (Farbar) C:\Users\Hans\Desktop\FRST64.exe
2021-01-06 15:20 - 2021-01-06 15:20 - 000278504 _____ C:\Windows\Minidump\010621-23337-01.dmp
2021-01-06 14:50 - 2021-01-16 08:56 - 000457438 _____ C:\Windows\ntbtlog.txt
2021-01-06 14:50 - 2021-01-06 14:50 - 000278504 _____ C:\Windows\Minidump\010621-24133-01.dmp
2021-01-06 14:49 - 2021-01-06 14:49 - 000278504 _____ C:\Windows\Minidump\010621-19125-01.dmp
2021-01-06 14:47 - 2021-01-06 14:47 - 000278560 _____ C:\Windows\Minidump\010621-23306-01.dmp
2020-12-31 12:49 - 2020-12-31 12:49 - 000001194 _____ C:\Users\Public\Desktop\Synology Assistant.lnk
2020-12-31 12:49 - 2020-12-31 12:49 - 000001194 _____ C:\ProgramData\Desktop\Synology Assistant.lnk
2020-12-31 12:49 - 2020-12-31 12:49 - 000000000 ____D C:\ProgramData\Synology
2020-12-31 12:49 - 2020-12-31 12:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology
2020-12-31 11:46 - 2020-12-31 12:49 - 000000000 ____D C:\Program Files (x86)\Synology

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-16 09:47 - 2014-11-20 18:54 - 000000000 ____D C:\FRST
2021-01-16 08:54 - 2009-07-13 23:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-01-16 08:54 - 2009-07-13 23:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-01-16 08:48 - 2009-07-14 00:13 - 000783424 _____ C:\Windows\system32\PerfStringBackup.INI
2021-01-16 08:48 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2021-01-16 08:44 - 2019-08-17 18:01 - 000000000 ____D C:\Users\Hans\AppData\Local\Plex Media Server
2021-01-16 08:43 - 2012-09-12 15:47 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2021-01-16 08:43 - 2011-08-17 20:36 - 000000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2021-01-16 08:43 - 2011-08-17 20:36 - 000000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2021-01-16 08:41 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-01-16 00:29 - 2020-10-25 13:15 - 000000000 ____D C:\Users\Hans\Desktop\stuff
2021-01-16 00:28 - 2015-01-07 18:26 - 000000000 ____D C:\Users\Hans\Documents\New Stuff
2021-01-14 16:35 - 2015-12-19 20:01 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-14 16:35 - 2015-12-19 20:01 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-01-14 16:35 - 2015-12-19 20:01 - 000002185 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-01-14 16:23 - 2020-09-21 19:04 - 204272159 _____ C:\Windows\MEMORY.DMP
2021-01-14 16:23 - 2015-11-05 09:22 - 000000000 ____D C:\Windows\Minidump
2021-01-12 22:35 - 2019-04-06 21:32 - 000000000 ____D C:\Users\Hans\AppData\Roaming\Resilio Sync
2021-01-11 11:01 - 2018-02-03 21:46 - 000000000 ____D C:\Users\Hans\AppData\Roaming\vlc
2021-01-06 15:05 - 2011-12-26 14:34 - 000000000 ____D C:\Users\Hans\AppData\Local\ElevatedDiagnostics
2021-01-02 18:58 - 2014-11-07 01:30 - 000000000 ____D C:\Users\Hans\Downloads\New Downloads
2020-12-24 17:44 - 2011-12-26 15:18 - 000000000 ____D C:\Users\Hans\AppData\Roaming\SoftGrid Client
2020-12-19 15:24 - 2011-12-26 10:20 - 000075248 _____ C:\Users\Hans\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Files in the root of some directories ========

2014-11-12 17:42 - 2014-11-12 17:42 - 000000272 _____ () C:\Users\Hans\AppData\Roaming\DECRYPT_INSTRUCTION. URL
2014-11-12 17:41 - 2014-11-12 17:41 - 000000272 _____ () C:\Users\Hans\AppData\Roaming\Microsoft\DECRYPT_IN STRUCTION.URL
2012-12-13 07:48 - 2019-12-15 17:14 - 000164864 _____ () C:\Users\Hans\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-12 17:39 - 2014-11-12 17:39 - 000000272 _____ () C:\Users\Hans\AppData\Local\DECRYPT_INSTRUCTION.UR L
2012-04-01 19:23 - 2012-04-01 19:23 - 000000022 _____ () C:\Users\Hans\AppData\Local\kodakpcd.ini
2012-01-09 11:17 - 2020-06-09 19:57 - 000007613 _____ () C:\Users\Hans\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-01-14 19:05
==================== End of FRST.txt ========================
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
bsod Windows 7 bgled Windows 7 6 January 31st, 2011 10:05 PM
BSOD help on Windows 7 pwrmngr Windows 7 5 December 20th, 2010 06:56 PM
Windows 7 consistent BSOD ThePhoenixLives Windows 7 34 August 30th, 2010 11:36 PM
bsod bsod bsod bsod Driving Me Insane Ban Windows XP 1 December 24th, 2007 11:42 PM
Windows XP BSOD Izlude Windows XP 3 October 18th, 2003 12:56 AM


All times are GMT +1. The time now is 11:16 AM.